UVM Appliance User Guide - BeyondTrust · Contents Contents 3 Introduction 6 ContactingSupport 7...

UVM ApplianceUser Guide

Revision/Update Information: July 2017Software Version: UVM Appliance 2.3Revision Number: 0

CORPORATE HEADQUARTERS

5090 N. 40th StreetPhoenix, AZ 85018Phone: 1 818-575-4000

COPYRIGHT NOTICECopyright © 2017 BeyondTrust Software, Inc. All rights reserved.The information contained in this document is subject to change without notice.

No part of this document may be photocopied, reproduced or copied or translated in any manner to anotherlanguage without the prior written consent of BeyondTrust Software.

BeyondTrust Software is not liable for errors contained herein or for any direct, indirect, special, incidental orconsequential damages, including lost profit or lost data, whether based on warranty, contract, tort, or any otherlegal theory in connection with the furnishing, performance, or use of this material.

All brand names and product names used in this document are trademarks, registered trademarks, or trade namesof their respective holders. BeyondTrust Software is not associated with any other vendors or products mentionedin this document.

Contents

Contents 3

Introduction 6

Contacting Support 7

Access BeyondInsight 8

Managing Your UVM 9

Accessing the UVMWeb Site 9Requesting Product Updates 9Apply Security Updates 10

Setting the Update Method 11Appliance General Settings 11

Adjusting Date and Time Settings 11LCD Panel Settings 11Clearing the BeyondInsight Cache 12Export Settings 12FIPS 12Pre-Logon Banner Settings 12

Managing Security Settings 14

Downloading a Crypto Key 14Uploading a Crypto Key 14Disabling RC4 Ciphers 14Turning off SSL Authentication 15Analytics and Reporting Endpoints 15Generating and Exporting Certificates 15Setting a Security Protocol 16

Profile Settings 17

Updating Product Serial Numbers 17Purging Appliance Data 18Resetting Administrator Passwords 18

Network and RDP Settings 20

Configuring RDP 20Setting an IP Address for the Appliance 20Entering SMTP Server Settings 21Proxy Settings 21BITS Throttle 22

Using Two Factor Authentication 23

Appliance Health 24

Contents

UVM Appliance User Guide 3 © 2017. BeyondTrust Software, Inc.

Health Dashboard 24Monitoring Services and Hardware 24Checking Services 25Configuring Counters for Performance Metrics 26Configuring Notifications 28

Sending Alerts to BeyondInsight 29Viewing Notifications 31

Configuring Roles 32

Using Role Templates 32Saving Role Configuration 32Retina Scanner Role Settings 32Event Collector Role 32SQL Server Database Roles 33Database Access 33Patch Management Role 33PowerBroker Password Safe Roles 33

On the Primary Server 33On the Secondary Server 34

BeyondInsight Analytics and Reporting Roles 34Analysis Services Role Settings 34Reporting Services Role 34

Turning on Auto Update 34Enterprise Update Server Role Settings 35BeyondTrust Updater Role Settings 35

Configuring PowerBroker Password Safe 36

Uploading SSL Certificate 36Archiving Password Safe Session Monitoring Events 37

Setting up the Repository Host 37Running the Repository Configuration Tool 38Setting up the Appliance 38

Synchronizing Session Monitoring Archive Files 39

Using High Availability 41

Active–Passive High Availability 41Setting up High Availability 41

Turning on High Availability (HA) Pairing 41Configuring High Availability 42Using a Load Balancer in an Active-Passive Configuration 44

Testing HA Failover 45Using Medium Failover Mode 45Resuming and Suspending SQL Mirroring 45Discarding HA Configuration Settings 46Recognizing a Failover 46

Disaster Recovery 46Verifying Connectivity Between Servers 47Database Status After a Failover 47

Contents


Restoring Roles After a Failover 47Reviewing Database Metrics 47

Checking the Database Connection Status 48

Configuring Backup and Restore 49

Scheduling a Backup 49Scheduling an Automatic Backup 49Restoring the Appliance 50

UVM Recovery 51

Appendix A: Configuring VLAN 54

Tagged VLAN configuration on Physical UVM20/50 54Virtual Guest Tagging (VGT) VLAN configuration on Virtual UVM20 55

Appendix B: Optional Appliance Configuration 57

Configuring iDRAC 57Configuring NIC Teaming or Link Aggregation 57

Appendix C: Setting up a Cold Spare Appliance 58

Requirements 58

Contents


IntroductionThis guide provides information on UVM20 and UVM50 appliances, virtual appliances, and diagnostics information.

This guide is intended for network security administrators responsible for protecting their organization's computingassets. A familiarity with networking and security concepts is needed.

FCC CertificationThis equipment has been tested and found to comply with the limits for a Class A digital device pursuant to Part 15of the FCC Rules. These limits are designed to provide reasonable protection against harmful interference whenthe equipment is operated in a commercial environment. This equipment generates, uses, and can radiate radiofrequency energy and, if not installed and used in accordance with the manufacturer’s instruction manual, maycause harmful interference with radio communications.

Operation of this equipment in a residential area is likely to cause harmful interference, in which case you will berequired to correct the interference at your own expense.

Standards ComplianceUVM has been tested and verified to comply with the applicable sections of the following standards:

• FCC Emissions

• Binational standard, UL-1950/CSA-C22.2 No. 950-95: Safety of Information Technology Equipment

Limited Hardware Appliance WarrantyThis hardware appliance is accompanied by a 3-year manufacturer’s warranty based on the invoice date. Thewarranty covers all hardware, including internal components supplied in this shipment. The warranty does notcover additional items, such as keyboards, monitors and mice, not included in this shipment. During the warrantyperiod, the appliance will be repaired or replaced at no cost under the warranty terms.

Due to continuing changes in the computer industry, if a replacement is necessary the appliance manufacturerreserves the right to make product substitutions of equal or greater value.

Do not ship any appliance without first contacting BeyondTrust Technical Support to coordinate any repairs orreplacements. Do not try to repair the appliance yourself.

Please back up all data before having the appliance serviced or repaired. Neither BeyondTrust nor the appliancemanufacturer warrants that operation of the appliance will be uninterrupted or error-free. In no event willBeyondTrust or the appliance manufacturer be responsible or liable for loss or integrity of any data on theappliance and/or any storage media.

Warranty InvalidationThis warranty is void in the event that:

• the appliance is damaged due to accident, abuse, misuse, problems with electrical power, modifications orservicing not authorized by BeyondTrust and/or the appliance manufacturer, or failure to operate inaccordance with the appliance instructions;

• serial tags, receiving numbers, product stickers or manufacturer seals have been removed, altered ortampered with;

• the appliance is opened for any reason;

• the appliance is damaged due to improper or inadequate packaging when returned for repair or replacement;

Introduction


• the appliance has been tampered with, such as overclocking.

Labor and services performed on items or systems that are found not to be defective may be subject to a separatecharge. In addition, the appliance manufacturer reserves the right to charge a 10 percent restocking fee for itemsreturned which are found not to be defective.

Contacting SupportFor support, go to our Customer Portal then follow the link to the product you need assistance with.

The Customer Portal contains information regarding contacting Technical Support by telephone and chat, alongwith product downloads, product installers, license management, account, latest product releases, productdocumentation, webcasts and product demos.

Telephone

Privileged Account Management SupportWithin Continental United States: 800.234.9072

Outside Continental United States: 818.575.4040

Vulnerability Management SupportNorth/South America: 866.529.2201 | 949.333.1997

+ enter access code

All other RegionsStandard Support: 949.333.1995

+ enter access code

Platinum Support: 949.333.1996

+ enter access code

Onlinehttp://www.beyondtrust.com/Resources/Support/

Introduction


http://www.beyondtrust.com/Resources/Support/

http://www.beyondtrust.com/Resources/Support/

Access BeyondInsightFor more information about using BeyondInsight, refer to the BeyondInsight product documentation.

To log on to BeyondInsight:

1. Open a web browser, and then enter the URL to access BeyondInsight.https://[BeyondInsight server name]/eEye.RetinaCS.Server

The SSL certificate warning window displays. The SSL certificate automatically created for the UVM ensuresencrypted communications.

To avoid the warnings, install the SSL certificate through the web browser or obtain a valid certificate from acertificate authority. Or, select the check box to not display the information page again.

The Internet Explorer warnings will be displayed until the SSL certificate is installed or a valid certificate isobtained.

The BeyondInsight Login page displays.

2. Enter your user name (btadmin) and the password you created in the configuration wizard, then click Login.The BeyondInsight console displays.

Access BeyondInsight


Managing Your UVMYou can access appliance diagnostics to verify version information, request updates and configure other options.

Accessing the UVM Web SiteTo log on to the UVMweb site:

1. Using your web browser, enter:https://[your IP Address]/Maintenance

2. For the initial login, enter the following information.– User Name - Enter the Administrator user name created using the Configuration wizard.

– Password - Enter the Administrator password created using the Configuration wizard.

Requesting Product UpdatesYou can request product updates for the UVM. You can view the version number for the BeyondTrust products thatyou are licensed to use.

To request updates:

1. On the BeyondTrust Updates page, click Request Update.The update of the UVM and BeyondInsight database starts.

Managing Your UVM

UVMAppliance User Guide 9 © 2017. BeyondTrust Software, Inc.

Apply Security UpdatesBeyondTrust provides a bundle of Microsoft patches in a security update package. All updates are tested andapproved by BeyondTrust to ensure that updates do not interfere with the proper operation of your UVM.

The packages are updated when new patches are available from Microsoft. For more information about theupdates included in the package, contact BeyondTrust Technical Support.

In UVM versions 1.3 or later, there is a security update package installer that ships with your appliance. When anew package is copied to the update server, then those updates can be received by your appliance.

Note: If you are working in an air-gap environment, you can manually download the update packages. You mustwork with the BeyondTrust Technical Support team to download packages manually.

To apply the updates:

1. Log on to the appliance web site.The default page displayed is the BeyondTrust Updates page.

2. If it is not displayed, selectMaintenance from the menu, then select BeyondInsight Updates.Details about any updates currently available are provided.

3. Click Apply Security Updates.The update can take time depending on the packages being applied. Click Refresh at any time to update thestatus.

Note: If a restart is required (depending on the patch), then the appliance will restart automatically. Noaction is required on your part.

Note: Applying Security Updates For UVM Versions Earlier Than 1.3

If your UVM version is earlier than 1.3, then BeyondTrust Technical Support can send you the update packageinstaller to deploy on your appliance. After you run the installer package, the appliance web page is updated. TheSecurity Updates section will be available for you to track and manage your security updates.

Managing Your UVM


Setting the Update Method1. Log on to the appliance web site.2. SelectMaintenance from the menu, then select BeyondInsight Updates.3. Select an update method.

– Connect to the Internet for licensing and updates. No proxy required - Select if there is an Internetconnection and no proxy server.

– Connect to the Internet for licensing and updates through a proxy server - Select if you are using a proxyserver.

– No Internet connection. (Requires performing manual updates.) - Select if the appliance does not havean Internet connection.

4. After you select an update method, click Apply Changes.

Appliance General Settings

Adjusting Date and Time Settings1. Select General Settings from the Appliance Maintenance menu.2. Select a time zone and adjust the time.

3. Click Set the Date and Time Now.

LCD Panel SettingsTo turn on settings for the LCD Panel on the appliance:

Managing Your UVM


1. Select General Settings from the Maintenance menu.

2. You can turn on the following settings:– Allow LCD Panel to Reset Administrator Password – Turn on to be able to reset the administrator

password to a random password from the LCD panel. If needed, go to the appliance to reset the

administrator password. Select the Show IP option to view the IP address. Hold the and arrows

simultaneously on the UVM LCD panel. A random password is generated. Press to accept the changedpassword.

– Buttons on LCD Panel – Turn off to disable all the LCD panel buttons.

3. Click Update LCD Panel Settings.

Clearing the BeyondInsight CacheThe Clear BI Cache button clears the license key in the BeyondInsight database cache. If a new license key has beenrecently applied, then clearing the cache ensures that the new key is saved to the BeyondInsight database.

Clearing the cache and applying the new key ensures all features are available and work properly. You can verifylicensed features on the Product Activation Keys tab.

Export SettingsTo allow appliance settings such as IP address and administrator password to be set by inserting a USB drive into theappliance.

To turn on settings for the LCD Panel on the appliance:

1. Select General Settings from the Maintenance menu.2. Click to turn on Appliance settings to be imported and exported onto removable storage.3. Click Update Export Settings.

FIPSTo turn on settings for the LCD Panel on the appliance:

1. Select General Settings from the Maintenance menu.

Pre-Logon Banner SettingsYou can configure a pre-logon message before the logon credentials page is displayed to the user.

Managing Your UVM


To configure a pre-logon banner:

1. Select General Settings from the Maintenance menu.2. Enter a title and message.

Managing Your UVM


Managing Security Settings

Downloading a Crypto Key1. Select Security Settings from the Maintenance menu.

2. Enter a password, and then click Submit.

Uploading a Crypto Key1. Select Security Settings from the Maintenance menu.

2. Enter password.3. Drop the zip file.4. Click Generate the Uploaded Key.

Disabling RC4 CiphersIf you are using BeyondInsight version 5.8 or later, then you must disable RC4 ciphers.

1. Select Security Settings from the Maintenance menu.2. Click Disable RC4.



Turning off SSL AuthenticationYou can turn off SSL authentication. When you select SSL/Certificate Required (No), SSL certificates are ignored.

To ignore SSL certificate authentication:

1. Select Security Settings from the Maintenance menu.2. Click Event Service SSL/Certificate Required (No).

3. Click Submit.

Analytics and Reporting EndpointsIf the BeyondInsight Analytics and Reporting web site is not reachable, you can refresh the settings to establish theconnection.

1. Select Security Settings from the Maintenance menu.2. Click Refresh.

Generating and Exporting Certificates1. Select Security Settings from the Maintenance menu.

2. To regenerate the SSL certificate to match the appliance network name, click Generate Certificate. Thecertificate will not be trusted by the client browser.



3. To export the client certificate, enter the password for the certificate and then click Export Certificate.

Setting a Security ProtocolSelect the security protocol that applies to your environment: SSL or TLS.

To use TLS 1.2, ensure the following patches have been applied to your appliance.

KB2979597 - https://support.microsoft.com/en-us/kb/2979597

KB3144114 – This is a hotfix. You can request it from here: https://support.microsoft.com/en-us/hotfix/kbhotfix?kbnum=3144114&kbln=en-us

KB3144517 - https://support.microsoft.com/en-us/kb/3144517

1. Select Security Settings from the Maintenance menu.2. Select the protocol type, and then click Update Security Protocols.



https://support.microsoft.com/en-us/kb/2979597

https://support.microsoft.com/en-us/hotfix/kbhotfix?kbnum=3144114&kbln=en-us

https://support.microsoft.com/en-us/hotfix/kbhotfix?kbnum=3144114&kbln=en-us

https://support.microsoft.com/en-us/kb/3144517

Profile Settings

Updating Product Serial NumbersNote that on the Appliance Profile page you can review your licensed components. If components are not showingas licensed you might need to refresh the BeyondInsight database cache to ensure the most recent license isapplied. See Clearing the BeyondInsight Cache.

To update the appliance serial number:

1. Select Profile from the Maintenance menu.

2. You can either retrieve the serial numbers and validate the license key automatically using your Internetconnection or enter this information manually:– Automatically Retrieve Product Serial Numbers - Enter your email address and Client Portal password

and click Retrieve Keys. Select the appropriate serial numbers from the list when populated and clickUpdate Serial.

– Manually Enter Product Serial Numbers - Enter the serial number provided when you purchased theproduct. To access your serial number, log on to the Client Portal, and select Product Licensing >Managing Your Serial Numbers. Click Get Offline License and follow instructions on obtaining the licensekey offline. Manually enter the license key once it is received.

Profile Settings


3. Click Update Keys.

Purging Appliance Data1. Select Profile from the Maintenance menu.2. Scroll to the purge data area.

3. To erase the database and user configuration data from the appliance, clickWipe Appliance. The configurationdata and events are purged.

Resetting Administrator PasswordsYou can reset the UVM administrator password, BeyondInsight administrator password, and Central Policypassword.

Ensure that you review the complexity requirements.

To reset a password:

1. Select Profile from the Maintenance menu.2. Select the check box for the password that you want to change.

Profile Settings


3. Change the password.4. Click Update Credentials.

Profile Settings


Network and RDP Settings

Configuring RDPRDP access is turned off by default. RDP access is not required for daily use regardless of licensing or roles.BeyondTrust Technical Support can turn on RDP access for troubleshooting.

To track RDP and 2-Factor activities, there are audit log entries in the Security Event logs.

1. SelectNetwork and RDP Settings from the Maintenance menu.2. Select the Enable Remote Desktop box.3. Select 2-Factor required to turn on the settings to use two-factor authentication when using remote desktop.

Note that if you want to disable the 2-Factor authentication the temporary password from BeyondTrust isrequired. After you enter the password, the 2-Factor Required box is cleared.

You need a password to access the UVM remotely. BeyondTrust Technical Support will generate a time-limitedpassword for you.

4. Click Save RDP Settings.

Setting an IP Address for the ApplianceYou can get an IP address automatically using DHCP or manually configure the IP address.

1. SelectNetwork and RDP Settings from the Maintenance menu.2. Select a network card from the list.3. Click the button to use DHCP to get the IP address. Otherwise, set the IP address information manually.



4. Click Update IP Settings.

Entering SMTP Server Settings1. SelectNetwork and RDP Settings from the Maintenance menu.2. Enter the following SMTP settings:

– Address - The IP address of the server.

– Port - The port number of the server.

– User - The user name used to access the server.

– Password/Confirm Password - The server password.

3. Click Update SMTP.

Proxy SettingsConfigure a proxy server if access to the Internet is required.

To use a proxy server:



1. SelectNetwork and RDP Settings from the Maintenance menu.

2. Select the Use proxy server for external communication box.3. Enter the address and port for the server.

– Address - The IP address of the server.

– Port - The port number of the server.

4. If the proxy server requires authentication, enter the credentials:– User - The user name used to access the server.

– Password/Confirm Password - The server password.

5. Click Update Proxy Settings.

BITS Throttle1. Select Network & RDP Settings from the Maintenance menu.2. Drag the slider to the level of throttling.3. Click Update BITS Throttling Setting.



Using Two Factor AuthenticationYou can configure two factor authentication using a RADIUS server.

You must configure the RADIUS server settings in BeyondInsight.

After you set up two-factor authentication, your users must log on to the appliance using the two-factorauthentication method.

To configure a RADIUS Server:

1. From the Maintenance menu, select Accounts and Licensing.2. Scroll to the Configure RADIUS Authentication section.3. Click RADIUS Authentication Enabled to turn on the setting.4. From the Alias list, select one of the available RADIUS servers.

The appliance uses the settings configured in BeyondInsight. After you select the server, the following fieldsare populated: host name, authentication port, timeout, authentication mechanism, and initial password.

5. Enter the user name. This is the user account that is used to log on to the RADIUS server.Note: The RADIUS user account password must match the appliance Administrator password.

6. Click Update Settings.

Using Two Factor Authentication


Appliance HealthOn the Diagnostics pages, you can keep track of appliance services, hardware faults, and performance metrics.

Note: If you are using your SQL Server deployment (not the SQL Server version that ships with the appliance),then the SQL Server metrics are not displayed on the Health dashboard.

Health DashboardView dynamic, live appliance metrics including:

• CPU usage

• SQL Server CPU usage

• SQL Server memory

• Used disk space on the C: drive. Note that on a UVM50 additional drives are displayed (O, N, and M).

• Services running and stopped

Monitoring Services and HardwareAppliance services and hardware are monitored:

Appliance Health


• Services – Periodically checks the running state of the services to make sure that they are in the expectedstate, considering the current roles that are set. Additionally, alerts are indicated when the service controlmanager raises errors. Errors reported are typical error messages on services such as, services failing to startor services terminating unexpectedly.

• Hardware events – Any of the alerts that are raised by Dell OpenManage monitoring software.

To turn on alerts for services or hardware:

1. Select Diagnostics from the menu.2. Select Appliance Health from the menu.3. Click the box to turn on the setting.

4. Click Apply Updated Settings.

Checking ServicesYou can view, start, and stop appliance services.

To view appliance services:

1. Select Diagnostics from the menu.2. Select Appliance Health from the menu.

The icons indicate the following:

Click to refresh the service.

Click to start the service.

Click to stop the service.

Appliance Health


Configuring Counters for Performance MetricsYou can configure the threshold values for the performance metrics. When the threshold is exceeded, email alertscan be sent to the email account configured on the notifications page.

For example, you might not want CPU usage over 50% for too long. Consider setting the thresholds to thefollowing:

– Low: 50

– Medium: 65

– High: 70

– Threshold Duration: 10 minutes

If there is a running average reading of 52%, then a low level alert is sent.

After a counter alerts at a certain level it will not generate further alerts for that level (or below) until it is reset. Analert is considered in a reset state when the average is below the reset threshold for the specified time span.

If a metric is in an alerted state, but then that metric goes below a configurable Reset threshold for the specifiedamount of time, then the alert is cleared, and a Reset alert is generated. At this point, the performance counter willagain receive alerts if it exceeds the threshold again.

To configure counters view performance and alert settings:

1. Select Diagnostics from the menu.2. Select Selectable Counters from the menu.3. Select notifications settings:

– Generate Alerts For Monitored Performance Data – Turns on email notification for alerts.

– Generate Daily Summaries of Performance Data – Performance metrics are collected every 2 hours andemailed on a daily basis.

Appliance Health


4. By default, there are four base counters listed: SQL Server Memory Percentage, CPU Overall Usage, SQLServer CPU Usage, and Disk Free. Select additional counters from the list, and then click Add to List.

5. Adjust the performance and reset thresholds.6. Click Apply Updated Settings.

Appliance Health


Configuring NotificationsNotifications can be set for the following types of events:

• Health monitoring – Includes performance thresholds, service alerts, hardware alerts, and daily performancesummaries.

• High availability monitoring – Includes failover, connections, no partner alerts, and off state.

• High availability mirror change – Includes suspend and resume activities on SQL mirroring.

• Backup monitoring – Includes back up success and failure alerts, and restore success.

To configure email notification:

1. Select Diagnostics from the menu.2. Select Configure Notifications from the menu.

3. Click the box to turn on email notification.4. Click in the Email These Users box, and then select the check boxes for the email addresses that will receive

the notifications.

5. Click Apply Updated Settings.

Appliance Health


Sending Alerts to BeyondInsightNote: BeyondInsight V6.0 is required to use this feature.

You can send alerts from the appliance to your BeyondInsight management console for further analysis.

To configure event forwarding for the appliance alerts:

1. Select Diagnostics from the menu.2. Select Configure Notifications from the menu.3. Select one of the following:

– None -

– Local - Uses the local installation of BeyondInsight.

– Remote server - Enter the IP address or DNS name for the remote BeyondInsight server.

You must export a certificate from the remote BeyondInsight server and import the certificate to the localUVM. Select a certificate from the list, and then click Apply Updated Settings.

a. If the remote server is another UVM appliance, log on to the appliance web site for that appliance.b. Select Security Settings from the Maintenance menu.c. Enter a password and click Export.

d. Import the certificate on the local UVM. See Uploading SSL Certificate.e. On the Health tab, select the certificate from the list.

Appliance Health


If the remote server is a software install of BeyondInsight, use the BeyondInsight Configuration Tool tocreate and export the certificate.

4. Click Apply Updated Settings.You must also create a connector from the BeyondInsight management console.

To create the connector:

1. Log on to BeyondInsight.2. Click the Configure tab, and then select Connectors.3. Click + and select Syslog Event Forwarding.4. Enter the details for the UVM appliance, including IP address, protocol, and facility.5. Select the Appliance Health check box.

By default all severity levels are included. Select an alternate level if needed.

Appliance Health


Viewing NotificationsA notifications icon is displayed on the Diagnostics page.

After notifications are received, a number is displayed that indicates the number of notifications. Click the icon toview more information about the notifications, as shown:

The bar next to the notification indicates severity. See the following table for descriptions.

Color Legend

Info

Low

Medium

High

Appliance Health


Configuring RolesSelect Appliance Roles if you are deploying more than one UVM to scale BeyondInsight in larger networks.

Roles must be selected for at least one of the UVM appliances.

When you are selecting roles, any dependencies or conflicts that might exist between roles will be displayed. TheApply Roles button is only available after dependencies or conflicts are resolved.

Using Role TemplatesThere are predefined role templates that you can choose. When you choose one, all dependent roles that need tobe activated will be. Any roles that are not required for the template will be turned off.

When you select a predefined template, you must enter information for some fields before the Apply Roles buttonis available. The role is indicated in orange.

For example, if you select the Standalone Database role, then you must go to the SQL Server Role and enter thedatabase password.

Saving Role ConfigurationYou can configure the roles that you need and save the settings to a configuration file. You can then upload thetemplate to the UVM.

Retina Scanner Role SettingsTurn on the role to activate the Retina scanner agent.

Event Collector RoleActivates the Event Server which receives events from agents (Retina scanner agent, Retina Protection agent, andPowerBroker Endpoint Protection Platform).

Configuring Roles


1. Enter the following Event Server information:– Event Server Port - The port number of the Event Server.

– Incoming Replication Port - The incoming replication port number.

2. If you select the Send Replicated REM Events check box, enter the following information:– Outgoing Replication Host - The name of the outgoing replication host.

– Outgoing Replication Port - The port number of the outgoing replication host.

– Outgoing Replication Certificate - The certificate of the outgoing replication host.

– To upload a new certificate, click to search and select the certificate. Enter the password, and clickUpload. The certificate should now appear in the list.

3. Click Apply Changes.

SQL Server Database RolesProvides access to the SQL Server database. Select the box to allow database access from remote computers.

If you are using your SQL Server deployment, there is no action required on your part here.

Database AccessProvides access to the BeyondInsight database. You can set either a local SQL Server database or configure settingsfor a remote database.

Patch Management RoleTurn on the role to activate the LanMan service on the appliance to host Third-Party patches.

PowerBroker Password Safe RolesTurn on the Password Safe role to activate services needed to run Password Safe and Password Safe HighAvailability.

Note that the Password Safe role is only displayed on the Roles page when a Password Safe license is applied.

On the Primary ServerIf you are using Password Safe High Availability, you must configure the following settings on the primary server.

To turn on the Password Safe role:

1. Log on to appliance web site.2. Select Roles Editor from the menu.3. Expand Password Safe Role, and select a mirroring option:

– HA will mirror both Server and Database

– HA mirroring for services only

4. Select the Allow HA Pairing check box.5. To save resources, you can turn off services that will not be required to run on any secondary appliances.

Select the Standalone Password Safe Worker Node check box. Select the corresponding check boxes to turnoff services: Disable BeyondInsight UI or Disable Password Safe UI.

Configuring Roles


6. Click Apply Changes.7. On the main Roles Editor page, click Apply Pending Changes.

On the Secondary ServerIf you are using Password Safe High Availability, you must select the Allow HA Pairing check box on the PasswordSafe role for the secondary server.

BeyondInsight Analytics and Reporting RolesThere are two roles that you can configure if you are using BeyondInsight Analytics and Reporting.

Analysis Services Role SettingsTurn on the role to turn on the SQL Server Analysis service.

You can click the link to run BeyondInsight Analytics and Reporting.

Reporting Services RoleIf you are using BeyondInsight Analytics and Reporting to render reports, the service must run locally. Turn on theReporting Services role to run the service locally when using a remote database.

Turning on Auto UpdateTo use the auto update feature, where product updates will automatically download when available, turn on theauto update role.

To turn auto update:

1. On the appliance web site, select Roles Editor from the menu.2. Click Auto Update.3. You can configure one server for all updates or configure servers based on functional area.

If you configured different update servers, click Load Default Settings to reset the default BeyondTrust server.

4. Scroll on the page, and click Apply Changes.5. On the main Roles Editor page, click Apply Pending Changes.

Configuring Roles


Enterprise Update Server Role SettingsTurn on the role to use the Enterprise Update server to update your appliances.

BeyondTrust Updater Role SettingsTurn on the role to use the Azure web based update tool.

Configuring Roles


Configuring PowerBroker Password SafeTo set up Password Safe on the appliance, you need to:

• Turn on the Password Safe role

• Turn on Remote Desktop Connection (RDP). See Enable Appliance Options.

Note on EncryptionIf you are using Password Safe, all credentials are stored in the database using AES 256 using RijndaelManagedcrypto provider. When FIPS is used, all UVM credentials stored in the database are encrypted using Triple DEScrypto provider.

Uploading SSL CertificateTo upload an SSL certificate:

1. Select the Certificate tab.

2. Drop a file to upload.3. Enter the password.4. To regenerate the SSL certificate to match the appliance network name, click Generate Certificate. The

certificate will not be trusted by the client browser.5. To export the client certificate, enter the password for the certificate and then click Export Certificate .

Configuring PowerBroker Password Safe


Archiving Password Safe Session Monitoring EventsYou can transfer old session monitoring files off the appliance to another server for storage. Archive old files tofree up disk space on the appliance. You can view the archive files in Password Safe. For more information, refer tothe Password Safe Administration Guide.

Session monitoring files are archived in one of two ways:

• Automatically by the UVM. Automatic archives occur in the following cases:

– When the file reaches the configured age.

– When free space on the UVM hard drive is below the configured threshold. See Setting up the Applianceto configure these settings.

• Manually through Password Safe. Refer to the Password Safe Administration Guide. Archive files are neverdeleted.

There are two parts to configuring archiving:

• Set up the computer that will be the repository host

• Set options on the web site for the appliance

Setting up the Repository Host

Repository Host Requirements• The minimum operating system requirement for the host computer is Microsoft Windows 2008.

• Port 443 must be open.

• IIS 7.5 or later.

In Server Manager, install and enable the following feature: Background Intelligent Transfer Service (BITS).

Activating BITS ensures prerequisites are installed regardless of OS or IIS version installed.

• ASP.NET 4.5

• You need a copy of the Setup Session Monitoring Repository tool, located here:C:\Appliance\Tools\ConfigureRepository.exe.

Note on IIS 7.5:If you are using IIS 7.5 and the ASP.NET 4.5 role did not install automatically:

1. Install the ASP.NET role.2. Run the command:

C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe -i

3. Log on to Server Manager and select the IIS instance. Double-click ISAPI and CGI Restrictions.



4. Ensure that ASP.NET v.4.0 is set to Allowed.

Running the Repository Configuration ToolThe repository configuration tool creates a certificate on the host computer.

To run the repository configuration tool:

1. Run the repository configuration tool.2. Click the Create Certificate button.3. Enter a password for the exported certificate.4. Click Export Certificate and choose a location for the file with the exported certificate.5. Copy the exported certificate to a location that can be accessed by the appliance. You need to import the

certificate using the Diagnostics web site. See the following section.

Setting up the ApplianceYou must set up the repository host before proceeding here.

On the appliance you must register the certificate that you created on the repository computer. Optionally, you canchange the archive settings such as how many days pass before the files are archived.

To configure archiving on the appliance:

1. Log on to the appliance web site.2. Select the Certificates tab.3. Upload the certificate that you created on the host, and then click Update.

Note: When importing the certificate, ensure the Install Certificate on Import check box is not selected.See Uploading SSL Certificate.

4. Select Roles Editor from the menu.5. Click Password Safe.6. Select the Enable Session Monitoring Archiving box.7. Select the way to store the archive files:

– BITS – Enter the name of the repository computer.

Enter the name of the certificate. The certificate name is the same name as the repository computer.

– Windows File Sharing – Enter the name of the share and credentials to access the share. Windows filesharing is the preferred method.



8. Optionally, change the archiving settings:– Max Age in Days – Enter the number of days that pass before the files are archived. The default value is

90 days.

– Archive when available storage becomes less than – This value applies to the storage available on theappliance. Enter the amount of storage remaining on the appliance before the file transfer occurs. Thetransfer of files will free up the disk space when the value is reached.

– Max File Transfer Time – This value is the maximum time to wait for a file transfer to occur before thetransfer times out.

9. Click Test Session Monitoring Settings to ensure the repository computer is set up correctly and cancommunicate with the appliance computer.

10. Click Apply Changes to save the settings.

Synchronizing Session Monitoring Archive FilesOn the High Availability Settings page, you can determine if the session monitoring archive files are up to date onthe repository host.

Compare the values in the Local Session File Count box (archive files on the appliance) and Remote Session FileCount box (archive files on the repository host).

If the numbers are different, select the Synchronize Session Archiving Files check box. Archive files on theappliance will be copied to the repository host.



Using High AvailabilityNote: High Availability is only available with a PowerBroker Password Safe license.

Active–Passive High AvailabilityHigh availability is designed to be a highly available system in an Active-Passive configuration. At any time, one ofyour two servers has the role of the Active node, while the other is the Passive node.

When the Passive server detects the Active server has failed, then the Passive is promoted to Active and the Activeis demoted.

After the Active server fails and all issues are resolved, the server takes on the Passive role.

Setting up High AvailabilitySetting up High Availability is optional.

Turning on High Availability (HA) PairingYou must turn on the Password Safe role in the Roles Editor before setting up high availability. The role must beturned on for the active and passive appliance.

To turn on the Password Safe HA pairing:

1. Select Roles Editor from the menu.2. Click Password Safe.3. Turn on the Password Safe role.4. Select Allow HA Pairing.

5. Click Apply Changes.6. On the main page, click Apply Pending Changes.

Using High Availability


Configuring High AvailabilityTo set up high availability:

1. Select High Availability from the menu.For first time configuration, the Initial Setup page is displayed. Certificates need to be set up between theappliances for secure communication.

2. Enter the IP address or the name of the passive UVM appliance, and then click Apply.

A message is displayed that the exchange is in progress.

If an error occurs during the certificate exchange a Show/Hide Results button is displayed.

Exchanging certificates can take up to approximately 5 minutes.

After the certificates are exchanged with no errors the configuration settings are displayed.

3. Click High Availability to turn on the feature.4. Enter the mirroring port number. The default port is 5022.5. Click Set High Availability.



6. Set the following:– Partner Contact Timeout – Enter the number of minutes that pass with no contact between the active

server and passive server. When the active receives no response from the passive, then the activecontinues to start. If the passive has no contact with the active, the passive will start up as the active.

– Partner Failover Timeout – Enter the number of minutes that pass with no ping received from theprimary server. After this time, the passive switches to the active server.

– Reboot Blackout Window – On graceful shutdown passive switches to active after no response. You mightwant to shut down the active UVM but not want the passive UVM to take control. For example, you mightwant to move the active UVM and know that it will take approximately 30 minutes. To be sure the passivedoes not take control while the active is offline, set the value here to 60 minutes.

You must shut down the primary from the Version Information tab.

Enter the number of minutes that pass before the passive takes control.

– Send Alerts on Failover – When selected, either an email is sent or events are sent to BeyondInsight. Formore information about alerts, see Configuring Notifications.

– Medium Failover Mode – When communication between the pairs is lost, the passive appliance is in afailover pending state only. Action is required on your part to start a failover process. See Using MediumFailover Mode.

– Background Settings Update Rate – Enter the number of minutes that pass before a file synchronizationoccurs. Files copied to the passive server are configuration files, certificates, and registry files.



– Failed Notification Rate – Provides notification after your active appliance has failed over. If you are usingMedium Failover Mode, the email indicates that action is required on your part. The default value is 15minutes.

– Queue File Synchronization – Click to start a file synchronization.

7. Click Update Settings.

Using a Load Balancer in an Active-Passive ConfigurationWhen setting up an active-passive pair, you might want to configure a load balancer that acts as a DNS-redirector.

Configure the load balancer between two appliances so that it can determine which appliance is active and whichis passive. The load balancer then sends the traffic to the active appliance.

You can use the following endpoint API to configure the load balancer. Refer to your load balancer documentationto ensure that it is configured to use the endpoints.

Endpoint:

GET https://<UVMAddress>/UVMInterface/api/HighAvailability

It will return an object with one member.{string Role;}



You can set the formatting of the requested return value in the Content-Type request header.

For example, to get JSON, you can specify:Content-Type: application/json;charset=UTF-8

The available values for Role are:

Off - High Availability is not turned on.

Active - UVM is in Active mode.

Passive - UVM is in Passive mode.

Testing HA FailoverNote: The Attempt Auto-Resync setting is a quick way to restore high availability in a scenario where databases

on the active and passive servers are synchronized. It is not recommended for a production failoverscenario. Data loss can occur if databases are not synchronized.

To test failover:

1. Select the Attempt Auto Resync of Database When Connecting After Failover.2. Unplug or power off the active server.3. Wait for failover. Check that the passive is now the active.4. Restore the active (turn on or plug in).5. The auto re-sync should restore high availability configuration.6. Note that the passive server will be acting as the active. Click the Switch Roles button to restore the server

partners to their original roles.

Using Medium Failover ModeUse Medium Failover mode when you do not want the services on the passive appliance to start automaticallywhen the communication between pairs is lost.

The passive appliance waits in a pending state until you manually start the failover process. When your active fails,you must log on to the appliance software to start the failover process to the passive appliance.

To use medium availability, you must turn on Medium Failover Mode. See Configuring High Availability.

To start the failover:

1. Log on to the appliance, and then select High Availability.2. In the High Availability Maintenance section, click Failover to this UVM. Note that the button is only active

when the primary appliance is down.Clicking the button starts the services and database.

Resuming and Suspending SQL MirroringYou can suspend and resume SQL Server mirroring. You might want to pause mirroring if you want to take care ofmaintenance tasks on the database server.

A failover cannot occur when the database is in a suspended state.

Note that if the appliance is in a failover state and mirroring is suspended, you can click Resume to start mirroring.

To resume or suspend mirroring:



1. Log on to the appliance, and then select High Availability.2. Click Suspend to pause mirroring.3. Click Resume to start mirroring again.

Discarding HA Configuration SettingsTo reset the appliances to the Initial Setup state, you can remove all HA configuration settings established betweenHA appliances. You might want to do this if you want to set up new HA pairs.

1. Select High Availability from the menu.2. Click Abandon Configuration.

Recognizing a FailoverReview the following to help you determine if a failover has occurred.

• In appliance v. 1.5.4 and later, an email is sent to the address set in the configuration wizard.

If you are using an appliance version earlier than 1.5.4, you can contact BeyondTrust Technical Support toactivate the email feature.

• If you are not using a load balancer, you might notice that BeyondInsight is no longer responsive on the activeserver.

• On the Diagnostics web site (for the primary), only two tabs are displayed. This indicates the server is in Passivemode.

• Confirm the passive server is in Active mode.

Disaster RecoveryIf you are using High Availability as a disaster recovery solution, review the following points as a guide to restoringroles.

• Determine if the active server failed. Confirm the role of your live server (or the “primary” server).

• If a failure occurred on the primary, investigate and resolve issues on the primary.



• After a failover to the disaster recovery server (or the “secondary”), you can restore roles on the applianceweb site from the Active server.

Verifying Connectivity Between ServersOn the High Availability Configuration page, verify that the communication between appliances is active.

The Last Heartbeat indicates the last ping to the passive server and the return response to the active.

Database Status After a FailoverImportant: In all scenarios, we strongly recommend investigating the cause of the failure. We do not recommendresuming database mirroring until issues are resolved.

The following database status indicators might display after a failover.

• DISCONNECTED – Failover was catastrophic (server is completely unavailable/unreachable). Turn off HighAvailability and investigate the issues with the failed server.

After the failed server is cleared for use, turn on High Availability and synchronize the databases.

• EXPOSED – If the other server is still available (and possibly still healthy) but the failover was serious or lengthyenough that High Availability was disabled.

After the failed server is cleared for use, turn on High Availability and synchronize the databases.

• SUSPENDED – If the interruption was of a minor or transient nature. While it may be possible to restoreconnectivity without disabling High Availability, we encourage you to turn off HA and investigate the issues withthe other server.

After the failed server is cleared for use, turn on High Availability and synchronize the databases. Optionally,contact BeyondTrust Technical Support to see if mirroring can be restored.

Restoring Roles After a FailoverAfter a failure has been identified and resolved on an appliance, you can restore the roles to the initial state.

1. Log on to the appliance web site from the Active appliance.2. Select High Availability from the menu.3. Click Switch Roles.

Reviewing Database MetricsOn the High Availability Settings page, you can review information about earlier database synchronizations and thesize of the current BeyondInsight database.

You can then determine from these values how long a synchronization between servers might take.



Checking the Database Connection StatusCheck the status of the BI Mirror State on the High Availability tab to ensure that synchronizations are occurringbetween the active and passive servers.

Database Mirror StatesState Description

EXPOSED Databases are not mirrored.

SYNC PENDING: INITIAL DB SYNCSTARTED

Started to back up and transfer database to passive server.

SYNC PENDING: SETMIRROR CALLEDDatabase is transferred and restored to the passive server, now turning onmirroring.

SYNCHRONIZINGServer is actively transmitting Transaction Logs to the other database toapply changes.

EXPOSED – MAX SYNC ATTEMPTSREACHED

5 consecutive attempts were made and failed to establish mirroring.

Mirror was not established and is no longer trying.

To troubleshoot:

• Check for connectivity issues. Ensure the database mirror port is set to5022.

SYNCHRONIZED Databases are actively mirrored. HA is considered to be working.



Configuring Backup and Restore

Scheduling a BackupTo schedule a backup:

1. Select Backup and Restore from the Maintenance menu.

2. Select the day of the week and time to run the backup.3. Enter the password for the .zip file.4. Enter the information for the remote share where the .zip file will be saved.5. Click Schedule Backup.

Scheduling an Automatic BackupConfigure a recurring, scheduled backup.

1. Select Backup and Restore from the Appliance Maintenance menu.2. Select the Automatic Backup Enabled box.3. Select the day of the week and time to run the backup.4. Enter the password for the .zip file.5. Click Schedule Automatic Backup.



Restoring the ApplianceYou must restart the appliance and reset the passwords after restoring.

To restore the appliance from the last backup:

1. Select Backup and Restore from the Appliance Maintenance menu.

2. Enter the password, and then click Restore Appliance.

To restore the appliance from a backup file:

1. Select Backup and Restore from the Appliance Maintenance menu.2. Drop the file to upload.

3. After the backup is uploaded, enter the password and click Restore Appliance.



UVM RecoveryThis section applies to UVM20 and UVM50 appliances.

Use the recovery procedure to rebuild your UVM.

All information saved or configured on the UVMwill be lost.

There is no way to recover this data.

Note: Retrieve BitLocker keys before starting the recovery process.

1. After the appliance is restarted and you see the following screen, press the F8 key to enter the Windows bootoptions. Try pressing the key a few seconds apart to make sure you don’t miss the chance to access the bootoptions.

2. Press Enter to go to the BitLocker key prompt.3. Enter the BitLocker Password for the C: Drive (match up the corresponding ID#) and press Enter.

4. On the Advanced Boot Options screen, press Enter to choose Repair Your Computer.5. Click Troubleshoot.6. Click Reset Your PC.7. Enter Drive password for ID which is displayed and click Continue.8. Click Next.9. (UVM50 Only). Select All drives.10. Click Just remove my files.

UVM Recovery


11. Click Reset.Note that BitLocker drive encryption will be turned off. It will be enabled again later in the process.

The Appliance is being imaged with the original Manufacturing image.

12. Insert the USB which contains the BitLocker keys. The BitLocker keys will be regenerated and saved to the USB.On the first reboot, scripts run that are required to set up the appliance. This part of recovery is automatic andit will force a system reboot when it is complete.

After the second reboot, a command window is displayed. BitLocker starts the drive encryption. Updates aredisplayed on the drive encryption progress.

13. After BitLocker is complete, run Update Appliance.bat on the desktop.

14. Click Next on the Auto Update window.

UVM Recovery


15. All products will update to the most recent version on the Public Update Server. Click Next when Auto Updateis finished. All updates are now complete.

16. Enter the license key for Windows. Then enter the license key for SQL Server.17. For the final stage of preparation, run Prepare For Shipping.bat.

All temporary and setup files are removed; Windows and SQL Server are licensed.

You are now ready to configure your appliance. See Configuring Your UVM Appliance.

UVM Recovery


Appendix A: Configuring VLANNote: On the Microsoft Windows Server 2012 R2 appliances, the Broadcom Advanced Control Suite 4

application is already installed. Access the application from the Start menu.

For all other appliances, you can use the following procedures.

Tagged VLAN configuration on Physical UVM20/50Broadcom BCM5709C NetXtreme II GigE

1. Download Utility “Gigabit Management Applications Installer for Windows (x64)”http://driverdownloads.qlogic.com/QLogicDriverDownloads_UI/SearchByProduct.aspx?ProductCategory=336&Product=1245&Os=190

2. Install utility (rename setup.exe if required).3. Run Broadcom Control Suite 4 from Control Panel or Start Menu.

a. Filter by Team View from the menu at top.b. Under Unassigned Adapters select the Adapter being used (if connected it will have a green checkmark).c. Right-click and click Create a VLAN > Next.d. Enter name for team (i.e. VLAN).e. Enter name for VLAN (i.e. VLAN10) > Next.f. Click Tagged > Next.g. Enter VLAN Tag (i.e. 10) > Next.h. Click Finish.i. Click Yes to acknowledge there may be a temporary network interruption.j. Right-click on the Team that was created from the previous step (i.e. VLAN) and click Add VLAN.k. Enter name (i.e. VLAN20) > Next.l. Select Tagged > Next.m. Enter VLAN Tag (i.e. 20) > Next.n. Click Yes to add more VLAN's and repeat, or No if finished.o. Click Finish.

Appendix A: Configuring VLAN


http://driverdownloads.qlogic.com/QLogicDriverDownloads_UI/SearchByProduct.aspx?ProductCategory=336&Product=1245&Os=190

http://driverdownloads.qlogic.com/QLogicDriverDownloads_UI/SearchByProduct.aspx?ProductCategory=336&Product=1245&Os=190

4. Network configuration can be Static or Dynamic depending on the environment/needs but would beconfigured just as a normal adapter is configured.

Virtual Guest Tagging (VGT) VLAN configuration on Virtual UVM20Intel(r) 82574L Gigabit Network Connection (Intel E1000)

To install the required driver within aWindows 2012 R2 guest operating system:

1. Download ProWinx64 from Intel located here: http://downloadmirror.intel.com/18718/eng/PROWinx64.exeUse 7zip to extract contents to a temp folder.

2. Right-click the network adapter and click Update Driver Software.3. Click Browse my computer for driver software.4. Click Let me pick from a list of device drivers on my computer.5. Click Have Disk.6. Click Browse.7. Browse to temp location driver files were extracted to.8. Click Next to install the driver.9. Repeat Steps 2-8 for each network adapter you have for the virtual machine.10. After all the adapters are updated, run the PROWinx64.exe file, rather than extracting it. You should now be

able to install the Advanced Network Services software with VLANs.

To configure VLAN tagging on a Virtual Machine:

1. Open Device Manager.2. Right-click Network Adapter and select Properties.

There will now be a VLANs tab available. This is not displayed before installing the PROWinx64.exe file above.

3. Click New.4. Enter VLAN ID (for example, 20).5. Enter VLAN Name (for example, VLAN20).6. Click OK.7. Continue these steps for as many VLAN’s that are required.



http://downloadmirror.intel.com/18718/eng/PROWinx64.exe

There will now be a new network adapter displayed under Network Connections for each VLAN created.

8. Network configuration can be Static or Dynamic depending on the environment or your requirements butwould be configured just as a normal adapter is configured.



Appendix B: Optional Appliance Configuration

Configuring iDRACYou can use the iDRAC tool to remotely manage your UVM appliance (UVM20 or UVM50). Configuring iDRAC isoptional.

For more information about configuring iDRAC, refer to Dell product documentation.

1. At startup, press F2 to enter the Setup menu.2. Select iDRAC Settings.3. SelectNetwork.4. Set "Enable NIC" to Enabled.5. Configure IP address settings as per your Network Administrator (DHCP/Static).

Setting NIC selection to Dedicated only allows the physical iDRAC port on the back to be used for iDRACcommunication. Setting it to another port will allow it to share the same physical connection.

6. Save your settings.If using DHCP IP configuration, watch for the iDRAC IP address to be displayed at start up and record this for futureuse.

Open a browser and enter the IP address associated with the iDRAC port. Use the default logon credentials:

User: root

Password: calvin

Configuring NIC Teaming or Link AggregationNote: On the Microsoft Windows Server 2012 R2 appliances, the Broadcom Advanced Control Suite 4

application is already installed. Access the application from the Start menu. For all other appliances, youcan use the following procedure.

The appliance has a Broadcom NetXreme II four-port Network Interface card. Work with your NetworkAdministrator before you configure NIC teaming or aggregation. Your administrator must provide IP addressinformation for the environment where the appliance is being deployed.

You must download the Broadcom management utility before you can manage and configure NIC teaming.

For more information, visit the following web site:

http://www.qlogic.com/solutions/Pages/Ethernet-NIC-FAQs.aspx

Appendix B: Optional Appliance Configuration


http://www.qlogic.com/solutions/Pages/Ethernet-NIC-FAQs.aspx

Appendix C: Setting up a Cold Spare ApplianceYou can set up an appliance that can be used as the main appliance if the first one needs to be taken offline.

Requirements• The BeyondInsight version on the cold spare must be the same or greater than the version on the source

appliance.

• It is recommended that both appliances turn on the Auto Updates role.

• Ensure the cold spare is receiving updates so that it matches the source appliance.

• For Analytics and Reporting, ensure SQL Server versions match on both appliances.

• The source and spare appliances need the same name.

Note: If the SQL Server database is remote, the data will not be copied to the cold spare.

To set up the spare:

1. Select Roles Editor from the menu.2. Click the Cold Spare role.3. Turn on the role.4. Click Locations +.

a. Enter the path to the shared location where the back up files are saved. Optionally, select an existing sharelocation.

b. If applicable, enter the credentials that can access the share. Click the Test the Remote Share Credentialsbutton to test the connection.

Appendix C: Setting up a Cold Spare Appliance


5. Set scheduling information, including the day of the week and time. The cold spare retrieves the informationfrom the backup file at this time. When the cold spare starts up the data from the last backup file retrieved isused.

6. Enter a restore password.7. Provide a temporary machine name.



8. Click Apply Changes.9. On the Roles Editor main page, click Apply Pending Changes.A restart is required after the settings are saved. A dialog box is displayed when the appliance is ready to shut downand restart.



UVM Appliance User Guide - BeyondTrust · Contents Contents 3 Introduction 6 ContactingSupport 7...

Documents

Transcript of UVM Appliance User Guide - BeyondTrust · Contents Contents 3 Introduction 6 ContactingSupport 7...