Jump servers are often placed between a secure zone and a DMZ to provide transparent management of devices on the DMZ once a management session has been established. The jump server acts as a single audit point for traffic and also a single place where user accounts can be managed. A prospective administrator must log into the jump server in order to gain access to the DMZ assets and all access can be logged for later audit.
A typical configuration is a hardened Unix [or Unix-like] machine configured with SSH and a local firewall. An administrator connects to a target machine in the DMZ by making an SSH connection from the administrator's personal computer to the jump server and then using SSH forwarding to access the target machine.
Using an SSH tunnel to the target host allows the use of insecure protocols to manage servers without creating special firewall rules or exposing the traffic on the inside network.
A typical configuration is a Windows server running Remote Desktop Services that administrators connect to, this isolates the secure infrastructure from the configuration of the administrator's workstation.[1]