Use Jump Clients to Access Unattended Computers
To access an individual computer without end-user assistance, install a Jump Client on that system either from within a session or from the Jump Clients page of the administrative interface. Your account settings determine what Jump Item permissions you have, including which Jump Groups you can access and which types of Jump Items you are allowed to use.
Sort Jump Clients
To facilitate browsing the Jump Clients list, you may drag the columns into any order you wish, and then sort a column by clicking the column header. The representative console remembers the column order and the sort order the next time the representative console is launched.
Search for a Jump Client
In addition to browsing for Jump Clients, you can search based on multiple fields. Enter a string in the search field and then press Enter. To change the fields you are searching, click the magnifying glass and check or uncheck any of the available fields. Searchable fields include Comments, Console User, Domain, FQDN, Group, Hostname/IP, Jump Method, Last Accessed, Name, Private IP, Public IP, Status, Tag, and Workgroup.
Jump Client Details Pane
When you select a Jump Client, a details pane appears to the right of the Jump interface. Which details are shown here is determined by the Jump Client Statistics setting in the /login interface as well as by the remote operating system.
If a Jump Client goes offline and does not reconnect to the B Series Appliance for the number of days set by the Jump Client Settings in the /login interface, it is labeled as lost. No specific action is taken on the Jump Client. It is labeled as lost only for identification purposes, so that an administrator can diagnose the reason for the lost connection and take action to correct the situation. In the details pane, you will see the scheduled deletion date if the Jump Client does not come back online.
After a software update, Jump Clients update automatically. The number of concurrent Jump Client upgrades is determined by settings on the /login > Jump > Jump Clients page. If a Jump Client has not yet been updated, it is labeled as Upgrade Pending, and its version and revision number appear in the details pane. While you can modify an outdated Jump Client, you cannot Jump to it. Attempting a Jump does, however, move that Jump Client to the front of the upgrade queue.
Wake-On-Lan (WOL) allows you to remotely turn on or wake up machines configured for WOL from BeyondTrust. In a configured environment, customers can power off their machine but still receive BeyondTrust support, if needed.
WOL is not a BeyondTrust technology. The BeyondTrust software integrates with existing WOL systems. To use WOL through BeyondTrust, the system must have WOL enabled, and the network must allow WOL packets to be sent.
To enable support for WOL in BeyondTrust, turn on the WOL setting in the administrative /login interface under Jump > Jump Clients. When enabling the WOL option, keep the following items in mind:
- WOL does not work for wireless clients. A wired network connection is required.
- WOL is supported by the underlying system hardware, which is independent of the installed OS.
- WOL is supported only by active Jump Clients. Passive Jump Clients, Jumpoints, and Local Jump from representative consoles do not support WOL.
To wake an active Jump Client using WOL, right-click an existing Jump Client from within the representative console. Attempt to wake the system by clicking the Attempt to wake up a Jump Client option.
The wake option is only available when selecting a single Jump Client. It is not available when multiple Jump Clients are selected.
WOL packets are sent from other Jump Clients residing on the same network as the target machine. When an active Jump Client is installed or checks-in, it registers its network information with the B Series Appliance, and the B Series Appliance uses this information to determine which Jump Clients are on the same network.
Once attempting to wake up a selected Jump Client, the WOL option greys out for 30 seconds before being able to attempt to send another wake up request. If no other Jump Clients are available on that same network to send WOL packets to the target machine, the rep receives a message indicating that no other Jump Clients are available on the network. When sending a WOL packet, the rep has an advanced option to provide a password for WOL environments requiring a secure WOL password. A WOL packet is a one-way packet, and no confirmation of success is given to the rep besides seeing the client come online in the representative console.
Copy Jump Items
Jump Items can be copied and can belong to multiple Jump Groups. This includes Jump Client items, providing administrators with the ability to set separate policies and group permissions without requiring an additional Jump Client installation on the target endpoint. Users with the appropriate permissions see the option to Copy Jump Items in the Representative Console by right-clicking the item. Users can perform this function on multiple Jump Items as well.
This feature enables admins and users to effectively manage different policies for Jump Items and Jump Clients without the need to create a new Jump Item. This functionality enables users to limit the number of clients necessary to enable Jump Client sessions, and limits manual administrative tasks when defining access pathways for users.
Jump Client Properties
Organize and manage existing Jump Items by selecting one or more Jump Items and clicking Properties.
Enter a Name for the Jump Item. This name identifies the item in the session tabs. This string has a maximum of 128 characters.
Change a Jump Client's mode from the Connection Type dropdown. Active Jump Clients send statistics to the B Series Appliance on a defined interval. Passive Jump Clients send statistics to the B Series Appliance once a day or upon a manual check in. Based on the options your administrator sets, these statistics can include the remote computer’s logged-in console user, operating system, uptime, CPU, disk usage, and a screen shot from the last update.
Once a Jump Client has a password set, its icon shows that it is locked, and its screen shot is also locked. In order to Jump to a locked Jump Client, you must provide its password. Also, you must provide the password to remove a locked Jump Client via the Jump Client interface; you do not need the password to unpin from within a session, as you would already have provided the password to Jump into the session.
If Starts Quietly is checked, the customer client does not take focus and remains minimized in the taskbar or dock when a session is started.
Move Jump Items from one Jump Group to another using the Jump Group dropdown. The ability to move Jump Items to or from different Jump Groups depends upon your account permissions.
Further organize Jump Items by entering the name of a new or existing Tag. Even though the selected Jump Items are grouped together under the tag, they are still listed under the Jump Group in which each is pinned. To move a Jump Item back into its top-level Jump Group, leave this field blank.
Select the Public Portal through which this Jump Item should connect. If a session policy is assigned to this public portal, that policy may affect the permissions allowed in sessions started through this Jump Item. The ability to set the public portal depends on your account permissions.
Jump Items include a Comments field for a name or description, which makes sorting, searching, and identifying Jump Items faster and easier.
To set when users are allowed to access this Jump Item, choose a Jump Policy. These policies are configured by your administrator in the /login interface.
Choose session policies to assign to this Jump Item. Session policies assigned to this Jump Item have the highest priority when setting session permissions. The Customer Present Session Policy applies when the end user is determined to be present. Otherwise, the Customer Not Present Session Policy applies.
The way customer presence is determined is set by the Use screen state to detect Customer Presence Jump Item setting in the /login interface. When enabled, a customer is considered present only if a user is logged in, the system is not locked, and a screen saver is not running. When disabled, a customer is considered present if a user is logged in, regardless of the screen state. Customer presence is detected when the Jump Item session starts. The session policy used for the session does not change throughout the session, regardless of any changes in the customer's presence while the session is in progress. The ability to set a session policy depends on your account permissions.
When pinning a Jump Client from within a session and customizing its properties beforehand, you also have the option to set when the Jump Client expires. This can be never, at a specific time and date, or after a certain length of time. An expired Jump Client automatically uninstalls from the remote system and is removed from the list in the Jump Client interface.
If you no longer need access to a remote system, select the Jump Client and click the Remove button, or right-click the Jump Client and select Remove from the menu. You may select multiple Jump Clients to remove them all at the same time.
If the remote user manually uninstalls a Jump Client, the deleted item is either marked as uninstalled or completely removed from the list of Jump Items in the representative console. This setting is available at /login > Jump > Jump Clients. If the Jump Client cannot contact the B Series Appliance at the time it is uninstalled, the affected item remains in its offline state. If a Jump Client goes offline and does not reconnect to the B Series Appliance for 180 days, it is automatically uninstalled from the target computer and is removed from the Jump interface.
The maximum number of Jump Clients available to an RS Virtual Appliance is based on allocated resources.
Use Jump Clients to Access Unattended Android Devices
A persistent connection can be established with a Samsung or Zebra Android device by pinning a Jump Client to the device. This provides the ability to have unattended support sessions. You can deploy Jump Clients using either of the methods below.
Bandwidth usage and battery life are minimally affected by establishing a persistent connection.
Persistent connections to an unattended Android device can occur only when the devices have both the BeyondTrust Support Client and BeyondTrust Jump Client App installed from the Google Play Store.
For more information, please see Download the BeyondTrust Support Client and BeyondTrust Jump Client Apps.
Pin an Android Jump Client from the Representative Console
- While in a support session with the Android device, click on the Pin as Jump Client icon.
- After pinning, the Android device appears as a Jump Item in the Jump Item list. If the Pin a Jump Client icon is gray, the Android Jump Client is not installed on the Android device.
- Meanwhile, the BeyondTrust Jump Client app on the device displays the client as pinned, with a date and timestamp.
Options are available for the Jump Client to be disabled if the device relies on battery power or on data to connect.
Email a Link from the /login Interface to Install and Android Jump Client
- From the /login interface, navigate to Jump > Jump Clients > Jump Client Mass Deployment Wizard.
- Complete the information needed for your Jump Client, such as Jump Group, Public Portal, etc.
- Click Create.
- From the Download or Install the Client Now section, choose Android as your platform.
- Verify that the BeyondTrust Jump Client app is installed on the Android device. If not, navigate to the Google Play App store to download the app.
- To download the Jump Client to the device, open a browser on the Android device and go to the URL provided by the Mass Deployment Wizard.
You can also email the URL to the Android device by clicking on the Email link located in the Deploy to Email Recipients section.
Android prevents the application from being fully functional until the user opens the app at least once. This should be done after the application has been installed, and before attempting to pin a session to it.