SRA Virtual Appliance Frequently Asked Questions

The following are some of the questions frequently asked about administering the SRA Virtual Appliance and answers to these questions from BeyondTrust Technical Support.

VMware

Can I install VMware tools onto my BeyondTrust SRA Virtual Appliance?

The BeyondTrust SRA Virtual Appliance ships with the VMware guest tools pre-installed.

Can a time skew between my ESXi host and my BeyondTrust SRA Virtual Appliance cause connectivity issues?

Yes, any time difference between the BeyondTrust SRA Virtual Appliance and the host ESXi server can cause connectivity issues. To prevent this, specify a valid NTP source in the SRA Virtual Appliance /appliance interface as well as ensuring that your ESXi host is using a valid NTP source. VMware also has an option to sync the guest OS time with the host ESXi server time. If you use this option, then the NTP source within the BeyondTrust SRA Virtual Appliance does NOT need to be set. It is recommended to use one method or the other but NOT both together.

What version of VMware is supported to host the BeyondTrust SRA Virtual Appliance?

BeyondTrust certifies support for VMware vCenter 6.5+, Virtual Hardware Version 13+.

Does the BeyondTrust SRA Virtual Appliance require reserved resources in VMware?

For troubleshooting purposes, a BeyondTrust Technical Support representative may require the BeyondTrust SRA Virtual Appliance to have reserved resources to effectively diagnose a support issue.

Does BeyondTrust support using the VMware snapshot functionality?

BeyondTrust supports the use of the snapshot technology only in upgrade situations. A snapshot of a powered-off BeyondTrust SRA Virtual Appliance can be taken prior to an upgrade and can be utilized as a fallback in the case of a failed upgrade.

BeyondTrust does not recommend or support taking snapshots of actively running SRA Virtual Appliances.

Can I run the BeyondTrust SRA Virtual Appliance in my clustered VWware environment?

Yes, when installed in a vSphere cluster, the BeyondTrust SRA Virtual Appliance can benefit from many of VMware's value-added technologies, such as VMotion, DRS, and HA, to maximize performance and uptime.

Can I specify an alternate disk for recordings?

Yes, in some cases you may want to separate the disks for recordings if your VMware environment has tiered storage. Add a third disk to your BeyondTrust SRA Virtual Appliance and reboot. Once the BeyondTrust SRA Virtual Appliance is rebooted, the third disk is provisioned and used for recordings.

The virtual hardware of my BeyondTrust SRA Virtual Appliance is currently on an old version and needs to be upgraded. What are BeyondTrust's recommendations for virtual hardware version upgrades?

BeyondTrust certifies support for VMware vCenter 6.5+, Virtual Hardware Version 13+.

If your configuration does not match one of the above configurations, BeyondTrust does recommend updating the virtual hardware version of your BeyondTrust SRA Virtual Appliance.

What is the error: "The OVF certificate file is invalid"?

When importing a new BeyondTrust SRA Virtual Appliance to VMware using the OVA installation package, it is possible for VMware to return an error stating "The OVF certificate file is invalid". This happens when attempting to import the OVF file which is packaged inside the appliance's .ova file. This would require extracting the contents of the OVA package, and this would invalidate the package as a whole. To resolve this, re-download the OVA file and re-import it without extracting the OVA. If using Internet Explorer, it may be necessary to replace .tar with .ova in the download's file extension.

Should the second virtual disk use thick or thin provisioning?

In current versions, the OVF template automatically chooses thick provisioning for the second and (if present) third virtual disk(s).

According to ESXi and vCenter Server 5 Documentation, thin provision initially allocates only the space actually needed by the virtual machiation in the vSphere Documentation Center at vmware.com/support/pubs/). Although the SRA Virtual Appliance is expected to operate correctly with thin provisioning, this is not the preferred choice.

Why does the Virtual Applance download come as a .tar file?

When using Internet Explorer, BeyondTrust's OVA installer may download as a BeyondTrust-br.v.2.tar file instead of BeyondTrust-br.v.2.ova. To install the file per the SRA Virtual Appliance Setup Guide, replace the .tar extension with .ova and follow the guide as normal.

Can the virtual hard disks be stored in multiple datastores?

Some customers with BeyondTrust SRA Virtual Appliances may be interested in distributing the various SRA Virtual Appliance disks across multiple VMware datastores. BeyondTrust does support this configuration, so we expect our SRA Virtual Appliances to work satisfactorily when their virtual drives are located in different datastores from one another.

Hyper-V

What version of Hyper-V is supported to host the BeyondTrust SRA Virtual Appliance?

BeyondTrust certifies support of Hyper-V on Windows Server 2012 R2, Windows Server 2016, and Windows Server 2019. We support both a stand alone Hyper-V server and Windows Server with the Hyper-V Role installed.

Does BeyondTrust support using the Hyper-V snapshot functionality?

BeyondTrust supports the use of the snapshot technology only in upgrade situations. A snapshot of a powered-off BeyondTrust SRA Virtual Appliance can be taken prior to an upgrade and can be utilized as a fallback in the case of a failed upgrade.

Can I specify an alternate disk for recordings?

Yes, in some cases you may want to separate the disks for recordings if your Hyper-V environment has tiered storage. Add a third disk to your BeyondTrust SRA Virtual Appliance and reboot. Once the BeyondTrust SRA Virtual Appliance is rebooted, the third disk is provisioned and used for recordings.

The virtual hardware of my BeyondTrust SRA Virtual Appliance is currently on an old version and needs to be upgraded. What are BeyondTrust's recommendations for virtual hardware version upgrades?

For Hyper-V, BeyondTrust supports only Generation 2 virtual machines at this time. The VA image is delivered as a Generation 2 VM.

If your configuration does not match the above configuration, BeyondTrust does recommend updating the virtual hardware version of your BeyondTrust SRA Virtual Appliance.

Microsoft Azure

Is the Azure Classic deployment model supported?

No. The only supported model is Azure Resouce Manager (ARM).

Do I need to configure the Windows PowerShell script differently if I have a premium storage account?

Yes. If you have a premium storage account, you need to modify the vmSize information in STEP 2 of the script to indicate Premium along with the applicable size.

Can I use any additional Azure features provided by using Azure Linux Agent with my BeyondTrustSRA Virtual Appliance?

BeyondTrust does not support any of these features at this time.

Do I need to enter my Public IP anywhere in the BeyondTrust /appliance interface?

No. The Azure network layer maps the public IP to the private IP. The BeyondTrustSRA Virtual Appliance assigns the private IP using DHCP.

Is failover needed? Is failover supported for Microsoft Azure?

Although the risk for downtime is much lower within Azure, it is still possible to need a failover appliance. Failover is supported in Azure; however, IP sharing does not work with Azure networking. A DNS swing is needed to failover to a backup appliance.

Do I need a static IP for my BeyondTrustSRA Virtual Appliance?

Assigning a static IP is the easiest way to ensure there are not any DNS issues across reboots and also to make sure any integration points that require an IP address work properly. However, assigning a CNAME record for your SRA Virtual Appliance's DNS entry should suffice for most deployments.

General Issues

Can an evaluation SRA Virtual Appliance be converted to production?

Yes, the existing SRA Virtual Appliance can be converted to production.

Once the SRA Virtual Appliance licenses are purchased, BeyondTrust Technical Support builds an uninstall package for the evaluation SRA Virtual Appliance and an installation package for the production SRA Virtual Appliance.

If you created security providers and user accounts on the evaluation SRA Virtual Appliance, create a backup via /login > management and restore this backup to the production SRA Virtual Appliance.

Can available resources be modified?

It is possible to add additional resources to a BeyondTrust SRA Virtual Appliance, and it is possible to decrease available memory and CPU cycles; however, it is not possible to decrease available storage safely, and none of the above should be done when the appliance is powered on. After shutting down the appliance and making your changes, the SRA Virtual Appliance should recognize the changes upon next boot.

SRA Virtual Appliances have either two or three virtual hard disks, depending on which configuration was selected during deployment: Small, Medium, or Large. Small and Medium deployments have two disks, while Large deployments have three. The first disk is used for the root of the operating system in all three cases while the second disk is used for /login site data and recordings in Small and Medium deployments.

In Large deployments, recordings are moved from the second disk to the third. If your SRA Virtual Appliance was originally deployed with two virtual hard disks, you can add a third later, and the appliance automatically stores session recordings on the third disk. The appliance cannot use more than three disks.

  1. Shut down the BeyondTrust SRA Virtual Appliance.
  2. Adjust the RAM and/or CPU allocation and/or increase the disk space using VMware.
  3. Power on the BeyondTrust SRA Virtual Appliance.

Can the SRA Virtual Appliance fail over to a slower storage tier?

Organizations may choose to present storage to SRA Virtual Appliances by means of tiered storage in a SAN. "Fast-tier 1" storage typically refers to arrays which employ SSD technology for frequently accessed data, and "slow" storage typically refers to data placed on technologies such as SAS, NL-SAS, or SATA. Either of these work with BeyondTrust, but certain storage configurations are not supported when using two appliances in failover.

In cases where the primary SRA Virtual Appliance has storage in SSD / tier-1 storage, these rules apply to the backup appliance:

  • Large SRA Virtual Appliances must be provisioned with storage of the same tier.
  • Small and Medium SRA Virtual Appliances may have lower tier storage if it is backed by 10K or 15K disks.
  • No backup SRA Virtual Appliance may have less than 10K / 15K disk storage speed.

The exact specs for Small, Medium and Large are described in the product specific deployment sections of this document. It is important to note that BeyondTrust does not require any particular tier for a SRA Virtual Appliance to boot and function in isolation. Tiered storage becomes a concern only when two appliances are used in failover.

Is cloning SRA Virtual Appliances supported?

After a BeyondTrust SRA Virtual Appliance is installed in an ESX or ESXi environment, the administrator may wish to clone the appliance. Cloning a virtual machine creates a duplicate of the virtual machine with the same configuration and installed software as the original. This feature of ESX and ESXi is not supported by the BeyondTrust SRA Virtual Appliance at this time.

Does the SRA Virtual Appliance support vCenter Site Recovery Manager (SRM)?

vCenter's Site Recovery Manager (SRM) builds off of vSphere Replication to provide disaster recovery. Administrators running BeyondTrust in a vCenter system may be interested in leveraging this with BeyondTrust SRA Virtual Appliances. While BeyondTrust is expected to work with vCenter SRM, restoring from a replication like this would appear to the appliance like pulling the power cable, so there would be a risk for file system corruption, which may result in potential data loss.

 

Open Source Software Acknowledgments

For information on open source software copyrights and acknowledgments used in BeyondTrust hardware and software products, please see the Attributions index.