Configure the BeyondTrust Privileged Remote Access Middleware Engine
Starting and Stopping the BeyondTrust Middleware Engine
The BeyondTrust Middleware Engine runs as a Windows service. This service must be restarted whenever a new plugin is deployed or a plugin is removed.
Deploying the Plugin
This section describes the general location and makeup of a plugin deployment. Deployment of specific plugins is beyond the scope of this document.
All plugins are deployed into the Plugins folder in the directory where the BeyondTrust Middleware Engine is installed. Each plugin is deployed into its own folder therein.
Once a plugin has been set up with configuration (described below), a file named <plugin name>.config is present. The plugin's folder may contain any number of other files and folders, depending on the plugin.
Launching the Middleware Administration Tool
If the Windows service is running, the middleware administration tool can be launched. Open a web browser on the server and go to http://127.0.0.1:53231/. This tool is accessible only from the server where the BeyondTrust Middleware Engine is installed. If necessary, the tool can run on a different port, and it can be turned on/off as desired. For details, see Configuring the Middleware Administration Tool.
Overview of the Middleware Administration Tool
The front page of the middleware administration tool displays all deployed plugins as well as each plugin's configuration(s). Multiple plugin configurations can be created. Creating multiple plugin configurations allows a single plugin to integrate with multiple systems, such as two different BeyondTrust Appliances.
Working with plugin configurations
To add a new configuration for a plugin, click on the copy icon next to the plugin name. A screen is presented in which a number of configuration items are collected, including connection information to a BeyondTrust Appliance and any plugin-specific settings. This screen includes an option to disable a plugin configuration.
For a specific plugin configuration, the following options are available:
Edit the plugin configuration.
Test the plugin configuration. Testing confirms that the plugin is configured correctly and that network resources can be accessed.
Test output varies between plugins.
Delete the plugin configuration.
Please be careful! The configuration cannot be recovered after deletion.
Configuration changes made via the middleware administration tool are immediately effective. It is not required to restart the Windows service.
Working with the event history for a plugin
To view the event history for a plugin, click the history icon next to the plugin name. A page is displayed listing the key details of each event the plugin has processed. The amount of history available depends on the event retention configuration. The default is seven days. For details on how to change this setting, see Configuring the Middleware Administration Tool.
On the plugin events page, the following functionality is available:
- Paging and text filtering.
- Viewing the raw event data.
- Viewing the error data if event processing failed.
- Finding the event GUID, an identifier attached to every log message for the event.
- Replaying an event (i.e., sending the event to the plugin to reprocess). This can be useful for events that fail for transient reasons such as a network issue.
Working with the event retries for a plugin
To view the active retries for a plugin, click the clipboard icon located next to the history icon. A page diplays listing details about each retry.
The retry is removed from this page when the plugin:
- Successfully processes the event.
- Reaches the retry limit.
The retries are attempted using a Fibonacci back off strategy. This strategy spaces out the retries with the first attempt being five (5) seconds after the initial failure. The maximum number of retries are set per plugin configuration. The Retry Events page provides the functionality required to replay the event before the next attempt time.
You can modify the middleware administration tool to run on a different port, and you can turn it on/off as desired. You also can change the length of time that events are stored.
- From the home page of the middleware administration tool, click the Edit Middleware Configuration link.
- The following configuration options are available:
- Logging Level: Defines the logging level for the BeyondTrust Middleware Engine. Modifications to this value take effect immediately. For maximum logging, select DEBUG. For minimum logging, select ERROR.
- Outbound Event Base Address: The base address BeyondTrust Middleware Engine listens to for outbound events from a BeyondTrust Appliance. If this value is changed, the Windows service must be restarted.
- Middleware Administration Tool Enabled: If disabled, the web-based tool will not be available. If this value is changed, the Windows service must be restarted.
- Middleware Administration Tool Base Address: The base address on which the administration tool runs. If this value is changed, the Windows service must be restarted.
- Event Retention Days: The number of days to keep a record of events delivered to plugins. If this value is changed, the Windows service must be restarted.
- This same configuration can be edited from a file if desired, such as if the administration tool is disabled.
- Go to the directory where the BeyondTrust Middleware Engine is installed.
- In a text editor, open MiddlewareConfig.txt.
- Edit the file as needed. The file is in JSON format. Valid LogLevel values are ERROR, INFO, WARN, and DEBUG.
When changing the LogLevel from the text file, the change is not immediately effective. The log level can change dynamically only when it is changed from the administration tool user interface.
Below is the default configuration:
- "LogLevel": "ERROR",
- "EngineBaseAddress": "http://+:8180/",
- "AdminToolEnabled": true,
- "AdminToolBaseAddress": "http://127.0.0.1:53231/",
- "EventRetentionDays": 7
- After making any changes, restart the Windows service.