- A new UVM appliance model is available without MS SQL Server to lower costs, provide flexible architectures, and lower resource requirements for advanced architectures or clients that have existing MS SQL infrastructures
- New functionality provides automatic restoration of backups to a Cold Spare for Disaster Recovery and lab testing
- UVMs are now permitted to join a Windows Domain under specific conditions
- The addition of the BT Server Hardening Utility 1.0 for software installations of BeyondTrust software to mimic hardening used on appliances
- UVM VMWare 6.5 virtual appliance support
- Two-factor authentication with Radius on the UVM for appliance management accounts
UVMs without MS SQL ServerBeyondTrust is offering a brand-new UVM appliance without MS SQL Server. MS SQL Server is not installed, has no associated costs, and requires a remote MS SQL Server to work either on another UVM appliance or one supplied by the organization. This configuration is ideal for organizations that are leveraging more than one appliance to save costs or have existing MS SQL clusters that can be leveraged for BeyondTrust technology.
UVM Cold SpareBased on customer feedback, Cold Spare use cases have become a required component in many architectures. Typically, these involve the purchase of a 3rd UVM to remain idol with a recent database and keys as a cold spare, standby system. The backup from the primary can be restored at any time with the same functionality, and resume operation in a short period of time; normally under 20 minutes. This process is fully automated and allows for daily backup and recovery natively in the appliance diagnostics menu. For a representation of this new capability, please see the screenshot below.
UVM Appliances on a Windows Active Directory DomainBeyondTrust will now support the addition of UVM appliances to be joined to a Windows Active Directory Domain under specific circumstances and using strict settings, including:
- Joining a UVM appliance to a Domain is allowed when internal policy requires it or when Windows Authentication is required for remote MS SQL connectivity (typically for regulatory compliance).
- UVM appliances must be in their own OU and have Block Inheritance Enabled in order to preserve appliance hardening and update settings.
- Appliances will detect this change and report accordingly if there is a problem.
Server Hardening UtilityMany clients choose the software version of BeyondTrust solutions in lieu of appliances. To that end, they would like hardened software installations with the same best practices to avoid an incident. BeyondTrust has taken these settings and now made them available in a standalone utility to perform client-side hardening on any supported Windows Server using LocalGPO. This allows for:
- The Hardening Policy applied by BeyondTrust development during the creation of a UVM Appliance is now available as a utility for software installs by end users, partners, and professional services.
- The tool utilizes Microsoft’s LocalGPO tool to apply local policy settings such that settings can be edited and reviewed by the end user.
- The tool first executes a comparison against the local settings in order to troubleshoot “un-hardening” if a problem arises.
- Support for Microsoft Windows 2008-R2 and 2012-R2.