BeyondTrust UVM20 User manual
UVM Appliance
User Guide
Revision/Update Information: January 2018
Software Version: UVM Appliance 2.4
Revision Number: 0
CORPORATE HEADQUARTERS
5090 N. 40th Street
Phoenix, AZ 85018
Phone: 1 818-575-4000
COPYRIGHT NOTICE
Copyright © 2018 BeyondTrust Software, Inc. All rights reserved.
The information contained in this document is subject to change without notice.
No part of this document may be photocopied, reproduced or copied or translated in any manner to another
language without the prior written consent of BeyondTrust Software.
BeyondTrust Software is not liable for errors contained herein or for any direct, indirect, special, incidental or
consequential damages, including lost profit or lost data, whether based on warranty, contract, tort, or any other
legal theory in connection with the furnishing, performance, or use of this material.
All brand names and product names used in this document are trademarks, registered trademarks, or trade names
of their respective holders. BeyondTrust Software is not associated with any other vendors or products mentioned
in this document.
Contents
Contents 3
Introduction 6
Contacting Support 7
Access BeyondInsight 8
Managing Your UVM 9
Accessing the UVM Web Site 9
Session Timeout 9
Activating Windows 9
Requesting Product Updates 9
Apply Security Updates 10
Setting the Update Method 11
Appliance General Settings 12
Adjusting Date and Time Settings 12
LCD Panel Settings 12
Clearing the BeyondInsight Cache 13
Export Settings 13
Pre-Logon Banner Settings 13
Managing Security Settings 14
Downloading a Crypto Key 14
Uploading a Crypto Key 14
FIPS Compliance Checking 14
Managing the UVM API Key 15
Turning off SSL Authentication 15
Analytics and Reporting Endpoints 15
Generating and Exporting Certificates 16
Setting a Security Protocol 16
Turning On HSTS 17
Accounts and Licensing Settings 18
Updating Product Serial Numbers 18
Purging Appliance Data 19
Resetting Administrator Passwords 19
Network and RDP Settings 21
Configuring RDP 21
Setting an IP Address for the Appliance 21
Entering SMTP Server Settings 22
Proxy Settings 22
BITS Throttle 23
Using Two Factor Authentication 24
Contents
UVM Appliance User Guide 3 © 2018. BeyondTrust Software, Inc.
Appliance Health 25
Health Dashboard 25
Monitoring Services and Hardware 26
Checking Services 26
Configuring Counters for Performance Metrics 27
Configuring Notifications 29
Sending Alerts to BeyondInsight 30
Viewing Notifications 32
Configuring Roles 33
Using Role Templates 33
Saving Role Configuration 33
Vulnerability Scanner Role Settings 33
Event Collector Role 33
SQL Server Database Roles 34
Database Access 34
Patch Management Role 34
PowerBroker Endpoint Protection Role 34
BeyondInsight Omniworker Service Role 34
PowerBroker Password Safe Web Portal Role 34
High Availability Role 34
On the Primary Server 34
On the Secondary Server 35
BeyondInsight Analytics and Reporting Roles 35
Analysis Services Role Settings 35
Reporting Services Role 35
Turning on Auto Update 35
Enterprise Update Server Role Settings 36
BeyondTrust Updater Role Settings 36
Configuring PowerBroker Password Safe 37
Uploading SSL Certificate 37
Archiving Password Safe Session Monitoring Events 37
Setting up the Repository Host 38
Running the Repository Configuration Tool 39
Setting up the Appliance 39
Synchronizing Session Monitoring Archive Files 40
Using High Availability 42
Active–Passive High Availability 42
Setting up High Availability 42
Turning on High Availability (HA) Pairing 42
Configuring High Availability 43
Using a Load Balancer in an Active-Passive Configuration 45
Testing HA Failover 46
Using Medium Failover Mode 46
Resuming and Suspending SQL Mirroring 46
Discarding HA Configuration Settings 47
Contents
UVM Appliance User Guide 4 © 2018. BeyondTrust Software, Inc.
Recognizing a Failover 47
Disaster Recovery 47
Verifying Connectivity Between Servers 48
Database Status After a Failover 48
Restoring Roles After a Failover 48
Reviewing Database Metrics 48
Checking the Database Connection Status 49
Configuring Backup and Restore 50
Scheduling a Backup 50
Restoring the Appliance 50
UVM Recovery 52
Appendix A: Configuring VLAN 54
Tagged VLAN configuration on Physical UVM20/50 54
Virtual Guest Tagging (VGT) VLAN configuration on Virtual UVM20 55
Appendix B: Optional Appliance Configuration 57
Configuring iDRAC 57
iDRAC Commands 57
Configuring NIC Teaming or Link Aggregation 58
Appendix C: Setting up a Cold Spare Appliance 59
Requirements 59
Contents
UVM Appliance User Guide 5 © 2018. BeyondTrust Software, Inc.
Introduction
This guide provides information on UVM20 and UVM50 appliances, virtual appliances, and diagnostics information.
This guide is intended for network security administrators responsible for protecting their organization's computing
assets. A familiarity with networking and security concepts is needed.
FCC Certification
This equipment has been tested and found to comply with the limits for a Class A digital device pursuant to Part 15
of the FCC Rules. These limits are designed to provide reasonable protection against harmful interference when
the equipment is operated in a commercial environment. This equipment generates, uses, and can radiate radio
frequency energy and, if not installed and used in accordance with the manufacturer’s instruction manual, may
cause harmful interference with radio communications.
Operation of this equipment in a residential area is likely to cause harmful interference, in which case you will be
required to correct the interference at your own expense.
Standards Compliance
UVM has been tested and verified to comply with the applicable sections of the following standards:
• FCC Emissions
• Binational standard, UL-1950/CSA-C22.2 No. 950-95: Safety of Information Technology Equipment
Limited Hardware Appliance Warranty
This hardware appliance is accompanied by a 3-year manufacturer’s warranty based on the invoice date. (Extended
warranties available on request.) The warranty covers all hardware, including internal components supplied in this
shipment. The warranty does not cover additional items, such as keyboards, monitors and mice, not included in this
shipment. During the warranty period, the appliance will be repaired or replaced at no cost under the warranty
terms.
Due to continuing changes in the computer industry, if a replacement is necessary the appliance manufacturer
reserves the right to make product substitutions of equal or greater value.
Do not ship any appliance without first contacting BeyondTrust Technical Support to coordinate any repairs or
replacements. Do not try to repair the appliance yourself.
Please back up all data before having the appliance serviced or repaired. Neither BeyondTrust nor the appliance
manufacturer warrants that operation of the appliance will be uninterrupted or error-free. In no event will
BeyondTrust or the appliance manufacturer be responsible or liable for loss or integrity of any data on the
appliance and/or any storage media.
Warranty Invalidation
This warranty is void in the event that:
• the appliance is damaged due to accident, abuse, misuse, problems with electrical power, modifications or
servicing not authorized by BeyondTrust and/or the appliance manufacturer, or failure to operate in
accordance with the appliance instructions;
• serial tags, receiving numbers, product stickers or manufacturer seals have been removed, altered or
tampered with;
• the appliance is opened for any reason;
Introduction
UVM Appliance User Guide 6 © 2018. BeyondTrust Software, Inc.
• the appliance is damaged due to improper or inadequate packaging when returned for repair or replacement;
• the appliance has been tampered with, such as overclocking.
Labor and services performed on items or systems that are found not to be defective may be subject to a separate
charge. In addition, the appliance manufacturer reserves the right to charge a 10 percent restocking fee for items
returned which are found not to be defective.
Contacting Support
For support, go to our Customer Portal then follow the link to the product you need assistance with.
The Customer Portal contains information regarding contacting Technical Support by telephone and chat, along
with product downloads, product installers, license management, account, latest product releases, product
documentation, webcasts and product demos.
Telephone
Privileged Account Management Support
Within Continental United States: 800.234.9072
Outside Continental United States: 818.575.4040
Vulnerability Management Support
North/South America: 866.529.2201 | 949.333.1997
+ enter access code
All other Regions
Standard Support: 949.333.1995
+ enter access code
Platinum Support: 949.333.1996
+ enter access code
Online
http://www.beyondtrust.com/Resources/Support/
Introduction
UVM Appliance User Guide 7 © 2018. BeyondTrust Software, Inc.
Access BeyondInsight
For more information about using BeyondInsight, refer to the BeyondInsight product documentation.
To log on to BeyondInsight:
1. Open a web browser, and then enter the URL to access BeyondInsight.
https://[BeyondInsight server name]/eEye.RetinaCS.Server
The SSL certificate warning window displays. The SSL certificate automatically created for the UVM ensures
encrypted communications.
To avoid the warnings, install the SSL certificate through the web browser or obtain a valid certificate from a
certificate authority. Or, select the check box to not display the information page again.
The Internet Explorer warnings will be displayed until the SSL certificate is installed or a valid certificate is
obtained.
The BeyondInsight Login page displays.
2. Enter your user name (btadmin) and the password you created in the configuration wizard, then click Login.
The BeyondInsight console displays.
Access BeyondInsight
UVM Appliance User Guide 8 © 2018. BeyondTrust Software, Inc.
Managing Your UVM
You can access appliance diagnostics to verify version information, request updates and configure other options.
Accessing the UVM Web Site
To log on to the UVM web site:
1. Using your web browser, enter:
https://[your IP Address]/Maintenance
2. For the initial login, enter the following information.
– User Name - Enter the Administrator user name created using the Configuration wizard.
– Password - Enter the Administrator password created using the Configuration wizard.
Session Timeout
A user can be logged on to an appliance web site for 14 minutes. After 12 minutes a message is displayed indicating
the session will expire in 2 minutes. The user must log on to the web site after the session expires.
Session timeout applies to all appliance web sites: Roles Editor, Maintenance, Diagnostics, and High Availability.
The session timeout value cannot be configured.
Activating Windows
If the Windows environment is currently not activated, you can activate on the Maintenance web site.
To activate Windows:
1. Select Maintenance from the menu.
1. Select Accounts and Licensing.
2. Click one of the following:
–Activate Online – Select when you have an Internet connection.
–Activate By Phone – Select if there is no Internet connection (for example, in an air-gap environment).
Requesting Product Updates
You can request product updates for the UVM. You can view the version number for the BeyondTrust products that
you are licensed to use.
To request updates:
1. On the BeyondTrust Updates page, click Request Update.
The update of the UVM and BeyondInsight database starts.
Managing Your UVM
UVM Appliance User Guide 9 © 2018. BeyondTrust Software, Inc.
Apply Security Updates
BeyondTrust provides a bundle of Microsoft patches in a security update package. All updates are tested and
approved by BeyondTrust to ensure that updates do not interfere with the proper operation of your UVM.
The packages are updated when new patches are available from Microsoft. For more information about the
updates included in the package, contact BeyondTrust Technical Support.
In UVM versions 1.3 or later, there is a security update package installer that ships with your appliance. When a
new package is copied to the update server, then those updates can be received by your appliance.
Note: If you are working in an air-gap environment, you can manually download the update packages. You must
work with the BeyondTrust Technical Support team to download packages manually.
To apply the updates:
1. Log on to the appliance web site.
The default page displayed is the BeyondTrust Updates page.
2. If it is not displayed, select Maintenance from the menu, then select BeyondTrust Updates.
Details about any updates currently available are provided.
Managing Your UVM
UVM Appliance User Guide 10 © 2018. BeyondTrust Software, Inc.
3. Click Apply Security Updates.
The update can take time depending on the packages being applied. Click Refresh at any time to update the
status.
Note: If a restart is required (depending on the patch), then the appliance will restart automatically. No
action is required on your part.
Note: Applying Security Updates For UVM Versions Earlier Than 1.3
If your UVM version is earlier than 1.3, then BeyondTrust Technical Support can send you the update package
installer to deploy on your appliance. After you run the installer package, the appliance web page is updated. The
Security Updates section will be available for you to track and manage your security updates.
Setting the Update Method
1. Log on to the appliance web site.
2. Select Maintenance from the menu, then select BeyondInsight Updates.
3. Select an update method.
–Connect to the Internet for licensing and updates. No proxy required - Select if there is an Internet
connection and no proxy server.
–Connect to the Internet for licensing and updates through a proxy server - Select if you are using a proxy
server.
–No Internet connection.(Requires performing manual updates.) - Select if the appliance does not have
an Internet connection.
4. After you select an update method, click Apply Changes.
Managing Your UVM
UVM Appliance User Guide 11 © 2018. BeyondTrust Software, Inc.
Appliance General Settings
Adjusting Date and Time Settings
1. Select General Settings from the Maintenance menu.
2. Select a time zone and adjust the time.
3. Click Set the Date and Time Now.
LCD Panel Settings
To turn on settings for the LCD panel on the appliance:
1. Select General Settings from the Maintenance menu.
2. You can turn on the following settings:
Managing Your UVM
UVM Appliance User Guide 12 © 2018. BeyondTrust Software, Inc.
–Allow LCD Panel to Reset Administrator Password – Turn on to be able to reset the administrator
password to a random password from the LCD panel. If needed, go to the appliance to reset the
administrator password. Select the Show IP option to view the IP address. Hold the and arrows
simultaneously on the UVM LCD panel. A random password is generated. Press to accept the changed
password.
–Buttons on LCD Panel – Turn off to disable all the LCD panel buttons.
3. Click Update LCD Panel Settings.
Clearing the BeyondInsight Cache
The Clear BI Cache button clears the license key in the BeyondInsight database cache. If a new license key has been
recently applied, then clearing the cache ensures that the new key is saved to the BeyondInsight database.
Clearing the cache and applying the new key ensures all features are available and work properly. You can verify
licensed features on the Product Activation Keys tab.
Export Settings
To allow appliance settings such as IP address and administrator password to be set by inserting a USB drive into the
appliance.
To turn on settings for the LCD Panel on the appliance:
1. Select General Settings from the Maintenance menu.
2. Click to turn on Appliance settings to be imported and exported onto removable storage.
3. Click Update Export Settings.
Pre-Logon Banner Settings
You can configure a pre-logon message before the logon credentials page is displayed to the user.
To configure a pre-logon banner:
1. Select General Settings from the Maintenance menu.
2. Enter a title and message.
Managing Your UVM
UVM Appliance User Guide 13 © 2018. BeyondTrust Software, Inc.
Managing Security Settings
Downloading a Crypto Key
1. Select Security Settings from the Maintenance menu.
2. Enter a password, and then click Submit.
Uploading a Crypto Key
1. Select Security Settings from the Maintenance menu.
2. Enter password.
3. Drop the zip file.
4. Click Generate the Uploaded Key.
FIPS Compliance Checking
To turn on FIPS compliance checking:
1. Select Security Settings from the Maintenance menu.
Managing Security Settings
UVM Appliance User Guide 14 © 2018. BeyondTrust Software, Inc.
Managing the UVM API Key
The UVM API manages the communication between appliances when high availability is used in your environment.
The API key is automatically generated and is available to copy on the High Availability page. You can regenerate the
key on this page. You might want to regenerate the key regularly for security reasons.
You can also apply limitations on incoming messages.
To set the API:
1. Select Security Settings from the Maintenance menu.
2. Set the maximum age for messages, and then click Update Maximum Age. The default value is 600 minutes.
3. Click Generate API Key.
When configuring high availablity between appliances, copy the key to the High Availablity page for the partner
appliance.
Turning off SSL Authentication
You can turn off SSL authentication. When you select SSL/Certificate Required (No), SSL certificates are ignored.
To ignore SSL certificate authentication:
1. Select Security Settings from the Maintenance menu.
2. Click Event Service SSL/Certificate Required (No).
3. Click Submit.
Analytics and Reporting Endpoints
If the BeyondInsight Analytics and Reporting web site is not reachable, you can refresh the settings to establish the
connection.
1. Select Security Settings from the Maintenance menu.
2. Click Refresh.
Managing Security Settings
UVM Appliance User Guide 15 © 2018. BeyondTrust Software, Inc.
Generating and Exporting Certificates
1. Select Security Settings from the Maintenance menu.
2. To regenerate the SSL certificate to match the appliance network name, click Generate Certificate. The
certificate will not be trusted by the client browser.
3. To export the client certificate, enter the password for the certificate and then click Export Certificate.
Setting a Security Protocol
Select the security protocol that applies to your environment: SSL or TLS.
To use TLS 1.2, ensure the following patches have been applied to your appliance.
KB2979597 - https://support.microsoft.com/en-us/kb/2979597
KB3144114 – This is a hotfix. You can request it from here: https://support.microsoft.com/en-
us/hotfix/kbhotfix?kbnum=3144114&kbln=en-us
KB3144517 - https://support.microsoft.com/en-us/kb/3144517
1. Select Security Settings from the Maintenance menu.
2. Select the protocol type, and then click Update Security Protocols.
Managing Security Settings
UVM Appliance User Guide 16 © 2018. BeyondTrust Software, Inc.
Turning On HSTS
You can apply extra security to the appliance web site that will use strict transport security (HSTS) technology.
To turn on HSTS:
1. Select Security Settings from the Maintenance menu.
2. Turn on the setting, and then click Update HSTS Setting.
Managing Security Settings
UVM Appliance User Guide 17 © 2018. BeyondTrust Software, Inc.
Accounts and Licensing Settings
Updating Product Serial Numbers
You can review your licensed BeyondTrust components. If components are not showing as licensed you might
need to refresh the BeyondInsight database cache to ensure the most recent license is applied. See Clearing the
BeyondInsight Cache.
To update the appliance serial number:
1. Select Accounts and Licensing from the Maintenance menu.
2. You can either retrieve the serial numbers and validate the license key automatically using your Internet
connection or enter this information manually:
–Using the Customer Portal - Enter your email address and Client Portal password and click Retrieve Keys.
Select the appropriate serial numbers from the list when populated and click Update Serial.
–Using Online Appliance - Enter the serial numbers and then click Update Keys.
–Using Client Browser - Manually enter the serial number provided when you purchased the product. To
access your serial number, log on to the Client Portal, and select Product Licensing > Managing Your
Serial Numbers. Click Get Offline License and follow instructions on obtaining the license key offline.
Manually enter the license key once it is received.
–Using Email Validation - Enter the serial numbers and click Retrieve Offline Validation Keys. An email is
sent to request and validate the keys.
–Manually - Manually enter the serial numbers.
3. Click Update Keys.
Accounts and Licensing Settings
UVM Appliance User Guide 18 © 2018. BeyondTrust Software, Inc.
Purging Appliance Data
1. Select Accounts and Licensing from the Maintenance menu.
2. Scroll to the purge data area.
3. To erase the database and user configuration data from the appliance, click Wipe Appliance. The configuration
data and events are purged.
Resetting Administrator Passwords
You can reset the UVM administrator password, BeyondInsight administrator password, and Central Policy
password.
Ensure that you review the complexity requirements.
To reset a password:
1. Select Accounts and Licensing from the Maintenance menu.
2. Select the check box for the password that you want to change.
Accounts and Licensing Settings
UVM Appliance User Guide 19 © 2018. BeyondTrust Software, Inc.
3. Change the password.
4. Click Update Credentials.
Accounts and Licensing Settings
UVM Appliance User Guide 20 © 2018. BeyondTrust Software, Inc.
Other manuals for UVM20
1
This manual suits for next models
1
Table of contents
Other BeyondTrust Firewall manuals
Popular Firewall manuals by other brands
Netgate
Netgate XG-7100 product manual
TEMPERED
TEMPERED 500 Series Platform guide
Fortinet
Fortinet FortiGate FortiGate-500A quick start guide
NETGEAR
NETGEAR FWG114Pv1 - Wireless Firewall With USB Print... Specifications
Fortinet
Fortinet Fortiwifi fortiwifi-60 Installation and configuration guide
SonicWALL
SonicWALL NSA 2600 Upgrade guide