TECH DOCS HOME > REMOTE SUPPORT HOME

BeyondTrust Hardware Prerequisites

This guide walks you through the initial setup and configuration of your Secure Remote Access Appliance. Should you need any assistance, please contact www.beyondtrust.com/support.

Prerequisites

Before starting, it is important to know that until the Secure Remote Access Appliance's prerequisites have been met, you will neither be able to reach your appliance directly by its IP address or hostname nor be able to check for updates or use it to provide remote support. The Secure Remote Access Appliance requires the following at a minimum:

  • One or two available power outlets, depending on your appliance (one for the B200, two for the B300 or B400)
  • A high-speed network connection
  • A network router or switch
  • A unique, static IP address for the Secure Remote Access Appliance
  • A private DNS A-record resolving to the static IP of your appliance. A public A-record and public IP will also be required if external clients will need access to the appliance.
  • An SSL web server certificate + intermediate SSL certificate(s), and SSL root. OR, 1 Self-Signed certificate. (See the SSL Certificates and BeyondTrust Guide.)
  • The BeyondTrust software licensing package

While these meet the minimum requirements, more advanced configurations may require additional items. For example:

  • BeyondTrust click-to-chat and mobile clients require an SSL root and intermediate SSL certificate(s).
  • Access from external public networks require a public DNS A-record.
  • Access from multiple DNS A-records require either multiple web server certificates and/or SAN or wildcard certificate(s).
  • Isolating client traffic from multiple networks requires multiple static IP addresses.
  • Automatic updating and advanced BeyondTrust technical support require outbound access to the public internet from the Secure Remote Access Appliance over TCP port 443.

 

No client software (e.g., representative consoles, customer clients, Jump Clients, Jumpoints, Support Buttons, etc.) can be downloaded, installed, or used until BeyondTrust Technical Support builds a software licensing package for your appliance and you install it per the instructions provided by Support. Because this license package is encoded with the DNS A-record of the appliance as well as its SSL certificate, these must be in place before the license package can be completed.

Getting Started

Several steps should be taken before the BeyondTrust hardware is delivered and installed:

  1. Allocate the necessary rack space for the appliance. Ensure the space has the necessary power and network access.
  2. Reserve a static IP address for the appliance on the network. Refer to the following guides in order to reserve the correct IP address(es):
  3. Configure a DNS A-record for the fully qualified domain name (FQDN) of your new site (e.g., support.example.com).

    A private DNS A-record resolving to the static IP address of the appliance will always be necessary. A public A-record and public IP will also be required if clients on public, external networks will need access to the appliance.

Typical Network Setup

Although your appliance can function anywhere in your network as long as the appropriate users and machines can reach it, you will need to decide where in your network you plan to install the appliance prior to this step. If you are going to access systems outside of your network, BeyondTrust recommends placing your appliance in a DMZ or outside of your internal firewall. See the table below for more details. For assistance with your firewall configuration, please contact the manufacturer of your firewall software.

 

If you must move the appliance to another location to connect it to the internet, you will need to power down before you unplug it from its power source. If you can log into the /appliance administrative interface, go to the Status > Basics page and click Shut Down This Appliance. Manual shut down is possible if you press and release the power button one time. Wait 60 seconds for the appliance to power down before unplugging the Secure Remote Access Appliance from the power source. When you reconnect the appliance at the new location, you will need to power up again.

Network Location Considerations for Secure Remote Access Appliances
Network Location Advantages/Disadvantages

Outside your firewall

Does not require that ports 80 and 443 be open inbound for TCP traffic on your firewall. Simplifies the setup process significantly because both the representative and customer clients are built to resolve to a specific DNS; if your registered DNS resolves to a public IP address directly assigned to your appliance, no additional setup is required by you to initiate a session.

DMZ

May require additional setup depending on your router or routers.

Inside your firewall

Requires port forwarding on your firewall and possibly additional setup of your NAT routing and internal DNS.
BeyondTrust

BeyondTrust is the leader in Secure Access solutions that empower businesses. BeyondTrust's leading remote support, privileged access, and identity management solutions help support and security professionals improve productivity and security by enabling secure, controlled connections to any system or device, anywhere in the world. More than 20,000 organizations across 80 countries use BeyondTrust to deliver superior support services and reduce threats to valuable data and systems.

©2003-2019 BeyondTrust Corporation. All Rights Reserved. Other trademarks identified on this page are owned by their respective owners. BeyondTrust is not a chartered bank or trust company, or depository institution. It is not authorized to accept deposits or trust accounts and is not licensed or regulated by any state or federal banking authority.

Top