U-Series Appliance Administration Guide

This guide provides information on managing the U-Series Appliance. This guide is intended for network security administrators responsible for protecting their organization's computing assets.

 

Once you have named your U-Series Appliance, it cannot be renamed. If at any point you need to rename the appliance, you must either re-image (if it is a physical appliance) or re-deploy (if it is a virtual appliance) the image.

Access BeyondInsight

To manage your U-Series Appliance, you must first log in to BeyondInsight.

  1. In a web browser, enter the URL to access BeyondInsight, such as https://<server>/.
  1. The SSL certificate warning window displays. The SSL certificate automatically created for the U-Series Appliance ensures encrypted communications.

    We recommend that you replace the automatically generated certificate with a valid certificate issued by a certificate authority. Check the box to not display the information page again. The Internet Explorer warnings will be displayed until the SSL certificate is installed or a valid certificate is obtained.

  1. The BeyondInsight Login page displays. Enter the username and the password you created in the configuration wizard, and then click Login.

For more information about using BeyondInsight, please see the BeyondInsight documentation.

Access the U-Series Appliance Web Site

  1. In a web browser, enter the URL to access the U-Series Appliance, such as https://<Appliance-IP-Address>/Maintenance.
  2. For the initial login, enter the following information:
    • Username: The administrator username created using the configuration wizard.
    • Password: The administrator password created using the configuration wizard.
A user can be logged in to a U-Series Appliance web site for fourteen minutes. After twelve minutes, a message displays, indicating that the session will expire in two minutes. The user must log back in to the website after the session expires.

Session timeout applies to all U-Series Appliance websites: Roles Editor, Maintenance, Diagnostics, and High Availability. The session timeout value cannot be configured.

Activate Windows

If the Windows environment is currently not activated, you can activate it on the Maintenance web site.

  1. From the Maintenance menu, select Accounts and Licensing.
  2. Click one of the following:
    • Activate Online: Select when you have an Internet connection.
    • Activate By Phone: Select if there is no Internet connection (for example, in an air-gap environment).

Request Product Updates

U-Series Appliance Software Versions info page

On the BeyondTrust Updates page, you can view the version numbers for the BeyondTrust products that you are licensed to use.

To request updates, click Request Update. The update of the U-Series Appliance and BeyondInsight database starts.

 

Security Updates

BeyondTrust provides a bundle of Microsoft patches in a security update package. All updates are tested and approved by BeyondTrust to ensure that updates do not interfere with the proper operation of the U-Series Appliance. The packages are updated when new patches are available from Microsoft.

In U-Series Appliance versions 1.3 or later, a security update package installer ships with your U-Series Appliance. When a new package is copied to the update server, then those updates can be received by your U-Series Appliance.

If you are working in an air-gap environment, you can manually download the update packages. You must work with the BeyondTrust Technical Support team to download packages manually.

For more information about the updates included in the package, contact BeyondTrust Technical Support.

Security Update Package Types

  • Security Patches for Windows Server: Microsoft Windows Updates for the server operating system, screened by BeyondTrust.
  • Security Patches for SQL Server: SQL Server service packs and security updates that may be released from Microsoft, screened by BeyondTrust.
  • U-Series Appliance Environment: Packages created by BeyondTrust to change system settings, such as: file, registry or system changes, or updates not integrated in Windows Updates.
  • U-Series Appliance Supporting Software: Packages created by BeyondTrust to deliver updates to software that may not be from BeyondTrust but are essential to the operation of the U-Series Appliance.

Apply Updates

 

  1. To apply the updates, log in to the U-Series Appliance website.
  2. The default page displayed is the BeyondTrust Updates page. If it is not displayed, select Maintenance from the menu, then BeyondTrust Updates. Details are displayed about any update that is ready to be applied and previous updates that have been applied.
  3. Click View Updates. A page displays all available updates ready to apply and any update applied in the last 24 hours.
  4. Click Schedule Updates and select one of the following:
    • Run updates now: Includes all updates available. If a new update arrives while updates are being applied that update is not included.
    • Schedule updates to run at a specific date and time: Includes the available packages in the scheduled time frame. If a new package is received before the scheduled run time starts, then the new package is not included. A new schedule must be created to include those new packages. A package that fails to update remains in the list of available updates. The update is automatically included in any new schedule created and attempts to update when that schedule runs.

If a restart is required (depending on the patch), then the U-Series Appliance restarts automatically. No action is required on your part.

View Update History

 

  1. Log in to the U-Series Appliance website.
  2. The default page displayed is the BeyondTrust Updates page. If it is not displayed, select Maintenance from the menu, then BeyondTrust Updates. Details are displayed about any update that is ready to be applied and previous updates that have been applied.
  3. Click View Update History. This page displays the historical records of previously applied patches. The list is organized by the types of packages (subscriptions).

Set the Update Method

The Update Method section displays if update clients are configured to use an internal server or the BeyondTrust update servers. It also displays if a proxy is being used and if U-Series Appliance updates or security updates are disabled.

Clicking Change the Proxy Settings takes you to the page within Maintenance, where you can modify the proxy. Clicking Change the Update Settings takes you to the roles editor.

Configure U-Series Appliance General Settings

Adjust Date and Time Settings

  1. From the Maintenance menu, select General Settings.
  2. Select a time zone and adjust the time.
  3. Click Set the Date and Time Now.

Configure LCD Panel Settings

  1. From the Maintenance menu, select General Settings.
  2. You can turn on the following settings:
    • Allow LCD Panel to Reset Administrator Password: Turn on to allow you to reset the admin password to a random password from the LCD panel. On the U-Series Appliance LCD panel, select Show IP. Hold the up and down arrows simultaneously. A random password is generated. Press the check button to accept the changed password.
    • Buttons on LCD Panel: Turn off to disable all the LCD panel buttons.
  3. Click Update LCD Panel Settings.

Clear the BeyondInsight License Cache

The Clear BeyondInsight License Cache button clears the license key in the BeyondInsight database cache. If a new license key has been recently applied, then clearing the cache ensures that the new key is saved to the BeyondInsight database.

Clearing the cache and applying the new key ensures all features are available and work properly. You can verify licensed features on the Accounts and Licensing page.

Export Settings

You can allow U-Series Appliance settings such as IP and administrator password to be set by inserting a USB drive into the U-Series Appliance.

  1. From the Maintenance menu, select General Settings.
  2. Click to turn on Allow Appliance settings to be imported and exported on removable storage.
  3. Click Update Export Settings.

Configure Pre-Login Banner Settings

  1. From the Maintenance menu, select General Settings.
  2. Enter a title and message you want to appear before the login credentials page is displayed to the user.

Join a U-Series Appliance to a Domain

Joining a U-Series Appliance to a domain is not recommended. However, if required for your deployment, please contact your BeyondTrust representative for assistance.