BeyondTrust Atlas Technology Prerequisites
In order to run a clustered Secure Remote Access Appliance environment, the following is required:
- Two B300, B400, or Virtual Appliances
These appliances act as the master nodes. One will be designated the primary master node and the other will be a backup master node. Both master nodes must match same appliance type: B300 to B300, B400 to B400, or Virtual Appliance to Virtual Appliance. Your need for scalability, capacity, and redundancy will determine appliance needs.
- Two B300/B400/Virtual Appliance traffic nodes per geographic region in a minimum of two regions
Traffic nodes can be a mix of B300, B400, and Virtual appliances.
Note, however, that mixing appliance types will yield unbalanced capabilities and potential workflow conflicts. Therefore, it is recommended that all appliances be the same model or type.
You will also need the following hostnames, at a minimum:
- Support site hostname
This is the hostname that customers will visit to initiate support. This hostname must route to the primary master node in the cluster.
- Canonical node hostnames
You must have a unique and unchanging hostname for each master and traffic node. For geographic deployments, consider using the geographic region as part of the hostname. These hostnames should be registered in both the internal and external DNS. Here is an example:
- Primary Master: master1.support.example.com
- Backup Master: master2.support.example.com
- Traffic Node 1: us-traffic1.support.example.com
- Traffic Node 2: us-traffic2.support.example.com
- Traffic Node 3: asia-traffic1.support.example.com
- Valid SSL certificate for the BeyondTrust support site and for each traffic node
It is recommended you use a valid third-party wildcard certificate that covers both your BeyondTrust support site name and each traffic node hostname. If a wildcard certificate is not used, adding additional traffic nodes that use different certificates may require a rebuild of the BeyondTrust software in order to provide support for mobile and Linux platforms.
- TCP port 443 open bi-directionally on all appliances
All appliances must be able to communicate over TCP port 443.