Cloud network infrastructure

What is the Cloud network infrastructure?

The Cloud network infrastructure guide explains how BeyondTrust Secure Remote Access operates within the Secure Remote Access Cloud instance to ensure secure and efficient communication between application components. The application uses the Secure Remote Access Cloud as a central routing point, where all user and remote system sessions occur through the server components of the B Series Appliance.

How is it useful to my organization?

Understanding the network infrastructure helps your organization configure Secure Remote Access to align with corporate policies and regulations by leveraging advanced security features such as role-based access control, secure password enforcement, and comprehensive audit trails. It enables seamless remote control by establishing outbound connections from endpoint systems to the Secure Remote Access Cloud instance, facilitating secure and reliable operations even through firewalls. By understanding this infrastructure, your organization can enhance security and maintain compliance while ensuring smooth remote support operations.

Review BeyondTrust Appliance B Series network infrastructure

Each Secure Remote Access Cloud site comes with a subdomain of the BeyondTrust cloud DNS address, such as yoursite.beyondtrustcloud.com. If customers prefer to use their company web address with their own SSL certificate, they can use a Canonical Name (CNAME) record to point their default site address to the preferred address.

Since this site accesses the /login interface, a simple yet descriptive name is the best practice. For example, a company named Smithson might use access.smithson.com for their CNAME record.

Review sample firewall rules for cloud deployments

Below are example firewall rules for use with Secure Remote Access Cloud, including port numbers, descriptions, and required rules.

Use BeyondTrust Atlas in the cloud

Similar to BeyondTrust Atlas Technology, Atlas in the Cloud is intended for large enterprise customers performing more concurrent sessions than can be effectively or efficiently handled by a single existing B Series Appliance model. This allows an organization to be effectively dispersed over different geographical locations and to access endpoints globally.

Creating a clustered Secure Remote Access environment introduces new terminology: the primary and traffic node concept. The primary node serves as the main point of configuration for the site and also serves as the session initiation point of presence for the entire Secure Remote Access site.

All configuration of the site is handled on the primary node. Even though a cluster consists of multiple B Series Appliances, the /login administrative interface resides on the primary node and propagates most configuration settings to the traffic nodes automatically.

ℹ️

Note

Atlas in the Cloud deployment is handled by BeyondTrust instead of the client.

To access Atlas in the Cloud go to /login > Management > Cluster. From here you can view:

• Current Status: Confirms the role of the site instance from which you accessed the page.
• Primary Node(s): Displays a list of the primary nodes available.
• Traffic Nodes: You can view traffic nodes, but you cannot add, edit, or delete them. You also cannot turn traffic nodes on or off. Traffic nodes use (customerID)-region.beyondtrustcloud.com for routing, which is controlled by the B Series Appliance, not the customer. Customers only control the primary node name/URL.
• Maximum Client Fallback to Primary: Allows the number of clients set to fall back to using the primary for traffic control if necessary.

While most of this page is read-only, you are able to perform a cluster data sync by clicking the Sync Now button. This ensures that the traffic nodes all have the same configuration.

ℹ️

Note

For more information, please see the Atlas cluster user guide.