Jump host

A jump host is a hardened intermediary server that users connect to first in order to reach systems located in a more restricted or sensitive network segment, such as an OT network or a production cell. It acts as a controlled gateway between less trusted networks (for example, the corporate IT network or the internet) and highly protected environments.

How a jump host is used

In industrial and manufacturing environments, a jump host commonly sits between IT and OT networks, or between external partners and internal systems. Typical uses include:

• Remote access to control systems, HMIs, historians, or MES nodes on an OT network
• Administrative access to servers located in a DMZ or high-security segment
• Vendor or integrator access to specific plant systems without exposing the full network
• Centralizing and monitoring privileged activities, such as patching, configuration, and troubleshooting

Access through a jump host is usually limited to specific protocols (for example, SSH, RDP, or secure web interfaces) and may be combined with multi-factor authentication, session logging, and strict role-based permissions.

Key characteristics

• Network position: Placed at a boundary between security zones, often in a DMZ or dedicated access segment.
• Hardened configuration: Reduced attack surface, restricted services, and tightly controlled user accounts.
• Monitoring point: Commands, file transfers, and session activity can be logged for security, audit, and troubleshooting.
• Limited purpose: Intended mainly for access mediation, not for running business applications or production workloads.

Common confusion

• Jump host vs. VPN: A VPN provides an encrypted tunnel into a network, while a jump host is a specific endpoint inside or at the edge of that network where users land and then pivot to other systems. They are often used together.
• Jump host vs. bastion host: The terms are frequently used interchangeably. “Bastion host” is more common in security architecture diagrams, while “jump host” emphasizes the operational use as a stepping stone to other systems.
• Jump host vs. remote desktop server: A remote desktop server delivers applications or desktops to users. A jump host may use remote desktop technology but is primarily a security control for mediated access.

Operational relevance in manufacturing

Within plants and regulated manufacturing environments, jump hosts are commonly used to separate corporate IT networks from OT networks that run production lines, utilities, or building management systems. They help enforce network segmentation, reduce direct exposure of equipment such as PLCs and SCADA servers, and centralize oversight of administrative and vendor access to critical systems.