Deploy the BeyondTrust SRA Virtual Appliance into a Microsoft Azure Environment

Review Prerequisites for Microsoft Azure

You must have a Microsoft Azure account and environment, including Microsoft Azure Resource Manager (ARM), already configured.

For deployment via Microsoft Azure, make sure the following is in place prior to deployment:

  • A resource group.
  • A storage account with a VHDX container.
  • A VNET and subnet has been configured.

For deployment via Powershell, make sure the following is in place prior to deployment:

  • Powershell AZ module installed.
  • Powershell Hyper-V module installed.

For more information about installing and configuring the Azure PowerShell Module, please see Install and configure Azure PowerShell.

Deploy the SRA Virtual Appliance

To deploy the BeyondTrust SRA Virtual Appliance into a Microsoft Azure environment, follow the steps below:

Azure Email

  1. Open the email you received from BeyondTrust Technical Support and click the Click Here for your BeyondTrust Virtual Appliance (Hyper-V and Azure) link to download the file.
  2. Click BeyondTrust Remote Support-hyperv-azure.exe within your file browser to begin installation.
  3. If you receive a Security Warning prompt, click Run.
  4. Choose where you wish the files to be extracted. Click Extract.
  5. When extraction is complete, Deploy-AzBeyondTrustVM.ps1, Deploy- HyperVBeyondTrustVM.ps1, and BeyondTrust-br.v.2.vhdx files appear in the location you designated during the extraction process. A PowerShell script is provided to assist in the deployment of your B Series Appliance to Azure: Deploy-AzBeyondTrustVM.ps1. A second script, Deploy-HyperVBeyondTrustVM.ps1, is provided to assist with Hyper-V deployments, and should not be used to deploy to Azure. Deploy-AzBeyondTrustVM.ps1 uses the Az module. Right-click Deploy-AzBeyondTrustVM.ps1 and click Edit.

 

The PowerShell Script completed with variables from an Azure environement.

  1. Once the PowerShell script opens, locate STEP 1 and modify the following variables based on the specifics of your Microsoft Azure environment:
    • resourceGroupName
    • storageAccountName
    • location (westus, for example)
    • vnetName
    • subnetName

 

The vmName does not need to be changed.

The Storage Account used for storing the Azure Virtual Appliance must be General purpose v2.

     

    The PowerShell script lists different options for Azure environment sizing and allows you to comment in the size you desire.

  1. In the Deploy-AzBeyondTrustVM.ps1 script, set the value of $size to the desired deployment size of your SRA Virtual Appliance. The options are:
    • small
    • medium
    • large

For more information about sizes, please see Review License and Sizing Conditions.

 

  1. The Az module requires a subscription and tenant ID from Azure to deploy. Enter this information.
  2. Change optional variables as required for your Microsoft Azure environment.
  3. For US government accounts, set the value of $azureUSGovernment to $true.

 

The BomgarPAM_azure script running in Windows PowerShell.

  1. Save, then run the script in Windows PowerShell.

 

The login prompt for Microsoft Azure.

  1. When prompted, enter your credentials and sign into your Microsoft Azure account.
  2. Next, the system configures an MD5 hash, uploads the SRA Virtual Appliance into your Azure environment, and configures a public IP address for your BeyondTrust SRA Virtual Appliance.

 

Message in PowerShell indicating the RS Virtual Appliance is being uploaded into Azure.

 

The PowerShell window indicating the IP address for the RS Virtual Appliance.

  1. You are prompted to go to the IP address configured for your SRA Virtual Appliance. The message reads For Appliance administration, go to https://xx.xx.xx.xxx/appliance.

 

The BeyondTrust section allowing you to enter your Appliance License Key to register your appliance.

  1. On the /appliance page, enter your Appliance License Key provided in the email from BeyondTrust Technical Support. Click Save.
  2. To setup a persistent URL for your SRA Virtual Appliance, you can perform one of two options:
    • In the Azure console, set the SRA Virtual Appliance's external IP to static. Then assign your DNS entry to that external IP.
    • Apply a DNS name within Azure. Set a CNAME record pointed to that address.

For information about using BeyondTrust Vault with an Microsoft Azure Active Directory Domain Services Account, please see the Beyond Trust Vault Guide.