Deploy the BeyondTrust SRA Virtual Appliance into an Amazon AWS Environment
Administrators can deploy the BeyondTrust SRA Virtual Appliance into their Amazon Web Services (AWS) environment by following the steps below.
You must have an Amazon AWS account and support plan already configured. You are also responsible for registering the DNS hostname for your site.
- Open the email you received from BeyondTrust Technical Support and select the Link your AWS account(s) link to be redirected to the BeyondTrust site.
- Enter your Commercial AWS Account ID or Government AWS Account ID in the text box and click Add Account ID. Your SRA Virtual Appliance is shared with your Amazon AWS account as a Private Amazon Machine Image (AMI) within an hour. The AMI is shared to each of your AWS regions.
If you are uncertain what your AWS Account ID is, the email contains a link to an Amazon help page that details how to find it.
- In the AWS EC2 Dashboard, in the AWS services section, click the EC2 link to start the wizard.
- Browse to Images > AMI.
- Select Private Images from the dropdown.
- Select the SRA Virtual Appliance (for example, BeyondTrust SRA Appliance - 6.1.1) in the AMI list. This is the base software image, which must next be updated and configured.
- Click the Launch button.
- Choose an instance type. BeyondTrust supports all T3 and M5 instance types. Refer to the License and Sizing chart below.
- Click Next: Configure Instance Details.
- After configuring the instance launch details, click Next: Add Storage.
- On the Add Storage page, configure the sizes and volume types of the drives you wish to include on the AMI. A second EBS volume is set to device /dev/sdb of size 10GB. We recommend you increase this second disk to 100GB. If you need a large volume for recordings, and this is a cost-sensitive deployment, then you can provision a third drive and configure it as Magnetic (standard). The third drive must be added as /dev/sdg. For recommended sizing of instance volumes, refer to the AWS Disk column in the License and Sizing chart below. You may enable the Encrypted option if desired.
- Click Next: Add Tags.
- Click Next: Configure Security Group.
- The Launch Wizard creates a security group which you must edit, or you can create a new security group after you deploy the image, so that the site is accessible on ports 443 and 80. This can be accomplished from Network & Security > Security Groups in the EC2 Dashboard.
- Click Review and Launch. Review your instance details and click Launch.
- Skip the option to select or create a key pair, as the instance does not allow SSH access. Instead, select Proceed without a key pair, check the acknowledgment box, and click Launch Instances.
- After the site launches, browse to Instances > Instances in the EC2 Dashboard and locate the assigned Public IP address in the Description tab. This is the IP address used to configure your appliance and your DNS A record.
If you stop or terminate your Instance, you are not guaranteed to retrieve the same IP address after it reboots. To facilitate managing your DNS, we recommend purchasing an Elastic IP address.
- Navigate in a web browser to .
- Enter your Appliance License Key provided in the email from BeyondTrust Technical Support. Click Save.
License and Sizing
|Size||Licenses||Instance||Disk 1||Disk 2|
If you anticipate having more than 20 concurrent users, please contact BeyondTrust Technical Support at www.beyondtrust.com/support to ensure that the resources allocated meet your needs.
Because the amount of data recorded for any given session varies drastically based on the type of data collected, the length of the session, and so forth, it is impossible to define how much storage space is needed to save data for a certain number of days. If your business must abide by data retention guidelines, we recommend either estimating the amount of space needed based on observation of your own data stores or using the BeyondTrust API or Integration Client to extract session data to an external store.
For troubleshooting purposes, BeyondTrust Technical Support may require your BeyondTrust SRA Virtual Appliance to be given reserved resources matching specifications in this document. Keeping that in mind, you are welcome to deviate from these specifications as you see fit.