DocumentationRelease Notes
Log In
Documentation

Features and services

Suggest Edits

Configure U-Series Appliance features

From the Features and Services > Appliance Feature Configuration page, you can select U-Series Appliance features if you deploy more than one U-Series Appliance to scale BeyondInsight in larger networks. Features must be selected for at least one of the U-Series Appliances.

The features are listed as read-only initially. Click Change Configuration to enable to ability to turn features on and off and configure feature settings where applicable.

ℹ️

Note

When you turn features on and off, any dependencies or conflicts that exist between features are displayed. The Save Configuration button is available only after dependencies and conflicts are resolved.

Feature descriptions

BeyondInsight Management Web Console

The BeyondInsight Management Web Console is a web application where administrative users can log in, view dashboards, manage assets, create and configure Smart Rules, and make most configuration changes.

BeyondInsight Manager Engine

This is the processor for BeyondInsight. Enabling this, enables BeyondInsight Management Web Console, BeyondInsight Omniworker Service, BeyondInsight Database Access, and SQL Server Database, if they are not already enabled.

BeyondInsight Omniworker Service

The BeyondInsight Omniworker is a worker node that manages task queues. It processes background tasks involved in the operation of BeyondInsight and Password Safe, including the regularly scheduled rotation of passwords. Turn on this service when your environment uses more than one U-Series Appliance. Adding worker nodes allows your solution to scale up to meet the demands of your organization.

BeyondInsight Database Access

BeyondInsight Database Access is a foundation on which many other features rely. Turning off BeyondInsight Database Access also turns off BeyondInsight Event Collector, BeyondInsight Omniworker Service, BeyondInsight Management Web Console, and Password Safe Web Portal, when they are on.

This feature provides the settings for the locally installed software products to connect to the BeyondInsight database. Depending on your solution architecture, you may be using a local database, a remote database on another appliance, a SQL Server Always-On Availability Group, or an Azure SQL Cloud Database.

When configuring a local database, select an authentication method. When you select SQL Server Authentication, SQL Server Username is populated with the same user name used in the U-Series Appliance Deployment & Configuration wizard during your initial appliance setup. The account is created with least privilege.

To use an existing remote database, you must import a password protected crypto key from the appliance running the BeyondInsight Management console that created the database.

The BeyondInsight configuration provides the same least privilege SQL Server account during the database configuration.

To create a new remote BeyondInsight database:

  1. Click the Remote option for Database Settings.
  2. If using an external SQL Server:
    • Enter the IP address for Server Name and provide the Database Name.
    • Enter the username and password to connect to the SQL Server. An external SQL Server must have SQL Authentication enabled.
  3. Click the toggle to enable the Create a BeyondInsight Database option in the Create the Remote Database section.
  4. Enter SQL Administrator username and password. This credential must have sufficient permissions to create a database and to create a user for that database.
  5. Enter the BeyondInsight Administrator username and password.
  6. Leave the default Database Connection Settings, or update these if required.
  7. Click the toggle to enable the Multi-subnet Failover setting. Multi-subnet failover allows for failover across multiple subnets when using an SQL always-on database cluster.
  8. To ensure a connection to the database server can be established, click Test Connection.
  9. Click Save Configuration.

ℹ️

Note

Database creation can take up to an hour to complete.

ℹ️

Note

For more information, please see Download and Upload a Crypto Key

BeyondInsight Event Collector

The BeyondInsight Event Collector is responsible for forwarding information gathered from scanners and endpoint protection agents, and forwarding policy for BeyondTrust integrations.

To enable the BeyondInsight Event Collector feature, select the BeyondTrust service that will be responsible for sending events between components. You can use BeyondInsight AppBus Service or Event Server. Event Server is preferred for enterprises and can manage a greater load of data than AppBus. The default port for Event Server is 21690. After selecting which service to use, click Apply Changes.

ℹ️

Note

An event server can be deployed on its own to scale up your solution or to facilitate communication with specific network segments.

BeyondInsight Unix & Linux

BeyondInsight for Unix & Linux (BIUL) is a web-based tool that you can use to manage software for AD Bridge, Privilege Management for Unix & Linux, Privilege Management for Unix & Linux Basic, and Solr.

Turn on the BeyondInsight Unix & Linux feature to configure a database connection for BeyondInsight for Unix & Linux.

BeyondInsight for Unix & Linux conditionally requires the SQL Server Database feature. Turning on BeyondInsight for Unix & Linux may turn on SQL Server Database if it is not already on. Some configuration may be required.

ℹ️

Note

The role is available only when BeyondInsight for Unix & Linux is installed and can be enabled with a local or remote database.

For a local database, enter a username and password for SQL Server. The account is created if it doesn't already exist. A SQL Server account is required for BeyondInsight for Unix & Linux to access the database.

To set up a remote database:

  1. Add the server name where the database resides.
  2. Optionally, enter the name of the SQL Server instance.
  3. Enter a port number to communicate to the server.
  4. Add the name of the BeyondInsight for Unix & Linux database, and the username and password. The remote database must already exist on the remote host.
  5. Click Test Remote Connection Settings to verify the connection to the remote database.

Once the feature is enabled, you must configure BeyondInsight for Unix & Linux. The BeyondInsight database is added to backup and restore functions and is included with high availability database synchronization.

BeyondTrust Discovery Agent

The BeyondTrust Discovery Agent is a service packaged with BeyondInsight. By default, the agent runs on the appliance where BeyondInsight is installed.

Select BeyondTrust Discovery Agent to activate the agent.

Set the event service (local or remote) and the authentication method.

  • Appliance on version 4.3: The only authentication method is OAuth Authentication.
  • Appliance on an earlier version: The authentication method is Certificate + User Authentication. If you are working on BeyondInsight 24.2 and database version 24.2.0.150 or later, then you can select OAuth Authentication.
  • Appliance upgraded from an earlier version to 4.3: Displays both authentication types.

Password Safe Web Portal

The Password Safe web portal is where end users log in to perform tasks, such as making and approving password requests, accessing remote systems and applications, and managing recorded sessions. Additional Password Safe portals can help you reach geographically diverse users, or scale up to serve higher volumes. Turn on this role to activate services needed to run the Password Safe web portal.

ℹ️

Note

This feature is available only when a Password Safe license is applied.

ℹ️

Note

Turning off Password Safe Web Portal also turns off the Session Monitoring Archive feature, if it is on.

Session Monitoring Archive

Session Monitoring Archive allows you to configure the transfer of session monitoring files from this appliance to an external data repository. This prevents filling the local storage.

ℹ️

Note

Session Monitoring Archive requires the Password Safe Web Portal feature. Turning on Session Monitoring Archive turns on Password Safe Web Portal, if it is not already on.

BeyondTrust Updater

The BeyondTrust Updater Service provides updates for all BeyondTrust managed products. This feature can be disabled for troubleshooting purposes, but otherwise should always be enabled. Specific product updates can be managed by configuring the settings in the BeyondTrust web application.  You can click the link to access BeyondTrust Updater Settings.

Privilege Management for Desktops

Configure a connection to Privilege Management for Desktops.

SQL Server Database

This feature controls the local database service, and allows you to enable external access if you are using this appliance as a database server. This feature cannot be enabled on SQL-Free appliances. Check the TCP/IP Database Connections option to allow database access from remote computers. If you are using your SQL Server deployment, no action is required.

SQL Server Analysis Services

SQL Server Analysis Services is the analytical data engine behind BeyondInsight Analytics & Reporting. It hosts the data cube (evolution of data over time) and provides data for reports generated by SQL Server Reporting Services.You can click the link to run BeyondInsight Analytics & Reporting.

ℹ️

Note

This role is available only if you use BeyondInsight Analytics & Reporting.

SQL Server Reporting Services

SQL Server Reporting Services is the reporting engine behind BeyondInsight Analytics & Reporting. It generates reports from data in the BeyondInsight database and data processed by SQL Server Analysis Services .If you use BeyondInsightAnalytics & Reporting to render reports, the service must run locally. Turn on this feature to run the service locally when using a remote database.

Endpoint Privilege Management (EPM) Event Collector

The EPM Event Collector processes information gathered from EPM agents. It is dependent on the BeyondInsight Event Collector, which first receives the incoming events and forwards them to the EPM Event Collector for processing. The EPM Event Collector requires the EPM Database Access and BeyondInsight Event Collector features to be enabled, which requires BeyondInsight Database Access.

Endpoint Privilege Management Database Access

Select one of the following options for database settings for EPM:

  • Single Appliance using the Local Database:
    • Select this option if this is the only appliance in your environment. This option applies the configuration for EPM using the SQL Server configured on this local appliance.
    • Enter SQL credentials for the EPM Event Collector and PMR Report Reader.
  • Multi-node deployment using the Local Database:
    • Select this option if you have more than one appliance deployed in your environment and SQL Server is configured on this local appliance.
    • Select this local appliance from the Server Name dropdown. It must be the FQDN or IP address of this appliance (not localhost).
    • Enter SQL credentials for the EPM Event Collector and PMR Report Reader.
  • Remote Privilege Reporting Database:
    • Select this option if you have more than one appliance deployed in your environment and the BeyondInsight and EPM databases are on remote SQL Servers. This option saves the connection details to the remote BeyondInsight database.
    • Enter the FQDN or IP address of the remote server where the EPM database exists.
    • The EPM database must already exist on the destination server.
    • Enter the SQL credentials provided by your database administrator to connect to the EPM Event Collector and PMR Report Reader.
    • Test the connection settings.

Privilege Management Reporting

Endpoint Privilege Management Reporting includes a rich set of dashboards and reports designed to simplify the centralized management and auditing of EPM activity throughout the desktop and server estate. This feature is separate from and unrelated to BeyondInsight Analytics & Reporting. This feature requires the EPM Database Access feature.

Endpoint Privilege Management Web Policy Editor

The EPM Web Policy Editor allows you to view, unlock, edit, and lock existing EPM policies, as well as create new policies directly from the BeyondInsight console, eliminating the need to use a standalone policy editor. This feature requires the BeyondInsight Database Access feature.

Monitor services and hardware

The U-Series Appliance periodically checks the running state of the services to make sure that they are in the expected state, considering the current features that are set. Additionally, alerts can be triggered when the service control manager raises errors, such as when a service fails to start or terminates unexpectedly.

The U-Series Appliance also monitors the hardware. Alerts can be triggered when an error is raised by Dell OpenManage monitoring software.

Enable service alerts

Turning service alerts on determines whether or not to generate alerts that might be emailed to an administrator or forwarded to BeyondInsight. Enable service alerts as follows:

  1. From the left sidebar, under Features and Services, click Service Status.
  2. Toggle the Generate Service Alerts switch to ON.

Check services

You can manage U-Series Appliance services, as follows:

  1. From the left sidebar, under Features and Services, click Service Status.
  2. Click the vertical ellipsis to the right of the service:
    • Select Start to start a stopped service
    • Select Stop or Restart to restart a running service.

Configure counters for performance metrics

You can configure the threshold values for performance metrics. When the threshold is exceeded, email alerts are sent to the email accounts configured on the Configure Notifications page.

For example, you might not want CPU usage over 50% for too long. In this case, you might set the thresholds to:

  • Low: 50
  • Medium: 65
  • High: 70
  • Threshold Duration: 10 minutes

If the running average reads at 52%, then a low level alert is sent.

After a counter alerts at a certain level, it does not generate further alerts for that level (or below) until it is reset. An alert is considered in a reset state when the average is below the reset threshold for the specified time span.

If a metric in an alerted state goes below the configured reset threshold for the specified time, the alert is cleared, and a reset alert is generated. At this point, the performance counter receives alerts if it exceeds the threshold again.

  1. From the left sidebar, under Features and Services, click Performance Counters.
  2. Select notification settings:
    • Generate Alerts When The Average Value Of A Counter Exceeds Its Configured Threshold: Turns on email notification for alerts.
    • Generate Daily Summaries of Performance Data For Base Counters: Collects performance metrics every two hours and emails them on a daily basis.
  3. By default, the following five base counters are enabled. You may enable additional counters by checking the box next to the counter:
    • CPU Overall Usage
    • RAM Usage
    • SQL Server CPU Usage
    • SQL Server Memory %
    • Disk % Used
  4. Adjust the performance and reset thresholds.
  5. Click Apply Settings.

Download log files

Downloading log files is typically done when troubleshooting a recent issue.

Download individual log files

To download individual log files:

  1. From the left sidebar, under Features and Services, click Appliance Logs.
  2. At the right of a log entry, click the Download Log button.

Download all log files

ℹ️

Note

The "download all" process includes the last three months of logs.

To download all log files:

  1. From the left sidebar, under Features and Services, select Appliance Logs.
  2. At the top right of the log entries list, click the Download All icon.

Updated 15 days ago

©2003-2025 BeyondTrust Corporation. All Rights Reserved. Other trademarks identified on this page are owned by their respective owners. BeyondTrust is not a chartered bank or trust company, or depository institution. It is not authorized to accept deposits or trust accounts and is not licensed or regulated by any state or federal banking authority.