Failover Dynamics and Options with BeyondTrust Privileged Remote Access

BeyondTrust failover enables synchronization of data between two peer B Series Appliances, creating a simplified process for secure swap from a failed B Series Appliance. Two B Series Appliances host the same installed software package for a single site. You can check this from the /login admin web interface. If the Product Version and Product Build match, the same site software package is installed. DNS directs support traffic of the site to one of these peer B Series Appliances, the primary B Series Appliance, where all settings are configured. The backup B Series Appliance synchronizes with the primary, according to your settings configured in the /login interface.

This document describes how to use a second B Series Appliance as a backup and failover device for a PRA site and how to switch operations to the backup B Series Appliance in a disaster recovery situation. There are three network configuration methods available with PRA failover for redirecting network traffic so that your support site remains available:

  1. Shared IP
  2. DNS Swing
  3. NAT Swing

Configuration details regarding each of these methods follow in this document, and detailed failover steps are also covered. Your B Series Appliances have a peer relationship, so implementing the Shared IP failover configuration with automatic data synchronization enabled is recommended. Both B Series Appliances must be on the same IP subnet to support Shared IP failover; therefore, it may be necessary to use DNS or NAT swing failover methods. Failover can be further managed and automated using the BeyondTrust API.

For more information on the pros and cons of each option, please see Methods of Network Configuration for PRA B Series Appliance Failover.