Load Balancing BeyondInsight

Configuration has yet to be fully verified, Kemp Support will gladly assist if your BeyondInsight Server traffic is not flowing as expected.

1   Introduction

BeyondInsight gives you control over internal and external risks. It’s a unique, unified platform combining privilege and vulnerability management solutions, enabling IT professionals and security experts to work together with greater control and enhanced efficiency.

BeyondInsight / PowerBroker Password Safe supports a number of configuration methodologies for high availability, redundancy, and scalability. The solution may be installed as software, or delivered as a ready to run security appliance, called a UVM; the latter being the
more common deployment method. Most configurations require the use of an external application delivery controller as a load balancer to help end-users and software endpoints continue to connect to the BeyondInsight system when a primary IP address goes offline in a


1.2  Document Purpose

This section details a configuration for a specific application that has been provided by a customer but has yet to be fully tested.

The purpose of this document is to give readers an overview on the recommended best practice settings when configuring the BeyondInsight Server components for load balancing.

Configuration has yet to be fully verified, but Kemp Support will gladly assist if BeyondInisght Server is not flowing as expected.


2  Configuration Required

Three Virtual Services

1. PowerBroker Password Safe

2. SSH 4422

3. RDP 4489

 2.1 Global Configuration  

     >No Changes Required


2.2  Virtual Service Configuration

      PowerBroker Password Safe

      > New Virtual Service

      > Enter IP Address

      > Port = 443

      > Name = PowerBroker Password Safe     

      > Add New Virtual Service

 2.3    Standard Options   

   Modify VS > Standard Options


2.4 Real Servers

LoadMaster will Send GET request to URL "/UVMInterface/api/HighAvailability" and will search for string "Active" in the response. Standby Server will show as "Down" as this response will contain string "Passive"

2.5 Configuring SSH and RDP Services

1. Duplicate VS

   Modify VS  > Duplicate > Change Port from 443 to 4489     

   for RDP and 4422 for SSH.

2. Update Real Servers Destination Port

    Real Servers > Modify Real Server > Port

    Change Port from 443 to 4489 for RDP and 4422 for SSH.

If you have successfully Load Balanced your BeyondInsight Password Safe Servers environment by implementing this specific configuration, please give a thumbs up or please leave a comment on a possible alteration that was required to make it function. Thank you




1 comment


David Price

Before setting up high availability, you must turn on the High Availability role in the Roles Editor for both the active and passive U-Series Appliances. For more information, please see High Availability Role. MyMorri App




Please to leave a comment.

Didn't find what you were looking for?