Configure Database Connection to Enable Privileged Remote Access Dashboard in BeyondInsight

Overview

Administrators can leverage the Privileged Remote Access Dashboard in the BeyondInsight console to view session details and reports of Privileged Remote Access sessions. Administrators who utilize the existing reporting functionality of /login can continue to view session details, reports, and session recordings in the /login interface.

The Privileged Remote Access integration with BeyondInsight relies on the BeyondTrust Integration Client for session reporting data. BeyondInsight interacts with the Integration Client's BGSessions database directly.

A username and password are required to access the Integration Client's BGSessions database, and this user must have access to the BGSessions tables. We recommend this user have read-only access. Once the username and password are setup, review the below prerequisites and network considerations, and then follow the steps to configure the database connection in BeyondInsight.

For more information on the BeyondTrust Integration Client, please see the Integration Client Guide.

Prerequisites

The following software is required:

  • BeyondTrust Integration Client (version 1.7.0 or later)
  • BeyondInsight (version 6.10 or later)
  • Privileged Remote Access (version 19.2.1 or later)

Network Considerations

TCP ports 443 and 1433 must be open.

  • The BeyondTrust Integration Client uses port 443 to make API calls to Privileged Remote Access.
  • The BeyondTrust Integration Client uses port 1433 to store Privileged Remote Access session data in the BGSessions SQL server database.
  • BeyondInsight uses port 1433 to query the BGSessions SQL server database to retrieve Privileged Remote Access session data.

Configure Database to Enable Privileged Remote Access Integration

  1. From the home page or left menu in BeyondInsight, click Configuration.
  2. Under Secure Remote Access, click Database Configuration.

Screenshot of the Secure Remote Access Database Configuration page in BeyondInsight.

  1. Provide the settings to connect to your Integration Client's BGSessions database where the Privileged Remote Access session data is stored:
    • Server: Hostname or IP address for the SQL Server hosting the Integration Client’s BGSessions database.
    • Database Name: Name of the database that contains the Privileged Remote Access session data. BGSessions is default.
    • Integrated Security: If toggled to yes, the current Windows account credentials are used for authentication. If toggled to no, the username and password are specified in the connection.
    • SQL User: Username used to the access the BGSessions database.
    • SQL Password: Password for the SQL User.
    • Connection Timeout: Timeout in seconds to wait for a connection to open.
    • Query Timeout: Timeout in seconds to wait for the command to execute.
  2. Click Test Connection to verify connectivity to the database.
  3. Click Update Settings.

 

After initial setup, you must refresh your browser for the Privileged Remote Access option to display in the left menu in BeyondInsight. Clicking the Privileged Remote Access option brings you to the Privileged Remote Access Dashboard.

View the Privileged Remote Access Dashboard in BeyondInsight

  1. From the left menu in BeyondInsight, click Privileged Remote Access.

Screenshot of the Privileged Remote Access Dashboard in BeyondInsight.

  1. In the Dashboard, you can quickly view a summary of Privileged Remote Access session data in each card.
  2. Click the items within each card to review the specific records for that item in a grid view, which can be sorted, filtered, and exported as required.

 

Screenshot of the Dashboard Editor in BeyondInsight.

You can customize the Privileged Remote Access Dashboard by adding and removing tiles, and rearranging tiles from the Dashboard Editor page in BeyondInsight.

To access the Dashboard Editor, click Dashboard (Preview) the left menu in BeyondInsight, and then select Privileged Remote Access Dashboard from the Your Dashboards list.

 

Database Recommendation

To assist with troubleshooting potential performance issues between the Privileged Remote Access Dashboard and the BGSessions database, the following indexes are recommended in the BGSessions database:

create index session__start_time_ndx on session(start_time);
create index session__host_name_ndx on session(host_name);
create index session__host_name_ndx on session(host_name);
create index session__jump_group_name_ndx on session(jump_group_name);
create index session__lsid_ndx on session(lsid);
create index session_event__type_performed_by_type_ndx on session_event(type, performed_by_type);
create index session_event__session_id_ndx on session_event(session_id);
create index session_event__type_destination_ndx on session_event(type, destination);
create index session_event__type_performed_by_ndx on session_event(type, performed_by);
create index session_event_data__session_event_id_ndx on session_event_data(session_event_id);
create index session_event_data__name_ndx on session_event_data(name);