This article describes what a jump server object is used for.
A jump server is an intermediary server through which external agents, such as the Venafi Trust Protection Platform (TPP), can access a device behind a firewall. If a jump server is required to access a device behind a firewall, the Jump Server object provides the information TPP needs to communicate with the target device(s) via the jump server. Jump server may use either username and password or private key for authentication. The target device and application can’t use private key for authentication.
TPP can both install and extract certificates and private keys through the jump server. Many system operations—including on-board validation—take place via the jump server. TPP never accesses the jump server’s associated application(s) directly. Jump servers are not supported by all applications, please check the application specific Venafi documentation. The jump server connection goes over SSH.
When TPP provisions certificates to servers that require a jump server connection, it securely copies the certificate and private key to the jump server. When the files are no longer needed, TPP removes the files from the jump server.
Jump Servers are created and managed in the Policy tree. In the Policy tree hierarchy, Jump Server objects are created under Policy objects. Device objects can be created under Jump Server objects.