Introduction to Data at Rest Encryption with BeyondTrust Remote Support


BeyondTrust Remote Support's (RS) data at rest encryption allows organizations to use their existing key management solution to encrypt their BeyondTrust configuration, text-based session audit history, and session recordings for on-premises or cloud-based BeyondTrust RS deployments. With BeyondTrust RS's data at rest encryption feature, organizations can comply with data encryption policies put forth by your organization's Information Security team.


  • Secure Remote Access Appliance1Secure Remote Access Appliance is used interchangeably to refer to both on-premises and cloud deployments. must be using BeyondTrust Base version 5.0 or above.
  • The key management solution must support Key Management Interoperability Protocol (KMIP) version 1.0 or above.
  • For cloud deployments, BeyondTrust Cloud must be able to access the KMIP server over port 5696.
  • A root Certification Authority (CA) certificate must be provided by the KMIP server.
  • A client Transport Layer Security (TLS) certificate that defines the KMIP user account to be used for authentication, which must be provided by the KMIP server and uploaded to the Secure Remote Access Appliance.