Prerequisites for the BeyondTrust Remote Support Integration with Salesforce
You must purchase this integration separately from both your BeyondTrust software and your Salesforce solution. For more information, contact BeyondTrust sales.
Outlined below are requirements for the BeyondTrust integration with Salesforce.com. If any of the integration requirements are not yet met, they must be in place prior to starting the integration setup process unless the associated features of the integration are not required.
As of summer 2016, Salesforce.com now supports a new user interface called Lightning. This interface is vastly different from the classic Salesforce.com interface. For the purposes of this installation guide, we advise that you switch to the classic Salesforce.com user interface, and we assume that you are using that interface to complete the installation of this integration. This guide discusses the Lightning UI only in a few locations.
Base Integration Requirements
- Secure Remote Access Appliance (physical or virtual) with:
- BeyondTrust Remote Support: 14.2.x and newer
- At least one usable representative console which can generate session keys
- A working BeyondTrust public site through which users can connect to representatives
- Network firewall rules to allow:
- TCP 443 traffic from the Secure Remote Access Appliance to reach the appropriate Salesforce.com instance
- TCP 443 traffic from the appropriate Salesforce.com instance to reach the Secure Remote Access Appliance
- A working Salesforce.com instance.
It is important to test all requirements of the integration prior to beginning setup. Most of these can be tested by the BeyondTrust and Salesforce.com administrators within their respective systems, but to test the network firewall, the BeyondTrust admin should take the following steps to confirm that the necessary rules are in place:
- Log into a machine either external to the Secure Remote Access Appliance's network or in the same VPN as the Salesforce.com instance, depending on how Salesforce.com connects to the appliance's network.
- Log into the Secure Remote Access Appliance's /appliance interface.
- Browse to Support > Utilities :: TCP Connection Test.
- Enter the hostname of the Salesforce.com instance, enter the port number of 443, and click Test. The result should be a Connected status message.
Do not enter the protocol of the Salesforce.com instance (e.g., https://salesforce.example.com/). Instead, use the fully qualified domain name only (e.g., salesforce.example.com). In most environments, the Secure Remote Access Appliance resides in a DMZ network and has a public DNS address, which Salesforce.com contacts over the public internet. In some environments, BeyondTrust is not publicly accessible. In these cases, you should communicate with your technical contact about implementing a VPN connection to your internal network for Salesforce.com.