Privileged Remote Access Virtual Appliance Installation

This guide is designed to walk you through the initial setup and configuration of your BeyondTrust Virtual Appliance. Should you need any assistance, please contact BeyondTrust Technical Support at

Prerequisites for VMware and Hyper-V Deployments

Before beginning your BeyondTrust Virtual Appliance setup, please make sure you review the following prerequisites and the sizing guidelines that follow.

  • VMware vCenter 5.1+ and virtual hardware versions 9+
  • Hyper-V 2012 R2 (standalone or as a role) and Generation 1 hardware only
  • At least 124 GB of storage available. To determine exactly how much available storage you need for your environment, see Privileged Remote Access Virtual Appliance Sizing Guidelines.
  • One 32 GB partition for the BeyondTrust OS and at least 100GB available for logs and recordings
  • External IP SANs need to be on a 1Gbit or 10Gbit reserved network with 10K RPM disk or better
  • A static IP for your Virtual Appliance
  • A private DNS A-record resolving to the static IP of your Virtual Appliance. A public A-record and public IP will also be required if public clients will need access to the appliance. The DNS A-record is the fully qualified domain name (FQDN) of your site (e.g.,

    "Public clients" includes any client software (browsers, BeyondTrust access consoles, endpoint clients, etc.) which connect from external IP addresses outside of network(s) and VPN(s) local to the BeyondTrust appliance's network.

  • A valid NTP server that is reachable by the appliance
  • Ensure that the system time between the host ESXi server and the guest BeyondTrust OS are in sync. Variations by only a few seconds can potentially result in performance or connectivity issues.

Prerequisites for Microsoft Azure

  • Microsoft Azure Resource Manager (ARM)
  • If using Microsoft Azure, make sure the following is already in place before deployment:
    • A Resource group
    • A storage account with a vhds container
    • A VNET and Subnet has been configured