BeyondTrust
BeyondTrust is pleased to announce UVM Appliance version 2.2. This new version of our privileged access management and vulnerability management appliance software enhances functionality and capabilities for new and existing UVM appliances. Enhancements include the following:
  • A new UVM appliance model is available without MS SQL Server to lower costs, provide flexible architectures, and lower resource requirements for advanced architectures or clients that have existing MS SQL infrastructures
  • New functionality provides automatic restoration of backups to a Cold Spare for Disaster Recovery and lab testing
  • UVMs are now permitted to join a Windows Domain under specific conditions
  • The addition of the BT Server Hardening Utility 1.0 for software installations of BeyondTrust software to mimic hardening used on appliances
  • UVM VMWare 6.5 virtual appliance support
  • Two-factor authentication with Radius on the UVM for appliance management accounts
Read below for more details on these new enhancements.

UVMs without MS SQL Server

BeyondTrust is offering a brand-new UVM appliance without MS SQL Server. MS SQL Server is not installed, has no associated costs, and requires a remote MS SQL Server to work either on another UVM appliance or one supplied by the organization. This configuration is ideal for organizations that are leveraging more than one appliance to save costs or have existing MS SQL clusters that can be leveraged for BeyondTrust technology.

UVM Cold Spare

Based on customer feedback, Cold Spare use cases have become a required component in many architectures. Typically, these involve the purchase of a 3rd UVM to remain idol with a recent database and keys as a cold spare, standby system. The backup from the primary can be restored at any time with the same functionality, and resume operation in a short period of time; normally under 20 minutes. This process is fully automated and allows for daily backup and recovery natively in the appliance diagnostics menu. For a representation of this new capability, please see the screenshot below.

UVM Appliances on a Windows Active Directory Domain

BeyondTrust will now support the addition of UVM appliances to be joined to a Windows Active Directory Domain under specific circumstances and using strict settings, including:
  • Joining a UVM appliance to a Domain is allowed when internal policy requires it or when Windows Authentication is required for remote MS SQL connectivity (typically for regulatory compliance).
  • UVM appliances must be in their own OU and have Block Inheritance Enabled in order to preserve appliance hardening and update settings.
  • Appliances will detect this change and report accordingly if there is a problem.

Server Hardening Utility

Many clients choose the software version of BeyondTrust solutions in lieu of appliances. To that end, they would like hardened software installations with the same best practices to avoid an incident. BeyondTrust has taken these settings and now made them available in a standalone utility to perform client-side hardening on any supported Windows Server using LocalGPO. This allows for:
  • The Hardening Policy applied by BeyondTrust development during the creation of a UVM Appliance is now available as a utility for software installs by end users, partners, and professional services.
  • The tool utilizes Microsoft’s LocalGPO tool to apply local policy settings such that settings can be edited and reviewed by the end user.
  • The tool first executes a comparison against the local settings in order to troubleshoot “un-hardening” if a problem arises.
  • Support for Microsoft Windows 2008-R2 and 2012-R2.
For a representation of this utility, please see the screenshot below.

UVM Appliance Radius Support

Per security best practices, UVM appliances can now have their administrative accounts managed by a 2FA Radius server. This feature configures the UVM to use the same Radius server that has been previously set up in BeyondInsight for standard users. In case of a Radius fault, a BeyondInsight administrator can temporary disable 2FA to allow appliance access or use UVM Emergency Access to turn off any configured Radius server physically from the appliance LCD panel.

UVM VMware 6.5 Support

BeyondTrust UVM appliances now support VMWare 6.5 and the new HTML 5 web management client and vSphere client. For more information on UVM appliances, please reference our updated data sheet. For more information, contact us today.

Morey J. Haber

CISO at BeyondTrust

Morey J. Haber is Chief Technology Officer and Chief Information Security Officer at BeyondTrust. He has more than 25 years of IT industry experience and has authored four Apress books: Privileged Attack Vectors (2 Editions), Asset Attack Vectors, and Identity Attack Vectors. In 2018, Bomgar acquired BeyondTrust and retained the BeyondTrust name. He originally joined BeyondTrust in 2012 as a part of the eEye Digital Security acquisition. Morey currently oversees BeyondTrust strategy for privileged access management and remote access solutions. In 2004, he joined eEye as Director of Security Engineering and was responsible for strategic business discussions and vulnerability management architectures in Fortune 500 clients. Prior to eEye, he was Development Manager for Computer Associates, Inc. (CA), responsible for new product beta cycles and named customer accounts. He began his career as Reliability and Maintainability Engineer for a government contractor building flight and training simulators. He earned a Bachelor of Science degree in Electrical Engineering from the State University of New York at Stony Brook.

Stay Up To Date

Get the latest news, ideas, and tactics from BeyondTrust. You may unsubscribe at any time.

I agree to receive product related communications from BeyondTrust as detailed in the Privacy Policy, and I may manage my preferences or withdraw my consent at any time.

You May Also Be Interested In: