DocumentationRelease Notes
Log In
Documentation

Hosting locations and disaster recovery

Suggest Edits

ℹ️

Note

Public. For Information Purposes Only.

All customer data is confined to a dedicated instance of BeyondTrust allocated to their organization. The data resides in a siloed BeyondTrust instance and is not shared between customers.

Customers can choose their primary instance deployment location based on their geographic location and preference; US-based customer data always remains in the United States.

For non-US based customers, a list of sub-processors used to deliver the services can be referenced in Schedule 3 of BeyondTrust’s Data Processing Agreement (DPA).

From a hosting perspective within Microsoft Azure, Password Safe Cloud can be deployed to the Azure regions listed on the BeyondTrust Cloud Region Availability page.

ℹ️

Note

For more information on Data Processing Addendum, see BeyondTrust's Data Processing Agreement.

Microsoft Azure paired regions

Based on geographic location, the following are the Azure regional paired data centers available among the hosting locations provided by BeyondTrust:

Primary RegionPaired Region
Australia EastAustralia Southeast
Brazil SouthSouth Central US
Canada CentralCanada East
Central IndiaSouth India
Central USEast US 2
Germany West Central (Frankfurt)Germany North (Berlin)
Northern Europe (Ireland)West Europe (Netherlands)
Qatar CentralNo pair available
South Africa NorthSouth Africa West
Southeast Asia (Singapore)East Asia (Hong Kong)
Switzerland NorthSwitzerland West
UAE NorthUAE Central
UK SouthUK West

Microsoft Azure regions and availability zones

Each Azure region contains approximately three availability zones to provide customers with data redundancy within the cloud and to support disaster recovery functions. All locations are geographically dispersed to account for environmental issues that could impact the hosting locations. The following image depicts an Azure Region and how it works with the supporting Availability Zones:

A diagram depicting an Azure cloud infrastructure layout. It shows three availability zones (Availability Zone 1, Availability Zone 2, and Availability Zone 3) connected with diverse floor paths. The diagram also highlights the concepts of Azure Region, Azure Geography, and Disaster Recovery, emphasizing the architecture's redundancy and resilience.

Password Safe Cloud utilizes SQL databases and SQL servers, which serve as the primary storage for all aspects of the solution within the cloud environment. When the instance is created by BeyondTrust Support, backups are automatically scheduled and performed for transactional logs (every 5 to 10 minutes), differential backups (every 12 hours), and full backups (every week) to the SQL server. These backups are then stored in a read-access geo-redundant (RA-GRS) storage blob that is replicated to a paired data center within an availability zone within the customer's chosen Azure region. This aides in ensuring that the cloud instance has appropriate mechanisms in place for availability in the event of a data center outage.

When a database restoration is required, the service (Microsoft Azure) determines which full, differential, and transaction log backups need to be restored. The first full backup is scheduled immediately after a database is created. Each database has sufficient point-in-time restore coverage and long-term retention backup availability for comprehensive data restoration, if required.

ℹ️

Note

For more information, see Azure Regions.

What is geo-redundant storage?

Geo-redundant storage copies data synchronously three times within a single physical location in the primary region using Locally Redundant Storage. It then copies data asynchronously to a single physical location in a secondary region that is hundreds of miles away from the primary region. The image below depicts a representation of this process:

A diagram illustrating data replication between a primary region and a secondary region in a cloud architecture. It features two datacenters labeled "Primary region" and "Secondary region," each containing a storage account with three copies (Copy 1, Copy 2, Copy 3). The diagram highlights the use of (RA-)GRS (Read-Access Geo-Redundant Storage) for geo-replication, emphasizing the process of maintaining data redundancy across regions.

Data in the secondary region is not directly accessible to users or applications (read access), unless a failover occurs. The failover process updates the DNS entry provided by Azure Storage so that the secondary endpoint becomes the new primary endpoint for your storage account. During the failover process, your data is inaccessible. After the failover is complete, you can read and write data to the new primary region.

ℹ️

Note

For more information, see Microsoft Azure Resources.

BeyondTrust disaster recovery testing & procedures

Formal Business Continuity (BC) and Disaster Recovery (DR) plans have been implemented for the corporate and cloud environment as well as other defined categories related to personnel shortages and environmental disasters. This plan is aligned to ISO 22301, certified, and audited under ISO 27001 and SOC 2 Type II, reviewed by management, tested annually, and approved by BeyondTrust's GRC Committee.

Scenarios have been developed to ensure that our teams have considered various threats and situations when attempting to restore services within the cloud. Such scenarios include the team creating a single tenant instance and intentionally rendering the service inoperable. This allows for various methodologies to be tested, such as redeploying an instance and/or implementing the last known good backup within the service. All DR testing performed by BeyondTrust is conducted through virtualization to avoid impacting our customer's daily operations and the service.

Another component of the DR testing is from Microsoft Azure's perspective. Microsoft Azure is responsible for performing entire availability zone and Azure region restoration and migration. This information is independently validated as part of Microsoft's Compliance Program and reviewed by BeyondTrust as information becomes available. A copy of the hosting provider's SOC 2 Type II report and other compliance related documentation can be retrieved from the Compliance Program linked below.

It is important to note that BeyondTrust cloud operations only carries out the DR functionality in the event of a true failure. Our organization does not perform DR procedures to recover data from accidental customer deletions or errors.

ℹ️

Note

For more information, see Microsoft's Compliance Program.

Recovery time, recovery point objectives, and cloud uptime

BeyondTrust's Security Requirements states in _Section 12.1.2 of Business Continuity Management that our organization is required to update and test the BCP annually at a minimum and is also required to mitigate significant changes to information security risk. With that, recovery time and recovery point objectives are situation specific and will vary depending on the nature of the incident.

The Cloud Service Guide states in Section 4. Availability Service Level, subsection (4) that BeyondTrust's availability SLA for the service shall be 99.9% during a calendar month. From an historical standpoint (Q1 2022 to present), BeyondTrust has exceeded this SLA uptime averaging (99.997%) but is unable to commit to anything higher to due to these values reflecting the contractual commitments between BeyondTrust and Microsoft Azure.

ℹ️

Note

For more information, see:

Updated 4 days ago

©2003-2025 BeyondTrust Corporation. All Rights Reserved. Other trademarks identified on this page are owned by their respective owners. BeyondTrust is not a chartered bank or trust company, or depository institution. It is not authorized to accept deposits or trust accounts and is not licensed or regulated by any state or federal banking authority.