Deploy the BeyondTrust Privileged Remote Access Appliance into an Amazon AWS Environment
For administrators who wish to deploy the BeyondTrust Privileged Remote Access Virtual Appliance into their Amazon Web Services (AWS) environment, follow the steps below.
You must have an Amazon AWS account and support plan already configured. You are also responsible for registering the DNS hostname for your site.
- Open the email you received from BeyondTrust Technical Support and select the Link your AWS account(s) link to be redirected to the BeyondTrust site.
- Enter your AWS Account ID in the text box and click Add Account ID. Your Virtual Appliance will be shared with your Amazon AWS account as a Private Amazon Machine Image (AMI) within an hour. The AMI will be shared to each of your AWS regions.
If you are uncertain what your AWS Account ID is, the email contains a link to an Amazon help page that details how to find it.
- In the AWS EC2 Dashboard, in the AWS services section, click the EC2 link to start the wizard.
- Browse to Images > AMI.
- Select Private Images from the dropdown.
- Select the Virtual Appliance (for example, BeyondTrust Appliance - 5.2.0) in the AMI list. This is the base software image, which must next be updated and configured.
- Click the Launch button.
- Choose an instance type. We support all t2 and m4 instance types. Refer to the License and Sizing chart below.
- Click Next: Configure Instance Details.
- After configuring the instance launch details, click Next: Add Storage.
- On the Add Storage page, configure the sizes and volume types of the drives you wish to include on the AMI. We recommend choosing General Purpose SSD (gp2) as the volume type for the root and secondary volumes, but you may choose either of the SSD types (GP2 or IO1). If you need a large volume for recordings, and this is a cost-sensitive deployment, then you can provision a third drive and configure it as Magnetic (standard). For recommended sizing of instance volumes, refer to the AWS Disk column in the License and Sizing chart below. You may enable the Encrypted option if desired, though the Privileged Remote Access product also includes Data at Rest Encryption.
For more information on Data at Rest Encryption, please see Introduction to Data at Rest Encryption with BeyondTrust Privileged Remote Access .
- Click Next: Add Tags.
- Click Next: Configure Security Group.
- The Launch Wizard creates a security group which you must edit, or you can create a new security group after you deploy the image, so that the site is accessible on ports 443 and 80. This can be accomplished from Network & Security > Security Groups in the EC2 Dashboard.
- Click Review and Launch. Review your instance details and click Launch.
- Skip the option to select or create a key pair, as the instance will not allow SSH access. Instead, select Proceed without a key pair, enable the acknowledgement checkbox, and click Launch Instances.
- After the site launches, browse to Instances > Instances in the EC2 Dashboard and locate the assigned Public IP address in the Description tab. This is the IP address you will use to configure your appliance, and to configure your DNS A record.
If you stop or terminate your Instance, you are not guaranteed to retrieve the same IP address after it reboots. To facilitate managing your DNS, we recommend purchasing an Elastic IP address.
- Navigate in a web browser to .
- Enter your Appliance License Key provided in the email from BeyondTrust Technical Support. Click Save.
No further network or console configuration is needed for AWS-based appliances. Please continue to Register and Update the Privileged Remote Access Virtual Appliance
License and Sizing
|Provision Size||Max Jump Clients||AWS Instance||AWS Disk|