Architecture of BeyondTrust Remote Support (On-Premises)
To make secure remote support possible, the BeyondTrust architecture places the BeyondTrust Appliance B Series as the focal point of all communications. The B Series Appliance provides a platform to build a support portal, a site through which an organization funnels all remote support requests. The support portal offers a web site interface using Hypertext Transfer Protocol (HTTP) for unauthenticated services, Secure HTTP (HTTPS) for authenticated services, and direct client connections accepted over a proprietary, BeyondTrust-defined protocol.
BeyondTrust has two primary binary components that provide the B Series Appliance's functionality. The first, called Base, is made up of the firmware that provides system-level configuration of a BeyondTrust Appliance B Series. Settings such as IP addresses and security certificate configuration are all configured via the Base interface, which is accessed via the /appliance web interface.
The second component is made up of the software that provides site-level configuration and is accessed via the /login web interface. Behind the /login page is where customer support portal configuration takes place, and where the BeyondTrust representative console, customer client, Jump Clients, Jumpoints, and security provider connection agents can be downloaded. Support sessions always occur through the B Series Appliance, and since the connections are outbound from the clients to the B Series Appliance using well known ports, the application can communicate without local firewall changes.