Architecture of BeyondTrust Remote Support (On-Premises)

To make secure remote support possible, the BeyondTrust architecture places the Secure Remote Access Appliance as the focal point of all communications. The appliance provides a platform to build a support portal, a site through which an organization funnels all remote support requests. The support portal offers a web site interface using Hypertext Transfer Protocol (HTTP) for unauthenticated services, Secure HTTP (HTTPS) for authenticated services, and direct client connections accepted over a proprietary, BeyondTrust-defined protocol.

BeyondTrust has two primary binary components that provide the appliance's functionality. The first, called Base, is made up of the firmware that provides system-level configuration of a Secure Remote Access Appliance. Settings such as IP addresses and security certificate configuration are all configured via the Base interface, which is accessed via the /appliance web interface.

The second component is made up of the software that provides site-level configuration and is accessed via the /login web interface. Behind the /login page is where customer support portal configuration takes place, and where the BeyondTrust representative console, customer client, Jump Clients, Jumpoints, and security provider connection agents can be downloaded. Support sessions always occur through the appliance, and since the connections are outbound from the clients to the appliance using well known ports, the application can communicate without local firewall changes.

Secure Remote Access Appliance Typical Deployment