Jump Clients: Manage Settings and Install Jump Clients for Endpoint Access
Jump Client Mass Deployment Wizard
The Mass Deployment Wizard enables administrators and privileged users to deploy Jump Clients to one or more remote computers for later unattended access.
For more information see Privileged Remote Access Jump Client Guide: Unattended Access to Systems in Any Network.
Allow Override During Installation
Some Mass Deployment Wizard settings allow override, enabling you to use the command line to set parameters that are specific to your deployment, prior to installation.
From the dropdown, select whether to pin the Jump Client to your personal list of Jump Items or to a Jump Group shared by other users. Pinning to your personal list of Jump Items means that only you can access this remote computer through this Jump Client. Pinning to a shared Jump Group makes this Jump Client available to all members of that Jump Group.
You may choose a Session Policy to assign to this Jump Client. Session policies are configured on the Users & Security > Session Policies page. A session policy assigned to this Jump Client has the highest priority when setting session permissions.
You may apply a Jump Policy to this Jump Client. Jump Policies are configured on the Jump > Jump Policies page and determine the times during which a user can access this Jump Client. A Jump Policy can also send a notification when it is accessed or can require approval to be accessed. If no Jump Policy is applied, this Jump Client can be accessed without restriction.
Adding a Tag helps to organize your Jump Clients into categories within the access console.
This feature is available only to customers who own an on-premises BeyondTrust Appliance. BeyondTrust Cloud customers do not have access to this feature.
Set the Connection Type to Active or Passive for the Jump Clients being deployed. An active Jump Client maintains a persistent connection to the appliance, while a passive Jump Client instead listens for connection requests.
If you have one or more Jumpoints set up as proxies, you can select a Jumpoint to proxy these Jump Client connections. That way, if these Jump Clients are installed on computers without native internet connections, they can use the Jumpoint to connect back to your BeyondTrust Appliance. The Jump Clients must be installed on the same network as the Jumpoint selected to proxy the connections.
Add Comments, which can be helpful in searching for and identifying remote computers. Note that all Jump Clients deployed via this installer have the same comments set initially, unless you check Allow Override During Installation and use the available parameters to modify the installer for individual installations.
This Installer Is Valid For
The installer remains usable only as long as specified by the This Installer is Valid For dropdown. Be sure to leave adequate time for installation. If someone should attempt to run the Jump Client installer after this time, installation fails, and a new Jump Client installer must be created. Additionally, if the installer is run within the allotted time but the Jump Client is unable to connect to the appliance within that time, the Jump Client uninstalls, and a new installer must be deployed. The validity time can be set for anywhere from 10 minutes to 1 year. This time does NOT affect how long the Jump Client remains active.
In addition to expiring after the period given by the This Installer is Valid For option, Jump Client mass deployment packages invalidate when their BeyondTrust Appliance is upgraded. The only exception to this rule is live updates which change the license count or license expiration date. Any other updates, even if they do not change the version number of the appliance, invalidate the Jump Client installers from before the upgrade. If these installers are MSI packages, they can still be used to uninstall Jump Clients if necessary.
Once a Jump Client has been installed, it remains online and active until it is uninstalled from the local system either by a logged-in admin user, by a BeyondTrust user from the access console's Jump interface, or by an uninstall script. A BeyondTrust user cannot remove a Jump Client unless the user is given appropriate permissions by their admin from the /login interface.
Attempt an Elevated Install if the Client Supports It
If Attempt an Elevated Install if the Client Supports It is selected, the installer attempts to run with administrative rights, installing the Jump Client as a system service. If the elevated installation attempt is unsuccessful or if this option is deselected, the installer runs with user rights, installing the Jump Client as an application. This option applies only to Windows and Mac operating systems.
A Jump Client pinned in user mode is available only when that user is logged in. In contrast, a Jump Client pinned in service mode, with elevated rights, allows that system to always be available, regardless of which user is logged in.
Prompt for Elevation Credentials if Needed
If Prompt for Elevation Credentials if Needed is selected, the installer prompts the user to enter administrative credentials if the system requires that these credentials be independently provided; otherwise, it installs the Jump Client with user rights. This applies only if an elevated install is being attempted.
Mass Deploy Help
For system administrators who need to push out the Jump Client installer to a large number of systems, the Windows, Mac, or Linux executable or the Windows MSI can be used with your systems management tool of choice. You can include a valid custom install directory path where you want the Jump Client to install.
You can also override certain installation parameters specific to your needs. These parameters can be specified for both the MSI and the EXE using a systems administration tool or the command line interface. When you mark specific installation options for override during installation, you can use the following optional parameters to modify the Jump Client installer for individual installations. Note that if a parameter is passed on the command line but not marked for override in the /login administrative interface, the installation fails. If the installation fails, view the operating system event log for installation errors.
|Command Line Parameter||Value||Description|
Specifies a new writable directory under which to install the Jump Client. This is supported only on Windows and Linux. When defining a custom install directory, ensure that the directory you are creating does not already exist and is in a location that can be written to.
If override is allowed, this command line parameter overrides the Jump Group specified in the Mass Deployment Wizard.
If override is allowed, this command line parameter sets the Jump Client's session policy that controls the permission policy during an access session.
If override is allowed, this command line parameter sets the Jump Policy that controls how users are allowed to Jump to the Jump Client.
If override is allowed, this command line parameter sets the Jump Client's tag.
|--jc-comments||<comments ... >||
If override is allowed, this command line parameter sets the Jump Client's comments.
If included, the installer shows no windows, spinners, errors, or other visible alerts.
When deploying an MSI installer on Windows using an msiexec command, the above parameters can be specified by:
- Removing leading dashes (--)
- Converting remaining dashes to underscores (_)
- Assigning a value using an equal sign (=)
- msiexec /i bomgar-scc-win32.msi KEY_INFO=w0dc3056g7ff8d1j68ee6wi6dhwzfefggyezh7c40jc90 jc_jump_group=team:server_support jc_tag=servers
When deploying an EXE installer, the above parameters can be specified by:
- Adding dashes
- Adding a space between the parameter and the value
bomgar-scc-[unique id].exe --jc-jump-group team:servers --jc-tag servers
Other rules to consider:
- installdir has a dash in the EXE version but no dashes in the MSI version.
- /quiet is used for the MSI version in place of --silent in the EXE version.
Download or Install the Client Now
Choose the operating system on which you wish to install this software. This dropdown defaults to the appropriate installer detected for your operating system.
Note that, unlike the access console, Jump Clients installed from an MSI do auto-update.
You can download the installer immediately if you plan to distribute it using a systems management tool or if you are at the computer to which you need later access.
Once the installer has run, the Jump Client attempts to connect to the appliance. When it succeeds, the Jump Client appears in the Jump interface of the access console. If the Jump Client cannot immediately reach the appliance, then it continues to reattempt connection until it succeeds. If it cannot connect within the time designated by This Installer Is Valid For, then the Jump Client uninstalls from the remote system and must be redeployed.
Deploy to Email Recipients
You can also email the installer to one or more remote users. Multiple recipients can install the client from the same link.
For more information, please see Deploy Jump Clients from the Administrative Interface.
Jump Client Statistics
An administrator can choose which statistics to view for all Jump Clients on a site-wide basis. These statistics are displayed in the access console and include CPU, console user, disk usage, a thumbnail of the remote screen, and uptime.
Jump Client Settings
Active Jump Client Statistics Update Interval
The Active Jump Client Statistics Update Interval determines how often these statistics are updated. Managing which statistics are viewed and how often can help to regulate the amount of bandwidth used. The more active Jump Clients you have deployed, the fewer the statistics and the longer the interval may need to be.
Maximum number of concurrent Jump Client upgrades
Also set the maximum number of Jump Clients to upgrade at the same time. Note that if you have a large number of Jump Clients deployed, you may need to limit this number to regulate the amount of bandwidth consumed.
This setting does not affect access console upgrades.
Maximum bandwidth of concurrent Jump Client upgrades
You may further regulate the bandwidth used during upgrades by setting Maximum bandwidth of concurrent Jump Client upgrades.
This setting does not affect access console upgrades.
Uninstalled Jump Client Behavior
Uninstalled Jump Client Behavior determines how a Jump Client deleted by an end user is handled by the access console. Depending on dropdown option selected, the deleted item can either be marked as uninstalled and kept in the list or actually be removed from the Jump Items list in the access console. If the Jump Client cannot contact the BeyondTrust Appliance at the time it is uninstalled, the affected item remains in its offline state.
Allow user to attempt to wake up Jump Clients
Allow users to attempt to wake up Jump Clients provides a way to wake up a selected Jump Client by broadcasting Wake-on-LAN (WOL) packets through another Jump Client on the same network. Once a WOL is attempted, the option becomes unavailable for 30 seconds before a subsequent attempt can be made. WOL must be enabled on the target computer and its network for this function to work. The default gateway information of the Jump Client is used to determine if other Jump Clients reside on the same network. When sending a WOL packet, the user has an advanced option to provide a password for WOL environments that require a secure WOL password.
Jump Client Default Connection Type
Set whether the default Jump Client connection type should be active or passive.
Passive Jump Client Port
The Passive Jump Client Port specifies which port a passive Jump Client uses to listen for a "wake up" command from the appliance. The default port is 5832. Ensure that firewall settings allow inbound traffic on this port for your hosts with passive Jump Clients. Once awake, Jump Clients always connect to the appliance on port 80 or 443 outbound.
Number of days before Jump Clients that have not connected are automatically deleted
If a Jump Client goes offline and does not reconnect to the BeyondTrust Appliance for the number of days specified by the Number of days before Jump Clients that have not connected are automatically deleted setting, it is automatically uninstalled from the target computer and is removed from the Jump interface of the access console.
This setting is shared with the Jump Client during normal operation so that even if it cannot communicate with the site, it uninstalls itself at the configured time. If this setting is changed after the Jump Client loses connection with the appliance, it uninstalls itself at the previously configured time.
Number of days before Jump Clients that have not connected are considered lost
If a Jump Client goes offline and does not reconnect to the BeyondTrust Appliance for the number of days specified by the Number of days before Jump Clients that have not connected are automatically deleted setting, it is labeled as lost in the access console. No specific action is taken on the Jump Client at this time. It is labeled as lost only for identification purposes, so that an administrator can diagnose the reason for the lost connection and take action to correct the situation.
To allow you to identify lost Jump Clients before they are automatically deleted, this field should be set to a smaller number than the deletion field above.
You can set Jump Clients to allow or disallow simultaneous Jumps from the Jump > Jump Items > Jump Settings section. If allowed, multiple users can gain access to the same Jump Client without an invitation to join an active session by another user. If disallowed, only one user can Jump to a Jump Client at a time. Only an invitation by the user who originated the session can allow for a second user to access the session.
For more information seeManage Jump Client Settings.