BeyondTrust UVM20 User Manual
  1. Manuals
  2. Brands
  3. BeyondTrust Manuals
  4. Firewall
  5. UVM20
  6. User manual

BeyondTrust UVM20 User Manual

Uvm appliance
Hide thumbs Also See for UVM20:
Table of Contents

Advertisement

Quick Links

UVM Appliance
User Guide

Advertisement

Table of Contents
loading
Need help?

Need help?

Do you have a question about the UVM20 and is the answer not in the manual?

Questions and answers

Subscribe to Our Youtube Channel

Related Manuals for BeyondTrust UVM20

Summary of Contents for BeyondTrust UVM20

  • Page 1 UVM Appliance User Guide...
  • Page 2 BeyondTrust Software. BeyondTrust Software is not liable for errors contained herein or for any direct, indirect, special, incidental or consequential damages, including lost profit or lost data, whether based on warranty, contract, tort, or any other legal theory in connection with the furnishing, performance, or use of this material.

  • Page 3: Table Of Contents

    Purging Appliance Data Resetting Administrator Passwords Network and RDP Settings Configuring RDP Setting an IP Address for the Appliance Entering SMTP Server Settings Proxy Settings BITS Throttle Using Two Factor Authentication UVM Appliance User Guide © 2018. BeyondTrust Software, Inc.
  • Page 4 Turning on High Availability (HA) Pairing Configuring High Availability Using a Load Balancer in an Active-Passive Configuration Testing HA Failover Using Medium Failover Mode Resuming and Suspending SQL Mirroring Discarding HA Configuration Settings UVM Appliance User Guide © 2018. BeyondTrust Software, Inc.
  • Page 5 Scheduling a Backup Restoring the Appliance UVM Recovery Appendix A: Configuring VLAN Tagged VLAN configuration on Physical UVM20/50 Virtual Guest Tagging (VGT) VLAN configuration on Virtual UVM20 Appendix B: Optional Appliance Configuration Configuring iDRAC iDRAC Commands Configuring NIC Teaming or Link Aggregation...

  • Page 6: Introduction

    Please back up all data before having the appliance serviced or repaired. Neither BeyondTrust nor the appliance manufacturer warrants that operation of the appliance will be uninterrupted or error-free. In no event will BeyondTrust or the appliance manufacturer be responsible or liable for loss or integrity of any data on the appliance and/or any storage media.

  • Page 7: Contacting Support

    Vulnerability Management Support North/South America: 866.529.2201 | 949.333.1997 + enter access code All other Regions Standard Support: 949.333.1995 + enter access code Platinum Support: 949.333.1996 + enter access code Online http://www.beyondtrust.com/Resources/Support/ UVM Appliance User Guide © 2018. BeyondTrust Software, Inc.

  • Page 8: Access Beyondinsight

    The Internet Explorer warnings will be displayed until the SSL certificate is installed or a valid certificate is obtained. The BeyondInsight Login page displays. 2. Enter your user name (btadmin) and the password you created in the configuration wizard, then click Login. The BeyondInsight console displays. UVM Appliance User Guide © 2018. BeyondTrust Software, Inc.

  • Page 9: Managing Your Uvm

    Activate By Phone – Select if there is no Internet connection (for example, in an air-gap environment). Requesting Product Updates You can request product updates for the UVM. You can view the version number for the BeyondTrust products that you are licensed to use.

  • Page 10: Apply Security Updates

    Managing Your UVM Apply Security Updates BeyondTrust provides a bundle of Microsoft patches in a security update package. All updates are tested and approved by BeyondTrust to ensure that updates do not interfere with the proper operation of your UVM.

  • Page 11: Setting The Update Method

    Applying Security Updates For UVM Versions Earlier Than 1.3 If your UVM version is earlier than 1.3, then BeyondTrust Technical Support can send you the update package installer to deploy on your appliance. After you run the installer package, the appliance web page is updated. The Security Updates section will be available for you to track and manage your security updates.

  • Page 12: Appliance General Settings

    3. Click Set the Date and Time Now. LCD Panel Settings To turn on settings for the LCD panel on the appliance: 1. Select General Settings from the Maintenance menu. 2. You can turn on the following settings: UVM Appliance User Guide © 2018. BeyondTrust Software, Inc.

  • Page 13: Clearing The Beyondinsight Cache

    You can configure a pre-logon message before the logon credentials page is displayed to the user. To configure a pre-logon banner: 1. Select General Settings from the Maintenance menu. 2. Enter a title and message. UVM Appliance User Guide © 2018. BeyondTrust Software, Inc.

  • Page 14: Managing Security Settings

    2. Enter password. 3. Drop the zip file. 4. Click Generate the Uploaded Key. FIPS Compliance Checking To turn on FIPS compliance checking: 1. Select Security Settings from the Maintenance menu. UVM Appliance User Guide © 2018. BeyondTrust Software, Inc.

  • Page 15: Managing The Uvm Api Key

    If the BeyondInsight Analytics and Reporting web site is not reachable, you can refresh the settings to establish the connection. 1. Select Security Settings from the Maintenance menu. 2. Click Refresh. UVM Appliance User Guide © 2018. BeyondTrust Software, Inc.

  • Page 16: Generating And Exporting Certificates

    KB3144114 – This is a hotfix. You can request it from here: https://support.microsoft.com/en- us/hotfix/kbhotfix?kbnum=3144114&kbln=en-us KB3144517 - https://support.microsoft.com/en-us/kb/3144517 1. Select Security Settings from the Maintenance menu. 2. Select the protocol type, and then click Update Security Protocols. UVM Appliance User Guide © 2018. BeyondTrust Software, Inc.

  • Page 17: Turning On Hsts

    You can apply extra security to the appliance web site that will use strict transport security (HSTS) technology. To turn on HSTS: 1. Select Security Settings from the Maintenance menu. 2. Turn on the setting, and then click Update HSTS Setting. UVM Appliance User Guide © 2018. BeyondTrust Software, Inc.

  • Page 18: Accounts And Licensing Settings

    Accounts and Licensing Settings Updating Product Serial Numbers You can review your licensed BeyondTrust components. If components are not showing as licensed you might need to refresh the BeyondInsight database cache to ensure the most recent license is applied. See...

  • Page 19: Purging Appliance Data

    Ensure that you review the complexity requirements. To reset a password: 1. Select Accounts and Licensing from the Maintenance menu. 2. Select the check box for the password that you want to change. UVM Appliance User Guide © 2018. BeyondTrust Software, Inc.
  • Page 20 Accounts and Licensing Settings 3. Change the password. 4. Click Update Credentials. UVM Appliance User Guide © 2018. BeyondTrust Software, Inc.

  • Page 21: Network And Rdp Settings

    3. Select 2-Factor required to turn on the settings to use two-factor authentication when using remote desktop. Note that if you want to disable the 2-Factor authentication the temporary password from BeyondTrust is required. After you enter the password, the 2-Factor Required box is cleared.

  • Page 22: Entering Smtp Server Settings

    User - The user name used to access the server. – Password/Confirm Password - The server password. 3. Click Update SMTP. Proxy Settings Configure a proxy server if access to the Internet is required. To use a proxy server: UVM Appliance User Guide © 2018. BeyondTrust Software, Inc.

  • Page 23: Bits Throttle

    5. Click Update Proxy Settings. BITS Throttle 1. Select Network & RDP Settings from the Maintenance menu. 2. Drag the slider to the level of throttling. 3. Click Update BITS Throttling Setting. UVM Appliance User Guide © 2018. BeyondTrust Software, Inc.

  • Page 24: Using Two Factor Authentication

    5. Enter the user name. This is the user account that is used to log on to the RADIUS server. Note: The RADIUS user account password must match the appliance Administrator password. 6. Click Update Settings. UVM Appliance User Guide © 2018. BeyondTrust Software, Inc.

  • Page 25: Appliance Health

    Used disk space on the C: drive. Note that on a UVM50 additional drives are displayed (O, N, and M). • Services running and stopped • Analyzer reporting - Download BeyondTrust's BTAnalyzer reports. View health metrics on BeyondTrust components and services running in your environment. UVM Appliance User Guide © 2018. BeyondTrust Software, Inc.

  • Page 26: Monitoring Services And Hardware

    1. Select Diagnostics from the menu. 2. Select Appliance Health from the menu. The icons indicate the following: Click to refresh the service. Click to start the service. Click to stop the service. UVM Appliance User Guide © 2018. BeyondTrust Software, Inc.

  • Page 27: Configuring Counters For Performance Metrics

    Generate Alerts For Monitored Performance Data – Turns on email notification for alerts. – Generate Daily Summaries of Performance Data – Performance metrics are collected every 2 hours and emailed on a daily basis. UVM Appliance User Guide © 2018. BeyondTrust Software, Inc.
  • Page 28 4. By default, there are four base counters listed: SQL Server Memory Percentage, CPU Overall Usage, SQL Server CPU Usage, and Disk Free. Select additional counters from the list, and then click Add to List. 5. Adjust the performance and reset thresholds. 6. Click Apply Updated Settings. UVM Appliance User Guide © 2018. BeyondTrust Software, Inc.

  • Page 29: Configuring Notifications

    3. Click the box to turn on email notification. 4. Click in the Email These Users box, and then select the check boxes for the email addresses that will receive the notifications. 5. Click Apply Updated Settings. UVM Appliance User Guide © 2018. BeyondTrust Software, Inc.

  • Page 30: Sending Alerts To Beyondinsight

    If the remote server is a software install of BeyondInsight, use the BeyondInsight Configuration Tool to create and export the certificate. 4. Click Apply Updated Settings. You must also create a connector from the BeyondInsight management console. UVM Appliance User Guide © 2018. BeyondTrust Software, Inc.
  • Page 31 4. Enter the details for the UVM appliance, including IP address, protocol, and facility. 5. Select the Appliance Health check box. By default all severity levels are included. Select an alternate level if needed. UVM Appliance User Guide © 2018. BeyondTrust Software, Inc.

  • Page 32: Viewing Notifications

    After notifications are received, a number is displayed that indicates the number of notifications. Click the icon to view more information about the notifications, as shown: The bar next to the notification indicates severity. See the following table for descriptions. Color Legend Info Medium High UVM Appliance User Guide © 2018. BeyondTrust Software, Inc.

  • Page 33: Configuring Roles

    Turn on the role to activate the Retina scanner agent. Event Collector Role On the Event Collector page, select the BeyondTrust service that will be responsible for sending events between components (for example, Retina scanner agent, Retina Protection agent, and PowerBroker Endpoint Protection Platform).

  • Page 34: Sql Server Database Roles

    2. Select Roles Editor from the menu. 3. Click High Availability, then and select a mirroring option: – HA will mirror both Server and Database – HA mirroring for services only UVM Appliance User Guide © 2018. BeyondTrust Software, Inc.

  • Page 35: On The Secondary Server

    Reporting Services role to run the service locally when using a remote database. Turning on Auto Update To use the auto update feature, where product updates will automatically download when available, turn on the auto update role. To turn auto update: UVM Appliance User Guide © 2018. BeyondTrust Software, Inc.

  • Page 36: Enterprise Update Server Role Settings

    3. You can configure one server for all updates or configure servers based on functional area. If you configured different update servers, click Load Default Settings to reset the default BeyondTrust server. 4. Scroll on the page, and click Apply Changes.

  • Page 37: Configuring Powerbroker Password Safe

    You can view the archive files in Password Safe. For more information, refer to the Password Safe Administration Guide. Session monitoring files are archived in one of two ways: UVM Appliance User Guide © 2018. BeyondTrust Software, Inc.

  • Page 38: Setting Up The Repository Host

    2. Run the command: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe -i 3. Log on to Server Manager and select the IIS instance. Double-click ISAPI and CGI Restrictions. 4. Ensure that ASP.NET v.4.0 is set to Allowed. UVM Appliance User Guide © 2018. BeyondTrust Software, Inc.

  • Page 39: Running The Repository Configuration Tool

    Enter the name of the certificate. The certificate name is the same name as the repository computer. – Windows File Sharing – Enter the name of the share and credentials to access the share. Windows file sharing is the preferred method. UVM Appliance User Guide © 2018. BeyondTrust Software, Inc.

  • Page 40: Synchronizing Session Monitoring Archive Files

    Count box (archive files on the repository host). If the numbers are different, select the Synchronize Session Archiving Files check box. Archive files on the appliance will be copied to the repository host. UVM Appliance User Guide © 2018. BeyondTrust Software, Inc.
  • Page 41 Configuring PowerBroker Password Safe UVM Appliance User Guide © 2018. BeyondTrust Software, Inc.

  • Page 42: Using High Availability

    3. Turn on the high availability role. 4. Select a mirroring option. 5. Enter the password that will be used on the HA pairs. 6. Click Apply Changes. 7. On the main page, click Apply Pending Changes. UVM Appliance User Guide © 2018. BeyondTrust Software, Inc.

  • Page 43: Configuring High Availability

    After the certificates are exchanged with no errors the configuration settings are displayed. 4. Click High Availability to turn on the feature. 5. Enter the mirroring port number. The default port is 5022. 6. Click Set High Availability. UVM Appliance User Guide © 2018. BeyondTrust Software, Inc.
  • Page 44 Failed Notification Rate – Provides notification after your active appliance has failed over. If you are using Medium Failover Mode, the email indicates that action is required on your part. The default value is 15 minutes. – Queue File Synchronization – Click to start a file synchronization. UVM Appliance User Guide © 2018. BeyondTrust Software, Inc.

  • Page 45: Using A Load Balancer In An Active-Passive Configuration

    You can set the formatting of the requested return value in the Content-Type request header. For example, to get JSON, you can specify: Content-Type: application/json;charset=UTF-8 The available values for Role are: UVM Appliance User Guide © 2018. BeyondTrust Software, Inc.

  • Page 46: Testing Ha Failover

    Note that if the appliance is in a failover state and mirroring is suspended, you can click Resume to start mirroring. To resume or suspend mirroring: 1. Log on to the appliance, and then select High Availability. 2. Click Suspend to pause mirroring. 3. Click Resume to start mirroring again. UVM Appliance User Guide © 2018. BeyondTrust Software, Inc.

  • Page 47: Discarding Ha Configuration Settings

    • In appliance v. 1.5.4 and later, an email is sent to the address set in the configuration wizard. If you are using an appliance version earlier than 1.5.4, you can contact BeyondTrust Technical Support to activate the email feature.

  • Page 48: Verifying Connectivity Between Servers

    After the failed server is cleared for use, turn on High Availability and synchronize the databases. Optionally, contact BeyondTrust Technical Support to see if mirroring can be restored. Restoring Roles After a Failover After a failure has been identified and resolved on an appliance, you can restore the roles to the initial state.

  • Page 49: Checking The Database Connection Status

    EXPOSED – MAX SYNC ATTEMPTS To troubleshoot: REACHED • Check for connectivity issues. Ensure the database mirror port is set to 5022. SYNCHRONIZED Databases are actively mirrored. HA is considered to be working. UVM Appliance User Guide © 2018. BeyondTrust Software, Inc.

  • Page 50: Configuring Backup And Restore

    5. Enter the password for the .zip file. 6. Click Schedule Backup. Restoring the Appliance You must restart the appliance and reset the passwords after restoring. To restore the appliance from the last backup: UVM Appliance User Guide © 2018. BeyondTrust Software, Inc.
  • Page 51 To restore the appliance from a backup file: 1. Select Backup and Restore from the Maintenance menu. 2. Drop the file to upload. 3. After the backup is uploaded, enter the password and click Restore Appliance. UVM Appliance User Guide © 2018. BeyondTrust Software, Inc.

  • Page 52: Uvm Recovery

    UVM Recovery UVM Recovery This section applies to UVM20 and UVM50 appliances. Use the recovery procedure to rebuild your UVM. All information saved or configured on the UVM will be lost. There is no way to recover this data. Note: Retrieve BitLocker keys before starting the recovery process.
  • Page 53 17. For the final stage of preparation, run Prepare For Shipping.bat. All temporary and setup files are removed; Windows and SQL Server are licensed. You are now ready to configure your appliance. See Configuring Your UVM Appliance. UVM Appliance User Guide © 2018. BeyondTrust Software, Inc.

  • Page 54: Appendix A: Configuring Vlan

    Broadcom BCM5709C NetXtreme II GigE 1. Download “Gigabit Management Applications Installer for Windows (x64)” Contact BeyondTrust Technical Support to get the installer file. 2. Install utility (rename setup.exe if required). 3. Run Broadcom Control Suite 4 from Control Panel or Start Menu.

  • Page 55: Virtual Guest Tagging (Vgt) Vlan Configuration On Virtual Uvm20

    4. Network configuration can be Static or Dynamic depending on the environment/needs but would be configured just as a normal adapter is configured. Virtual Guest Tagging (VGT) VLAN configuration on Virtual UVM20 Intel(r) 82574L Gigabit Network Connection (Intel E1000) To install the required driver within a Windows 2012 R2 guest operating system: 1.
  • Page 56 There will now be a new network adapter displayed under Network Connections for each VLAN created. 8. Network configuration can be Static or Dynamic depending on the environment or your requirements but would be configured just as a normal adapter is configured. UVM Appliance User Guide © 2018. BeyondTrust Software, Inc.

  • Page 57: Appendix B: Optional Appliance Configuration

    Appendix B: Optional Appliance Configuration Appendix B: Optional Appliance Configuration Configuring iDRAC You can use the iDRAC tool to remotely manage your UVM appliance (UVM20 or UVM50). Configuring iDRAC is optional. For more information about configuring iDRAC, refer to Dell product documentation.

  • Page 58: Configuring Nic Teaming Or Link Aggregation

    You must download the Broadcom management utility before you can manage and configure NIC teaming. For more information, contact BeyondTrust Technical Support to get the installer file. UVM Appliance User Guide...

  • Page 59: Appendix C: Setting Up A Cold Spare Appliance

    Enter the path to the shared location where the back up files are saved. Optionally, select an existing share location. b. If applicable, enter the credentials that can access the share. Click the Test the Remote Share Credentials button to test the connection. UVM Appliance User Guide © 2018. BeyondTrust Software, Inc.
  • Page 60 When the cold spare starts up the data from the last backup file retrieved is used. 6. Enter a restore password. 7. Provide a temporary machine name. UVM Appliance User Guide © 2018. BeyondTrust Software, Inc.
  • Page 61 9. On the Roles Editor main page, click Apply Pending Changes. A restart is required after the settings are saved. A dialog box is displayed when the appliance is ready to shut down and restart. UVM Appliance User Guide © 2018. BeyondTrust Software, Inc.

This manual is also suitable for:

Uvm50

Table of Contents