U-Series Appliance Administration Guide
This guide provides information on managing the U-Series Appliance. This guide is intended for network security administrators responsible for protecting their organization's computing assets.
Once you have named your U-Series Appliance, it cannot be renamed. If at any point you need to rename the appliance, you must either re-image (if it is a physical appliance) or re-deploy the image (if it is a virtual appliance).
To manage your U-Series Appliance, you must first log in to BeyondInsight.
- In a web browser, enter the URL to access BeyondInsight, such as https://<server>/.
- The SSL certificate warning window displays. The SSL certificate automatically created for the U-Series Appliance ensures encrypted communications.
We recommend that you replace the automatically generated certificate with a valid certificate issued by a certificate authority. Check the box to not display the information page again. Browser warnings are displayed until the SSL certificate is installed or a valid certificate is obtained.
- The BeyondInsight Login page displays. Enter the username and the password you created in the Deployment & Configuration Wizard, and then click Login.
For more information about using BeyondInsight, please see the BeyondInsight documentation.
Access the U-Series Appliance Website
- In a web browser, enter the URL to access the U-Series Appliance, such as https://<Appliance-IP-Address>/appliance.
- For the initial login, enter the following information:
- Username: The administrator username created using the Deployment & Configuration Wizard.
- Password: The administrator password created using the Deployment & Configuration Wizard.
- Click Log In.
Session timeout applies to all U-Series Appliance websites: Home (Dashboard), Network, Integrations, Features and Services, Software and Licensing, Business Continuity, and Security and Compliance. The session timeout value cannot be configured.
- The U-Series Appliance Home (Dashboard) page appears. The machine name, IP address, date, time, and time zone are displayed at the top of the U-Series Appliance console window, and are visible at all times.
Users with sufficient permissions, have the option to log in to the U-Series Appliance directly from the Assets grid in BeyondInsight. For more information, please see U-Series Appliance, in the BeyondInsight User Guide.
U-Series Appliance login activity appears in the BeyondInsight User Audits grid.
If the Windows environment is currently not activated, you can activate it on the Product Licensing page.
- From the left menu, under Software and Licensing, click Product Licensing.
- Click the Microsoft tab.
- If using the Windows Server License option, enter a Microsoft Product Key.
- If using the Key Management Service option, enter a Volume License Key, and then enter the KMS key.
- Click Activate Windows.
If there is no internet connection (for example, in an air-gap environment), you must perform the activation by phone.
Request Product Updates
- From the left menu, under Software and Licensing, click Installed Software.
- From the Installed Software page, you can view a list of all the software and their versions that is installed on this appliance.
- If any of your updates failed, click the BeyondTrust Updater link above the list of products to be taken to the BT Updater site where you can retry downloading the update.
Manage Security Updates
BeyondTrust provides a bundle of Microsoft patches in a security update package. All updates are tested and approved by BeyondTrust to ensure that updates do not interfere with the proper operation of the U-Series Appliance. The packages are updated when new patches are available from Microsoft.
In U-Series Appliance versions 1.3 or later, a security update package installer ships with your U-Series Appliance. When a new package is copied to the update server, then those updates can be received by your U-Series Appliance.
If you are working in an air-gap environment, we recommend using BT Updater Enterprise to download update packages. Using BT Updater Enterprise gives you more flexibility in the updates you download and when. For more information, please see BT Updater Enterprise User Guide.
For more information about the updates included in the package, contact BeyondTrust Technical Support.
Security Update Package Types
- Security Patches for Windows Server: Microsoft Windows Updates for the server operating system, screened by BeyondTrust.
- Security Patches for SQL Server: SQL Server service packs and security updates that may be released from Microsoft, screened by BeyondTrust.
- U-Series Appliance Environment: Packages created by BeyondTrust to change system settings, such as: file, registry or system changes, or updates not integrated in Windows Updates.
- U-Series Appliance Supporting Software: Packages created by BeyondTrust to deliver updates to software that may not be from BeyondTrust but are essential to the operation of the U-Series Appliance.
Apply Security Updates
You can create update schedules for more than one appliance at a time. You must ensure that API keys are exchanged to set up proper communication between appliances.
As best practice when setting up schedules in a multi-appliance environment, select one appliance as your console and always create schedules from that appliance.
New updates delivered to the appliance are added to the grid automatically every 15 minutes, for both the local appliance and remote appliances. A page refresh on the local appliance updates the current available packages for the local appliance only.
To apply the updates:
- From the left menu, under Software and Licensing, click Security Updates.
- To see information about updates, click the vertical ellipsis for an appliance, and then select Security Update Details from the menu. A page displays all available updates ready to apply and any update applied in the last 24 hours.
- If you are working in a multi-appliance environment, select each appliance you want to include in the schedule. Otherwise, select a single appliance.
- Click Schedule Security Update.
- Select when you want to run the update:
- Schedule Security Update: Includes the available packages in the scheduled time frame. If a new package is received before the scheduled run time starts, then the new package is not included. A new schedule must be created to include those new packages. A package that fails to update remains in the list of available updates. The update is automatically included in any new schedule created and attempts to update when that schedule runs.
- Run Security Update Now: Runs the update immediately.
- Select either Appliance Time Zone or Browser Time Zone to run the update.
- Set the Date and TIme.
The browser time zone is the local time of the administrator running the U-Series Appliance management console. The schedule for both time zones is displayed regardless of the time zone selected in step 6. You can then review the scheduled times in each time zone to determine if the time is suitable to run the updates.
- Click Create Schedule.
For more information about API keys, please see Manage U-Series Appliance Security Settings.
View Update History for Security Updates
- From the left menu, under Software and Licensing, click Security Updates.
- Click the vertical ellipsis for an appliance, and then select Security Update History from the menu. The page displays the historical records of previously applied patches. The list is organized by the types of packages (subscriptions).
Configure U-Series Appliance General Settings
Adjust Date and Time Settings
You must synchronize date and time settings for your U-Series Appliance.
- From the left menu, under Integrations, click Date and Time Configuration.
- Select the Time Zone for the appliance.
- By default, the Adjust for daylight savings time automatically setting is enabled. If you don't want the time to be adjusted automatically for daylight savings, click the toggle to disable this option.
- In the Date and Time section, select one option to synchronize date and time:
- If you select the Network Time Protocol (NTP) option, type the NTP Server Name, and then to verify the connection, click Query NTP Server.
- If you select the Manually Configure Date and Time option, click the Date Picker, and then select the date.
- To set the time, check the Set Time box, and then click the Set Time tool and set the time, in hours, minutes, and seconds.
- Click Save Date and Time Synchronization.
Configure Profile Settings
You can set your U-Series Appliance profile settings and preferences, as follows:
- At the top right of the console, click Profile.
- Click Change Email to change the email account associated with the current logged in user account.
- Under Preferences, use the dropdowns to:
- Select the color scheme to use. The default is BeyondTrust Brand Color. If you prefer to avoid bright screens and reduce eye strain, select Dark Mode Colors.
- Select the language to use (when those languages are available). The default is English (United States).
Configure LCD Panel Settings
This feature is available only if working on a physical (hardware) appliance.
- From the left menu, under Security and Compliance, click LCD Panel.
- You can turn on the following settings:
- Allow LCD Panel to Reset Administrator Password: Turn on to allow you to reset the admin password to a random password from the LCD panel. On the U-Series Appliance LCD panel, select Show IP. Hold the up and down arrows simultaneously. A random password is generated. Press the check button to accept the changed password.
- Buttons on LCD Panel: Turn off to disable all the LCD panel buttons.
- Click Update LCD Panel Settings.
Configure Pre-login Banner Settings
The pre-login banner displays a message to any user who attempts to log in to the appliance software. The pre-login message banner is useful for enforcing security or compliance policy; for example, to inform the user all activities are logged.
- From the left menu, under Security and Compliance, click Pre-login Banner.
- Click the toggle to enable the Pre-login Banner option.
- Enter a title and message you want to appear before the login credentials page is displayed to the user.
- Click Update Pre-Login Banner Settings.
Join a U-Series Appliance to a Domain
Joining a U-Series Appliance to a domain is not recommended. However, if required for your deployment, please contact your BeyondTrust representative for assistance.