Deploy the BeyondTrust Appliance B Series into a Microsoft Azure Environment

For administrators who wish to deploy the BeyondTrust PRA Virtual Appliance into their Microsoft Azure environment, follow the steps below.

You must have a Microsoft Azure account and environment already configured. You must have the AzureRm or Az PowerShell Module installed on your machine. For more information about installing and configuring the Azure PowerShell Module, please see Install and configure Azure PowerShell.

Azure Email

  1. Open the email you received from BeyondTrust Technical Support and select the Click Here for your BeyondTrust PRA Virtual Appliance (Azure) for Privileged Remote Access Management link to download the BeyondTrust Privileged Remote Access-hyperv-azure.exe file.

    Download the BomgarPAM_azure.exe file

  3. Click BeyondTrust Privileged Remote Access-hyperv-azure.exe within your browser to begin installation.

    The Security Warning prompt for running the BomgarPAM_azure.exe file.

  5. If you receive a Security Warning prompt, click Run.


    An editable prompt where you can indicate where you would like to extract the azure file to on your local machine.

  7. Choose where you wish the files to be extracted to on your desktop. Click Extract.

    A prompt with a blue progress bar showing how extraction is progressing.

  9. Wait for the files to extract. You can review the Elapsed Time, Remaining Time, and blue progress bar to see how extraction is progressing.


  11. When extraction is complete, Deploy-AzBeyondTrustVM.ps1, Deploy_AzureBomgarVM.ps1, Deploy-HyperVBeyondTrustVM.ps1, and BeyondTrust-br.v.2.vhd files appear in the location you designated during the extraction process. Two PowerShell scripts are provided to assist in the deployment of your B Series Appliance to Azure: Deploy-AzureRmBeyondTrustVM.ps1 and Deploy-AzBeyondTrustVM.ps1. A third script, Deploy-HyperVBeyondTrustVM.ps1, is provided to assist with Hyper-V deployments, and should not be used to deploy to Azure. Deploy-AzureRmBeyondTrustVM.ps1 uses the deprecated AzureRm module; Deploy-AzBeyondTrustVM.ps1 uses the newer Az module. Which script you use will be determined by which PowerShell module is installed in your environment. Right-click on the script you wish to use and click Edit.
  12. The PowerShell Script completed with variables from an Azure environement.

  13. Once the PowerShell script opens, locate STEP 1 and modify the following variables based on the specifics of your Microsoft Azure environment:
    • Resource Group Name
    • Storage Account Name
    • Location (e.g., westus)
    • vnet Name
    • subnet Name

The vmName does not need to be changed.

The Storage Account being utilized for storing the Azure Virtual Appliance must be General purpose v1.


    The PowerShell script lists different options for Azure environment sizing and allows you to comment in the size you desire.

  1. If using the AzureRm Powershell script, uncomment the desired deployment size of your PRA Virtual Appliance in the section labeled STEP 2. If using the Az script, set the value of $size to the desired deployment size of your PRA Virtual Appliance. The options are:
    • Small
    • Medium
    • Large


    The BomgarPAM_azure script running in Windows PowerShell.

  2. Save and run the script in Windows PowerShell.

    The login prompt for Microsoft Azure.

  4. When prompted, enter your credentials and sign into your Microsoft Azure account.

    The Azure Data Collection message appearing in PowerShell.

  6. In Windows PowerShell, you may receive a message stating AzureRM Modules found or Az Modules found, depending on which script is used.

    Message in PowerShell indicating the MD5 hash is being calculated.

  8. Next, the system configures an MD5 hash, uploads the PRA Virtual Applianceinto your Azure environment, and configures a public IP address for your BeyondTrust PRA Virtual Appliance.
  9. Message in PowerShell indicating the PRA Virtual Appliance is being uploaded into Azure.


    The PowerShell window indicating the IP address for the PRA Virtual Appliance.

  10. You are then prompted to go to the IP address configured for your PRA Virtual Appliance. The message reads For Appliance administration, go to

    The BeyondTrust section allowing you to enter your Appliance License Key to register your appliance.

  12. On the /appliance page, enter your Appliance License Key provided in the email from BeyondTrust Technical Support. Click Save.
  13. To setup a persistent URL for your PRA Virtual Appliance, you can perform one of two options:
    • In the Azure console, set the PRA Virtual Appliance's external IP to Static. Then assign your DNS entry to that external IP.
    • Or, apply a DNS name within Azure. Set a CNAME record pointed to that address.

No further network or console configuration is needed for Azure-based appliances. Please continue to Register and Update the PRA Virtual Appliance