PRA Deployment Questions

Hello ​@sami  - I’ll try my best to answer your queries below:

1. Virtually all network traffic to the appliance is over Port 443. This includes Jump Clients, Desktop Consoles and Jumpoints connecting back to the appliance.
2. Jumpoint set up guidelines are found here: https://www.beyondtrust.com/docs/privileged-remote-access/how-to/jumpoint/requirements.htm
3. All session recordings are held by the PRA Appliance itself. They are held for up to 90days, depending on how busy (session load, lengh of sessions, etc) your appliance is.

Thanks for the response. In my case our deployment is on Cloud. So the session recordings you have mentioned at point#3 are also applicable to that? none of the recordings will be stored on Jump Point? and will be stored in the cloud?

Hello ​@sami - Correct, all SRA appliances operate the same way in this regard, all session data and recordings will be held on and by the appliance itself. And they are all subject to the 90 day rule.

Hi ​@PhillC - is it possible to extend the recordings storage beyond 90 days? I couldn't find any option in the PRA Portal. 

Hello ​@Prudhvi Keertipati - It is not possible to extend the logging past 90 days. You will find the option under /login > Management > Security, under the Miscellaneous section, as below:

If you wish to keep the session data and recordings longer, yoi will need to look into the Integration Client software we offer for free in the Customer Portal.

​@PhillC, thanks for the feedback. What Cloud URLs the Jump Point and Jump client would need access to?

Hello ​@sami - that depends on each individual cloud instance, every customer would have their own assingned DNS URL for their own instance.

Thanks ​@PhillC, So the only firewall requirement would be to allow outbound connection from Jump Points and Jump Clients to the PRA Cloud URL?, no other outbound URLs would be required to be whitelisted? Correct 

​@PhillC , the last query that I have is can we use SAML SSO for /console ( Web Console ) login for internal users? 

I know it can be done for /login , can we also do the same for /console login?

Appreciate your feedback. Thanks. 

This is correct, back to the appliance.

SAML SSO login for /login is the same one used for /console as they both use the same users. If you have set up /login SAML Access, that same set up will allow users to log in via SAML for all the Consoles, both web and desktop.