

Is the Jump Box Obsolete? - xref
http://radar.oreilly.com/2014/01/is-the-jump-box-obsolete.html

======
xref
The author seems to have a solution to sell so that puts me on alert, but this
is the only post I could find suggesting bastion hosts are not a good idea.

This HN thread has a lot of back and forth on bastions vs VPNs:
[https://news.ycombinator.com/item?id=8637154](https://news.ycombinator.com/item?id=8637154)

Basically, I'm trying to migrate our bare metal servers into an AWS and am
looking for best practices. I've more or less followed this guide so far:
[http://blog.bwhaley.com/reference-vpc-
architecture](http://blog.bwhaley.com/reference-vpc-architecture)

~~~
stephengillie
I think jump servers are like app pools in IIS - they're not necessarily a
good idea anymore, and can introduce problems, but they're not "considered
harmful" yet.

------
stephengillie
These days, I see jump boxen used for routing reasons more than security. VPNs
won long ago.

A user may be permitted to connect from their laptop to a specific server, but
not be able to route there. This is common when navigating dispirate networks
- i.e. VPN to router to VDI to virtual switch to office to datacenter to
managed appliance to VM. It's usually cheaper and easier to have users RDP
thru a middle server than have a network architect troubleshoot.

