Review Best Practices for Jump Client Mass Deployment — Windows

Avoid Deploying Duplicates

When mass-deploying the SRA Jump Client MSI with tools such as SCCM or Altiris, it is important to avoid installing duplicate clients, because this can cause multiple deployment failures. BeyondTrust does not provide any utilities for deploying clients, but there are some basic methodologies you can use to script a deployment system that will only install Jump Clients on systems that do not have one installed already. These methods depend on whether you already have Jump Clients installed.

If you have already installed Jump Clients, your script can be modified to prevent duplicates. If you have installed Jump Clients, you can use the INSTALLDIR.MSI variable or a custom file as described below. When you use INSTALLDIR, the MSI installation package itself automatically aborts if it finds the directory you specify already exists. If you choose the custom file option, you must script the install to check for this file prior to running the MSI installation package.

Prevent Additional Duplicates

If your deployment tool has already deployed duplicate clients, edit your script so that the tool aborts installation if the target system matches either of these conditions:

• The system has any bomgar-pec.exe processes running.
• The system has any DisplayName registry entries matching BeyondTrust Privileged Remote Access Jump Client [support.example.org], where support.example.com matches the hostname of your SRA appliance.

Prevent Duplicates Before Deployment

If your deployment tool has not yet deployed any clients, you can script the tool to use the INSTALLDIR variable or deploy a custom file during the install process.

Use INSTALLDIR

Follow these steps to use the INSTALLDIR variable:

1. From the /login administrative interface, go to Jump > Jump Clients.
2. At the top of the Jump Client Installer List, click Add.

3. Enter the appropriate mass deployment wizard parameters.
4. Click Create.
5. Select Windows (x64) MSI, copy the string after KEY_INFO=, and then click Download/Install.
6. Load the downloaded MSI into your deployment tool and script the tool to install it using the following command:

   msiexec /i bomgar-scc-win64.msi KEY_INFO=<key_info_string> INSTALLDIR=<installDir> /quiet

   where <key_info_string> is the KEY_INFO string you copied earlier and <installDir> is the install directory of your choice.

7. Configure the deployment tool to abort installation if it finds the install directory you have chosen is already present.

Use a Custom File

You have the option of deploying a custom file during installation and automatically aborting subsequent duplicate installation if this file is found. To do this:

1. Save a small text file with a descriptive title such as PRAJumpClient.txt to a shared network location accessible from all systems on which Jump Clients will be deployed.
2. Follow the above steps for using INSTALLDIR to create and download an MSI installation file.
3. Configure the script to abort if the PRAJumpClient.txt file already exists, or copy it to the local system and install the MSI file if the text file does not exist.

Manage Deployment Rate

It is important to consider rate of deployment if mass deploying on a large scale. A large number of simultaneous client installations can cause network traffic delays.

Depending on the deployment method used, the granular control allowed may vary. We recommend deploying no more than 60 clients per minute to avoid installation failures and degraded performance. For reference, 60 clients per minute equates to:

• 1 client install per second
• 60 client installs per minute
• 3,600 client installs per hour

Performance impact may vary with environmental factors, usage patterns, and appliance resources. BeyondTrust recommends starting mass deployment conservatively with smaller scale pushes at slower rates to confirm acceptable performance before gradually scaling up the number and rate of deployment.