Architecture of BeyondTrust Privileged Remote Access: On-Premises

To make secure access possible, the BeyondTrust architecture places the B Series Appliance as the focal point of all communications. The B Series Appliance provides an interface using Hypertext Transfer Protocol (HTTP) for unauthenticated services, Secure HTTP (HTTPS) for authenticated services, and direct client connections accepted over a proprietary, BeyondTrust-defined protocol.

BeyondTrust has two primary binary components that provide the B Series Appliance's functionality. The first, called Base, is made up of the firmware that provides system-level configuration of a B Series Appliance. Settings such as IP addresses and security certificate configuration are all configured via the Base interface, which is accessed via the /appliance web interface.

The second component is made up of the software that provides site-level configuration and is accessed via the /login web interface. Behind the /login page is where user configuration and session options take place, and where the BeyondTrust access console, endpoint client, Jump Clients, Jumpoints, and security provider connection agents can be downloaded. Sessions always occur through the B Series Appliance, and since the connections are outbound from the clients to the B Series Appliance using well known ports, the application can communicate without local firewall changes.

BeyondTrust Appliance B Series Typical Deployment