Review BeyondTrust Remote Support Cloud Network Infrastructure

The architecture of the BeyondTrust Remote Support application relies on the Remote Support cloud instance as a central routing point for all communications between application components. All sessions between users and remote systems occur through the server components that run on the B Series Appliance. To protect the security of the data in transit, Remote Support uses TLSv1.2 to encrypt all application communications.

Customers can configure the security features such that the Remote Support deployment complies with applicable corporate policies or regulations. Security features include role-based access control, secure password requirements, and features to give remote support recipients the ability to resume control of their computers.

Remote Support enables remote control by creating a remote outbound connection from the endpoint system to the Remote Support cloud instance. The Remote Support cloud site is designed and tested to ensure it works properly and securely in the cloud infrastructure. Since all Remote Support sessions are initiated via outbound connections from the client to the B Series Appliance, it is possible to remotely control computers using Remote Support through firewalls.

BeyondTrust Cloud Network Infrastructure Diagram

Review BeyondTrust Appliance B Series Network Infrastructure

Each Remote Support cloud site comes with a subdomain of the BeyondTrust cloud DNS address, such as If customers prefer to use their company web address with their own SSL certificate, they can use a Canonical Name (CNAME) record to point their default site address to the preferred address.

Since remote support recipients use the public portal name you give them to request remote support, a simple yet descriptive name is the best practice. For example, a company named Smithson might use for their CNAME record.

Review Sample Firewall Rules for Cloud Deployments

Below are example firewall rules for use with Remote Support Cloud, including port numbers, descriptions, and required rules.

Firewall Rules
Internal Network to the Remote Support Cloud Instance
TCP Port 80 (optional) Used to host the portal page without the user having to type HTTPS. The traffic can be automatically redirected to port 443.
TCP Port 443 (required) Used for all session traffic.
Remote Support Cloud Instance to the Internal Network
TCP Port 25, 465, or 587 (optional) Allows the B Series Appliance to send admin mail alerts. The port is set in SMTP configuration.
TCP Port 443 (optional) B Series Appliance to web services (e.g., HP Service Manager, BMC Remedy) for outbound events.

For information on setting Syslog over TLS, please see Appliance Administration: Set Syslog over TLS. UDP/514 and/or TCP/514 for Syslog server on internal network is optional.