B Series Appliance installation
What is B Series Appliance installation?
B Series Appliance installation involves setting up the physical or virtual appliance within your network infrastructure to facilitate secure communications for BeyondTrust's remote support and privileged access solutions. The installation process includes configuring network settings, SSL certificates, and security features to ensure the appliance operates effectively within your environment. Additionally, the B Series Appliance can be deployed in various network topologies, including inside a demilitarized zone (DMZ) for optimal security.
Why is B Series Appliance installation important?
Proper installation of the B Series Appliance is critical to ensure secure, reliable, and high-performance remote access and support. A correctly installed appliance integrates into the network infrastructure, encrypts all communications via TLS, and establishes secure outbound connections between endpoint systems and the appliance. By following best practices during installation, such as deploying the appliance in the DMZ and configuring necessary security features, organizations can protect sensitive data, comply with regulations, and maintain operational continuity.
Overview of the B Series Appliance setup
A number of steps are necessary to install and configure your B Series Appliance. This task list can be used as a quick reference, or a checklist to track completion of the essential configuration requirements. Detailed instructions for each step can be found further on in this guide.
Configure the required DNS records
- Create a DNS A-record for the fully qualified domain name (FQDN) of your new site (e.g., appliance.example.com).
- If your B Series Appliance will be located in your DMZ or internal network, an internal A-record pointing to the internal IP address of the B Series Appliance is required.
- If you plan to support access for external customers, a public DNS A-record must be registered for the external IP address of the B Series Appliance.
Note
For BeyondTrust network deployment, see B Series Appliance in the network.
Install and configure the B Series Appliance
- Install the B Series Appliance according to Prerequisites and setup.
- Obtain an SSL certificate that matches your FQDN (e.g. appliance.example.com).
- Import the certificate chain to your B Series Appliance, and assign it to the appliance IP address.
- Export the root portion of the certificate chain (with matching Issued To and Issued By values) without private key information, and save the root certificate for the next step.
Obtain the software license package
- Email the following three items to BeyondTrust Technical Support:
- The FQDN of the B Series Appliance.
- The root SSL certificate segment saved during the B Series Appliance setup.
- A screenshot of the /appliance > Status > Basics page.
- Install the new software license package sent by BeyondTrust Technical Support.
- You will be notified by email when you can install the package. Ensure you have completed all of the previous steps.
- The software license package can be installed using the Check for Updates utility.
Finalize setup
- Once your license package is installed, navigate to the /login administrative interface (e.g., <https://appliance.example.com/login>).
- Use the default admin credentials admin and password to log in for the first time.
Requirements
Note
Until the B Series Appliance's prerequisites are met, you will not be able to reach your B Series Appliance directly by its IP address or hostname, nor will you be able to check for updates or use it to provide privileged access.
To complete setup, the B Series Appliance requires the following at minimum:
- Two available power outlets
- A high-speed network connection
- A network router or switch
- A unique, static IP address for the B Series Appliance
- A private DNS A-record resolving to the static IP of your B Series Appliance
- A public A-record and public IP are also required if external clients require access to the B Series Appliance.
- An SSL web server certificate, intermediate SSL certificate, and SSL root certificate, or 1 Self-Signed certificate. Additional information can be found in the Import SSL certificates section.
- The BeyondTrust software licensing package
More advanced configurations could require additional items, such as:
- An SSL root and intermediate SSL certificate(s) for BeyondTrust mobile clients
- A public DNS A-record to allow public network access
- Multiple web server certificates and/or SAN or wildcard certificate(s) to allow access from multiple DNS A-records
- Multiple static IP addresses to isolate client traffic from multiple networks requires
- Outbound access to the public internet over TCP port 443 to configure automatic updating and advanced BeyondTrust Technical Support
Important
No client software (e.g., consoles, Jump Clients, Jumpoints, etc.) can be downloaded, installed, or used until BeyondTrust Technical Support builds a software licensing package for your B Series Appliance and you install it per the instructions provided by Support. Because this license package is encoded with the DNS A-record of the B Series Appliance as well as its SSL certificate, these must be in place before the license package can be completed.
Initial setup
Ensure the following steps are completed before the BeyondTrust hardware is delivered and installed:
- Allocate the necessary rack space for the B Series Appliance. Ensure the space has the necessary power and network access.
- Reserve a static IP address for the B Series Appliance on the network, described in B Series Appliance in the network.
- Configure a DNS A-record for the fully qualified domain name (FQDN) of your new site (e.g., appliance.example.com).
Note
A private DNS A-record resolving to the static IP address of the B Series Appliance is always necessary. A public A-record and public IP are also required if clients on public, external networks require access to the B Series Appliance.
Network location considerations
Although your B Series Appliance can function anywhere in your network with internet access, you must decide where in your network you plan to install the B Series Appliance prior to this step. If you are going to access systems outside of your network, BeyondTrust recommends placing your B Series Appliance in a DMZ or outside of your internal firewall. See the location considerations table below for more details. For assistance with your firewall configuration, please contact the manufacturer of your firewall software.
Note
The B Series Appliance must be powered down before it is unplugged it from its power source (for example, to move the appliance to connect it to the internet). If you can log into the /appliance administrative interface, go to the Status > Basics page and click Shut Down This Appliance. Manual shut down is possible if you press and release the power button one time. Wait 60 seconds for the B Series Appliance to power down before unplugging the B Series Appliance from the power source. When you reconnect the B Series Appliance at the new location, you must power up again.
Network Location | Advantages/Disadvantages |
|---|---|
| Outside your firewall | Does not require that ports 80 and 443 be open inbound for TCP traffic on your firewall. Simplifies the setup process significantly because both consoles and clients are built to resolve to a specific DNS; if your registered DNS resolves to a public IP address directly assigned to your B Series Appliance, no additional setup is required by you to initiate a session. |
| DMZ | May require additional setup depending on your router or routers. |
| Inside your firewall | Requires port forwarding on your firewall and possibly additional setup of your NAT routing and internal DNS. |
Updated 5 days ago