Deploy the BeyondTrust SRA Virtual Appliance into a Microsoft Azure Environment

For administrators who wish to deploy the BeyondTrust SRA Virtual Appliance into their Microsoft Azure environment, follow the steps below.

You must have a Microsoft Azure account and environment already configured. You must have the AzureRm or Az PowerShell Module installed on your machine. For more information about installing and configuring the Azure PowerShell Module, please see Install and configure Azure PowerShell.

Azure Email

  1. Open the email you received from BeyondTrust Technical Support and click the Click Here for your BeyondTrust Virtual Appliance (Hyper-V and Azure) link to download the file.
  2.  

  3. Click BeyondTrust Privileged Remote Access-hyperv-azure.exe within your browser to begin installation.
  4. If you receive a Security Warning prompt, click Run.
  5. Choose where you wish the files to be extracted. Click Extract.
  6. Wait for the files to extract. You can review the Elapsed Time, Remaining Time, and blue progress bar to see how extraction is progressing.
  7. When extraction is complete, Deploy-AzBeyondTrustVM.ps1, Deploy- HyperVBeyondTrustVM.ps1, and BeyondTrust-br.v.2.vhdx files appear in the location you designated during the extraction process. A PowerShell script is provided to assist in the deployment of your appliance to Azure: Deploy-AzBeyondTrustVM.ps1. A second script, Deploy-HyperVBeyondTrustVM.ps1, is provided to assist with Hyper-V deployments, and should not be used to deploy to Azure. Deploy-AzBeyondTrustVM.ps1 uses the Az module. Right-click on the script you wish to use and click Edit.
  8. The PowerShell Script completed with variables from an Azure environement.

  9. Once the PowerShell script opens, locate STEP 1 and modify the following variables based on the specifics of your Microsoft Azure environment:
    • resourceGroupName
    • storageAccountName
    • location (westus, for example)
    • vnetName
    • subnetName

 

The vmName does not need to be changed.

The Storage Account used for storing the Azure Virtual Appliance must be General purpose v1.

     

    The PowerShell script lists different options for Azure environment sizing and allows you to comment in the size you desire.

  1. In the Deploy-AzBeyondTrustVM.ps1 script, set the value of $size to the desired deployment size of your SRA Virtual Appliance. The options are:
    • small
    • medium
    • large

     

Subscription and Tenant are required for Az module

  1. The Az module requires a subscription and tenant id from Azure to deploy. Enter this information.

 

The BomgarPAM_azure script running in Windows PowerShell.

  1. Save and run the script in Windows PowerShell.
  2.  

    The login prompt for Microsoft Azure.

  3. When prompted, enter your credentials and sign into your Microsoft Azure account.
  4.  

  5. Next, the system configures an MD5 hash, uploads the SRA Virtual Appliance into your Azure environment, and configures a public IP address for your BeyondTrust SRA Virtual Appliance.
  6. Message in PowerShell indicating the RS Virtual Appliance is being uploaded into Azure.

     

    The PowerShell window indicating the IP address for the RS Virtual Appliance.

  7. You are prompted to go to the IP address configured for your SRA Virtual Appliance. The message reads For Appliance administration, go to https://xx.xx.xx.xxx/appliance.
  8.  

    The BeyondTrust section allowing you to enter your Appliance License Key to register your appliance.

  9. On the /appliance page, enter your Appliance License Key provided in the email from BeyondTrust Technical Support. Click Save.
  10. To setup a persistent URL for your SRA Virtual Appliance, you can perform one of two options:
    • In the Azure console, set the SRA Virtual Appliance's external IP to static. Then assign your DNS entry to that external IP.
    • Apply a DNS name within Azure. Set a CNAME record pointed to that address.

If you anticipate having more than 20 concurrent users, please contact BeyondTrust Technical Support at www.beyondtrust.com/support to ensure that the resources allocated meet your needs.

Because the amount of data recorded for any given session varies drastically based on the type of data collected, the length of the session, and so forth, it is impossible to define how much storage space is needed to save data for a certain number of days. If your business must abide by data retention guidelines, we recommend either estimating the amount of space needed based on observation of your own data stores or using the BeyondTrust API or Integration Client to extract session data to an external store.

For troubleshooting purposes, BeyondTrust Technical Support may require your BeyondTrust SRA Virtual Appliance to be given reserved resources matching specifications in this document. Keeping that in mind, you are welcome to deviate from these specifications as you see fit.

For information about using BeyondTrust Vault with an Microsoft Azure Active Directory Domain Services Account, please see the Beyond Trust Vault Whitepaper.