Deploy the BeyondTrust SRA Virtual Appliance into a VMware Environment
Review Prerequisites for VMware
You must have a VMware account and environment already configured.
Before beginning the BeyondTrust SRA Virtual Appliance setup, please review the following prerequisites:
- VMware vCenter 6.5+ and virtual hardware versions 13+.
- At least 4GB of memory available.
- At least 140GB of storage available.
- One 32GB partition for the BeyondTrust OS, and at least 100GB available for logs and recordings.
- External IP SANs require a 1Gbit or 10Gbit reserved network with a 10K RPM disk or better.
For more information about sizes, please see Review License and Sizing Conditions.
- A static IP for your SRA Virtual Appliance.
- A private DNS A-record resolving to the static IP of your SRA Virtual Appliance. A public A-record and a public IP are also required if public clients access the B Series Appliance. The DNS A-record is the fully qualified domain name (FQDN) of your site (access.example.com, for example).
"Public clients" include any client software (browsers, BeyondTrustaccess consoles, endpoint clients, etc.) which connect from external networks and VPN(s) local to the B Series Appliance's network.
- A valid NTP server that is reachable by the B Series Appliance.
- Ensure that the system time between the host ESXi server and the guest BeyondTrust OS are in sync. Variations by only a few seconds can potentially result in performance or connectivity issues.
Deploy the SRA Virtual Appliance
To deploy the BeyondTrustSRA Virtual Appliance into a VMWare environment, follow the steps below:
- Open the email you received from BeyondTrust Technical Support and click the link to download the BeyondTrust SRA Virtual Appliance OVA file.
- Log in to your virtual infrastructure client. You must use an account with permissions to deploy a virtual machine as an OVF template.
- On the Select an OVF Template screen, select the BeyondTrust.ova file.
- Review the OVF template details.
- Read and accept the end user license agreement.
- Specify a name for this OVF template, and select a location in the inventory to which you have rights.
- Select a configuration of Small, Medium, or Large. This selection defines your default resource allocations. Choose a configuration based on your usage needs and available resources.
For more information about sizes, please see Review License and Sizing Conditions.
- Select a resource pool to which you have rights.
- Select the datastore on which you want the SRA Virtual Appliance to run. This is where the operating system and session data is stored.
- Select the appropriate network mapping for your environment. Your SRA Virtual Appliance can function anywhere in your network with internet access. If you plan to access systems outside of your network, security practices recommend that you place the SRA Virtual Appliance in a DMZ or outside of your internal firewall. Network location considerations are outlined in the table below.
Network Location Considerations for B Series Appliances | |
---|---|
Network Location | Advantages/Disadvantages |
Outside your firewall |
Does not require that ports 80 and 443 be open inbound for TCP traffic on your firewall. Simplifies the setup process significantly because both the representative and customer clients are built to resolve to a specific DNS; if your registered DNS resolves to a public IP address directly assigned to your B Series Appliance, no additional setup is required by you to initiate a session. |
DMZ |
Might require additional setup depending on your router or routers. |
Inside your firewall |
Requires port forwarding on your firewall and possibly additional setup of your NAT routing and internal DNS. |
- Return to the email you received from BeyondTrust Technical Support, and copy the Appliance License Key. In the Deployment Wizard, paste the key into the field.
If for some reason you are unable to provide the Appliance License Key at this time, you can manually enter it later, from the virtual machine console.
- Review your settings and click Finish.
- The SRA Virtual Appliance deploys in the location and with the resources you have specified.
For detailed information about network locations, please see The BeyondTrust Appliance B Series in the Network.