DocumentationAPI ReferenceRelease Notes
Documentation
Start typing to search…

Long description: BeyondInsight U-Series architecture

Primary Appliance Overview

At the center is the primary U‑Series appliance, containing multiple components:

Discovery Agent

Positioned at the upper left inside the appliance. It connects to external Asset & User Discovery and Customization Automation services.

  • Discovery uses All Ports.
  • Events are sent to the Event Collector using TCP 443.

Password Safe Service

Located beneath the Discovery Agent.

  • Interacts with SQL Server on SQL ADO Port 1433.
  • Sends and receives policy information.
  • Provides Password Sync connections to managed systems.

SQL Server (BI Databases)

  • Positioned centrally.
  • Connected to the Password Safe Service and Session Monitoring Proxy Service using SQL ADO Port 1433.

Session Monitoring Proxy Service

  • Located below the SQL server.
  • Connects outward to Terminal Services, SSH Daemons, RDP Clients, and SSH Clients.

Event Collector

At the top center.

  • Receives events from Discovery Agent on TCP 443.
  • Communicates with the Central Policy Engine on TCP 10001 (V1) or TCP 443 (V2).

Central Policy Engine

Positioned on the right within a large stack representing server-side management components.

Includes layers for Manager Engine, BeyondInsight Management Console, Internet Information Services (IIS), and BeyondInsight Reporting & Analytics.

BeyondTrust Updater Client

Connected from the policy stack toward the right side, interfacing with external update servers.

High Availability (Secondary Appliance)

Located outside the primary appliance on the left.

Communicates with the primary using:

  • Heartbeat over SSL 443
  • Sync over TCP 5022

Managed Systems and Protocols

At the bottom of the image are three groups of managed endpoints:

Windows (User & Service Accounts)

  • Communicates through WMI TCP 135, DCOM TCP 1024–65,536, NetBIOS 139 and 445, and ADSI 389.
  • Connects to the Password Safe Service for password sync.
  • Labeled SAM for Security Account Manager.

UNIX / Linux (SSH)

Connects using SSH TCP 22.

Databases (Microsoft and Oracle)

  • Connects using MS SQL 1433 and Oracle 1521.
  • All three categories feed upward into Password Safe via dotted arrows labeled Password Sync.

Session Access Components

Connecting upward to the Session Monitoring Proxy Service:

  • Terminal Services (Windows) on TCP 3389
  • RDP Client labeled under an icon of a Windows machine
  • SSH Daemon on TCP 22
  • SSH Client on TCP 4422
  • Web Browser connecting using HTTPS Port 443
  • Supports automatic connection file downloads
  • Supports RDP and SSH session initiation

Internet and Updates

On the far right:

  • Solution Updates cloud icon labeled “Internet.”
  • BT Updater component connects to the appliance via SSL 443 and handles license keys.
  • Email notifications are sent using SMTP TCP 25.

Data and Policy Flows

The diagram uses arrows and dotted lines to indicate:

  • Discovery, events, and policies flowing between agents and central engines.
  • Password sync communication downward toward managed systems.
  • Session monitoring and remote access communications upward toward the appliance.
  • External update communication to and from the Internet.
  • Central Policy Engine coordinating with the management console and reporting.

Updated about 1 month ago

©2003-2026 BeyondTrust Corporation. All Rights Reserved. Other trademarks identified on this page are owned by their respective owners. BeyondTrust is not a chartered bank or trust company, or depository institution. It is not authorized to accept deposits or trust accounts and is not licensed or regulated by any state or federal banking authority.