DocumentationRelease Notes
Log In
Documentation

Install a Jumpoint

Suggest Edits

Setup of a Jumpoint on a remote network is a multi-step process that includes configuring from the /login administrative interface, downloading the installer, and running the installation wizard.

Understand clustered Jumpoints

Before configuring a Jumpoint, it is important to understand the difference between clustered Jumpoints and stand-alone Jumpoints, because they have different feature sets and because a clustered Jumpoint cannot be converted to stand-alone, nor a stand-alone Jumpoint converted to clustered. A clustered Jumpoint allows you to install up to ten redundant nodes of the same Jumpoint on different host systems in the same local network.

A clustered Jumpoint is available as long as at least one of the installed nodes is online. This provides redundancy, preventing the failure of all Jump Items associated with the failure of a single, stand-alone Jumpoint, and improves load balancing across the system.

All configuration of clustered Jumpoints is done in /login, with no local configuration available on the local host either during or after the installation. This means that if you install a clustered Jumpoint, selecting the BeyondTrust Jumpoint Configuration item on the start menu of the Jumpoint host does not result in a configuration window, and only an About box is shown. Editing a clustered Jumpoint in /login loads the same configuration page that was used to create the Jumpoint. This means clustered Jumpoint configuration lacks the following options which are available to stand-alone Jumpoints:

  • Intel vPro
  • Shell Jump
  • TTL

Configure

  1. From the administrative interface, go to Jump > Jumpoint.
  2. Click Add.
  3. Create a unique name to help identify this Jumpoint. This name should help users locate this Jumpoint when they need to start a session with a computer on its same network.
  4. Set a code name for integration purposes. If you do not set a code name, one is created automatically.
  5. If you have a Password Safe integration, and the Jumpoint for External Jump Item Sessions selection is set to Automatically Selected by External Jump Item Network ID, on the /login Security page, enter the External Jump Item Network ID. This value is equivalent to the Workgroup attribute for managed systems in Password Safe. It is matched against the Network ID property of external Jump Items returned by the Endpoint Credential Manager to determine which Jumpoint handles the session.
  6. Add comments to help identify this Jumpoint.
  7. Select Windows for the Jumpoint Platform. Once the Jumpoint has been created, this option cannot be changed.
  8. Leave the Disabled box unchecked.
  9. Check the Clustered box, if appropriate. Once the Jumpoint has been created, this option cannot be changed.

ℹ️

Note

A clustered Jumpoint allows you to install up to ten redundant nodes of the same Jumpoint on different host systems on the same local network. If this option is selected, the Jumpoint will be available as long as at least one of the installed nodes is online. This provides redundancy, preventing the failure of all Jump Items associated with the failure of a single, stand-alone Jumpoint, and improves load balancing across the system. All configuration of clustered Jumpoints is done in /login, with no local configuration available during the install. Once created, a clustered Jumpoint cannot be converted to stand-alone, nor a stand-alone Jumpoint converted to clustered.

⚠️

Important

Jumpoint cluster nodes must be installed on hosts residing in the same local area network.

  1. If you want users to be able to connect to SSH-enabled and Telnet-enabled network devices through this Jumpoint, check Enable Shell Jump Method.

  2. From the Jumpoint edit page, you can authorize users to start sessions through this Jumpoint. After the Jumpoint has been created, you can also grant access to groups of users from Users & Security > Group Policies.

  3. If you check Enable Jump Zone Proxy, you can set up this Jumpoint to function as a proxy server, allowing it to proxy connections for Jump Items on the network that do not have a native internet connection, such as POS systems. Using a Jumpoint as a proxy routes traffic only to the B Series Appliance.

    You can enable Jump Zone Proxy on either a standalone Jumpoint or a Jumpoint cluster. If you set up a Jumpoint cluster as a Jump Zone Proxy, then if an endpoint is connected to one Jump Zone Proxy and that system goes down, the endpoint can connect to another Jump Zone Proxy in the cluster. Jump Zone Proxies are not supported for Atlas deployments.

    1. Optionally, under Proxy Host, you can enter the hostname of the machine on which this Jumpoint will be installed. Do not start the hostname with http://_or _https://. IP addresses are not recommended as they might change. The Jumpoint will automatically detect the hostname if one is not provided. If this is a clustered Jumpoint, this field does not appear, and the Jumpoint will automatically detect the hostname on install. If the hostname changes, you may have to redeploy any Jump Items that use this Jumpoint as a proxy.

      ℹ️

      Note

      The proxy host and port should be set carefully since any Jump Item deployed using this Jumpoint as a proxy server uses the settings available to it at the time of deployment and are not updated should the host or port change. If the host or port is changed, the Jump Item must be redeployed.

      In order for a Jumpoint to function as a Jump Zone Proxy, its host system cannot reside behind a proxy. The Jumpoint must be able to access the internet without having to supply proxy information for its own connection.

    2. Under Proxy Port, enter the port through which Jump Items will connect to this Jumpoint. If the port changes, you may have to redeploy any Jump Items that use this Jumpoint as a proxy.

    3. Check Allow HTTP GET to enable HTTP connections to proxy to the B Series Appliance. This is needed only if you want to use a browser to access /login or /console from behind the proxy.

    4. Under Restriction Type, select No access restrictions to allow Jump Item connections from any IP address. You can limit allowed connections by selecting Deny access only for the following IP addresses or Allow access only from the following IP addresses, then entering network address prefixes, one per line. Netmasks are optional, and they can be given in either dotted-decimal or integer bitmask format. Entries that omit a netmask are assumed to be single IP addresses.

  4. Under Allowed Users, you may authorize users to start sessions through this Jumpoint. After you have created the Jumpoint, you can also grant access to groups of users from Users & Security > Group Policies.

  5. Save the configuration. The new Jumpoint appears in the list of configured Jumpoints.

ℹ️

Note

Once you have installed the Jumpoint and started it at least once, Remote Support populates the table with the hostname of the system it is installed on, as well as with that system's public and private IP addresses. This information can help you locate the Jumpoint's host system in case you need to change the Jumpoint's configuration.

Download

Now that your Jumpoint is configured, you must install the Jumpoint on a single system in the remote network you wish to access. This system serves as the gateway for Jump sessions with other computers on the remote network. You can either install the Jumpoint directly to the host or email the installer to a user at the remote system. If this is to be a clustered Jumpoint, you will be able to add nodes later.

  1. From the table, find the appropriate Jumpoint and click the link to download the installer file (bomgar-jpt-{uid}.exe).
  2. If you are logged into the system you want to use as the Jumpoint host, you can run the installation file immediately.
  3. Otherwise, save the file and then transfer it to and deploy it onto the system that will serve as the Jumpoint host.

ℹ️

Note

If you need to change the Jumpoint's host system, click Redeploy. This uninstalls the Jumpoint from its current location and makes the download links available. You can then install the Jumpoint on a new host. The new Jumpoint replaces the old one for any existing Jump shortcuts that are associated with it. The new Jumpoint does not copy over the configuration from the old Jumpoint and must be reconfigured during installation.

ℹ️

Note

The Jumpoint EXE installer can be deployed through a command line interface or a systems management utility, such as Microsoft Intune. When deploying an EXE installer, the /S option can be specified for a silent installation, without any user interaction on the target system. When the /S option is used, the Jumpoint installer uses the default installation options.

bomgar-jpt-24cf209c6aab939fc418813b9723995ev.exe /S

ℹ️

Note

The Jumpoint installer expires 7 days after the time of download.

Install

  1. From the system that will host the Jumpoint, run the installation package. When the installation wizard appears, click Next.
  2. Read and accept the waiver agreement. You must accept the agreement to be able to proceed with the installation.
  3. Read and agree to the disclaimer.
  4. Choose where you would like the Jumpoint to install. The default location is C:\Program Files\Bomgar\Jumpoint\your-site or C:\Program Files (x86)\Bomgar\Jumpoint\your-site. Click Install.
  5. If you are installing a single Jumpoint, the Jumpoint Configuration application opens to allow you to configure further settings, documented below. If you are installing a clustered Jumpoint node, the installation finishes.
  6. After installing the Jumpoint, you receive a confirmation message. Click Finish.

Clustered Jumpoint setup: add nodes

The steps for creating a clustered Jumpoint in /login are the same as for a standalone, except that once you have created the clustered Jumpoint, you can add nodes to it. At least one node needs to be installed for the Jumpoint to be online.

Click the Add Node link to download the installer file.

If you have access to the system you want to use as the Jumpoint host, you can run the installation file immediately.

Otherwise, save the file and then email it to the remote user to deploy on the system that will serve as the Jumpoint host.

Follow the prompts and install the node. Note that there are no configuration screens. Once installed, the clustered Jumpoint shows the new node as installed, associated information, such as the public and private IP addresses, and whether a node is online or offline, as well as the number of nodes installed.

Nodes can be deleted but cannot be individually edited. In the representative console, none of the nodes are visible; only the Jumpoint under which they are installed is visible. Nodes function as redundant connection points. When a user needs to use the Jumpoint, Remote Support selects one of the nodes at random. At least one node must be online for the Jumpoint to work.

ℹ️

Note

A clustered Jumpoint allows you to install up to ten redundant nodes of the same Jumpoint on different host systems on the same local network. If this option is selected, the Jumpoint will be available as long as at least one of the installed nodes is online. This provides redundancy, preventing the failure of all Jump Items associated with the failure of a single, stand-alone Jumpoint, and improves load balancing across the system. All configuration of clustered Jumpoints is done in /login, with no local configuration available during the install. Once created, a clustered Jumpoint cannot be converted to stand-alone, nor a stand-alone Jumpoint converted to clustered.

Deploy behind proxy

ℹ️

Note

In the case of clustered Jumpoints, keep in mind that there is no customization available at the local level. As a result, you will not see the configuration window that allows for Proxy or other configuration items available for stand-alone Jumpoints. If you are installing a clustered Jumpoint, you may skip the following steps and go directly to Clustered Jumpoint setup: add nodes.

For a Jumpoint to be deployed on a remote network that is behind a proxy, appropriate proxy information may be necessary for the Jumpoint to connect back to the B Series Appliance.

  1. From the dropdown on the Proxy tab in the Jumpoint Configuration application, select Basic or NTLM to configure proxy settings.
  2. Enter the Proxy Host, Proxy Port, Username, and Password, and then click OK. The Jumpoint supplies this proxy information whenever Jumping to another system on the remote network, providing the credentials necessary to download and run the customer client on the target system.

Jumpoint through a Jumpoint deployed as a proxy server

You can configure a Jumpoint to go through another Jumpoint deployed as a proxy server. This allows secure access to isolated, non-routable, OT networks without being constrained to only Jump Clients. Follow these steps:

  1. On System 1, install a Jumpoint configured as a Jump Zone Proxy server.
  2. On System 2, which can be non-routable and on a network isolated from the internet, install a Jumpoint.
  3. On System 2, configure the Jumpoint's basic proxy configuration to point to the Jump Zone Proxy on System 1.
  4. You can now create new Jump Items using the Jumpoint on System 2, for endpoints in the same isolated network as System 2, and start sessions with them through the Jump Zone Proxy on System 1.

ℹ️

Note

The Jump Zone Proxy, whether standalone or clustered, must be deployed to the target network before installing the Jump Client or Jumpoint used to create Jump Items. This enables automated discovery of the broadcasting proxy.

Automated discovery works only if the installing Jumpoint or Jump Client is on the same subnet as the Jump Zone Proxy or if you have configured mDNS broadcasts to route across networks.

ℹ️

Note

You currently can’t daisy chain Jump Zone Proxies, so System 2 can’t also have Jump Zone Proxy enabled and connect out through the System 1 Jump Zone Proxy. Thus, Jump Client Jumps likely will not work since they would need to connect directly to System 1’s Jump Zone Proxy. However, remote push works. Other Jump types get their proxy configuration from the Jumpoint’s bomgar.ini file, so if the Jumpoint itself is able to connect then other Jump types should also be able to connect.

Intel® vPro

ℹ️

Note

Intel vPro configuration is available only for stand-alone Jumpoints. Clustered Jumpoints do not have this option.

Using Intel® Active Management Technology, privileged users can support fully provisioned Intel vPro Windows systems below the OS level, regardless of the status or power state of these remote systems. Configure this Jumpoint to enable vPro connection by going to the Intel® vPro tab and checking Enable Intel® vPro.

ℹ️

Note

For a representative to use Intel® vPro support, they must be granted access to a Jumpoint with Intel® vPro enabled and must have the user account permission Allowed Jump Methods: Intel® vPro.

Authentication

  1. Under Authentication, designate how the Jumpoint should attempt to authenticate to vPro-provisioned computers. Regardless of the authentication method, the provided credentials must match the authentication settings in the AMT firmware on the vPro systems.

  2. To require representatives to provide credentials each time they connect to a vPro computer, select Basic Digest Password and then Prompt Representative for credentials.

    Prompting for credentials is useful if the vPro systems on this network do not share a common username and password. However, since the vPro AMT firmware is entirely separate from any user accounts on the computer, administrators frequently provision all vPro systems to have the same credentials.

ℹ️

Note

There is little security risk in storing credentials in the Jumpoint. To use vPro support, a representative must have not only the vPro user account privilege but also access to the vPro-enabled Jumpoint. Therefore, prompting for credentials may be an unnecessary measure.

  1. If the same credentials are used for all vPro systems on the network, you can select Basic Digest Password and then Use the following credentials for all connections. With this configuration, representatives are never prompted for vPro credentials; the Jumpoint automatically supplies the stored username and password for all vPro connections.
  2. If you select Kerberos, the Jumpoint supplies the credentials for the account that the Jumpoint service is running as. These credentials can be modified to be a specific account that has permissions to access the AMT system. This configuration assumes that the account hosting the Jumpoint uses the same credentials as all provisioned vPro systems to which you wish to connect. With this configuration, representatives are never prompted for vPro credentials.

Encryption

  1. On the Encryption tab, set how the Jumpoint encrypts vPro network traffic.
  2. If the remote vPro systems are provisioned not to use TLS encryption, simply select No Encryption.
  3. Otherwise, select TLS Encryption and define the path to the Base 64-encoded CER file which contains the certificates used during the provisioning of the remote vPro systems.

Disk redirection

  1. Under Disk Redirection, specify the folder location of any ISO or IMG disk images you would like to make available for mounting in a vPro session. Representatives can use these files for IDE-R, booting the remote vPro system to a disk image rather than the hard drive.

Shell Jump

ℹ️

Note

While Shell Jump can be enabled and disabled from /login for both stand-alone Jumpoints and clustered Jumpoints, further configuration is available only to stand-alone Jumpoints; therefore, this section of the guide applies to stand-alone Jumpoints only.

The Shell Jump tab determines how this Jumpoint can be used to connect to SSH-enabled and Telnet-enabled network devices.

ℹ️

Note

Shell Jump must also be enabled on the Jump > Jumpoint page of the administrative interface. For a representative to use Shell Jump, they must be granted access to a Jumpoint with Shell Jump enabled and must have the user account permission Allowed Jump Methods: Shell Jump.

Policy

  1. On the Policy tab, if Open Access is selected, permitted representatives can Shell Jump to any remote device by entering its hostname or IP address or by selecting it from a list of provisioned devices.
  2. If Limited Access is selected, representatives can Shell Jump to provisioned devices or can enter a device's hostname or IP address, provided that it falls within the parameters set by the host list on the Limited tab.
  3. If Provisioned Only is selected, representatives can Shell Jump only to provisioned devices.

Limited

  1. If limited access is enabled on the Policy tab, the Limited list accepts IP addresses and CIDR subnet masks to which Shell Jump access is limited.

Provisioned

  1. Configure access to provisioned Shell Jump targets by going to the Provisioned tab and clicking Add.
  2. Enter a Name to help representatives identify this device when starting a Shell Jump session with it.
  3. Enter the device's hostname or IP address.
  4. Choose the Protocol to use, either SSH or Telnet.
  5. Port automatically switches to the default port for the selected protocol but can be modified to fit your network settings.
  6. Select the Terminal Type, either xterm or VT100.
  7. If you are using SSH, you can choose to use Public Key Authentication. If you choose to do so, select a Private Key to use. Private keys are configured from the Private Keys tab.
  8. Representatives Shell Jumping to this provisioned device may connect only with the Username you provide.
  9. You can also select to Send Keep-Alive Packets to keep idle sessions from ending. Enter the number of seconds to wait between each packet send.

Private keys

  1. If you are using SSH, you can upload a key file to use by going to the Private Keys tab and clicking Add.
  2. Give this key a Name and click the ellipsis to browse to the key File you wish to use. Keys must be in OpenSSH format. The ssh-keygen utility can be used to generate an OpenSSH format key file if needed.
  3. If a Password is required, you can check Store key file password to save the password for all representatives to use, or you can require representatives to enter the key file password each time they connect to a provisioned device using this key.

SSH host keys

  1. You can add SSH Host Keys prior to a representative's Jumping to that host. If no host key is cached, the representative receives a message alerting them that the server's host key is not cached and that there is no guarantee that the server is the computer they think it is. Caching a server's host key prior to connection can help prevent confusion.
  2. Enter the Hostname or IP address.
  3. Enter the Port the device uses.
  4. The server then returns its host key, which you should verify.
  5. Click Update to poll the device for its host key; the device lets you know if the host key has changed.

TTL

ℹ️

Note

TTL configuration is available only for stand-alone Jumpoints. Clustered Jumpoints do not have this option.

A date and time can be set to specify when the Jumpoint should become active and when it should automatically uninstall. Setting these delimiters determines the duration of time for which users can access the remote network through this Jumpoint.

  1. To activate this Jumpoint as soon as its setup is complete, select Always Active.
  2. Alternatively, select Do Not Activate Until, and then set a date and time upon which this Jumpoint should become active.
  3. To keep this Jumpoint available without a designated uninstall date, select Do Not Automatically Uninstall.
  4. Otherwise, select Automatically Uninstall At, and then set a date and time upon which this Jumpoint should uninstall itself.

Updated 5 days ago

©2003-2025 BeyondTrust Corporation. All Rights Reserved. Other trademarks identified on this page are owned by their respective owners. BeyondTrust is not a chartered bank or trust company, or depository institution. It is not authorized to accept deposits or trust accounts and is not licensed or regulated by any state or federal banking authority.