Load Balancing BeyondInsight

Configuration has yet to be fully verified, Kemp Support will gladly assist if your BeyondInsight Server traffic is not flowing as expected.

1   Introduction

BeyondInsight gives you control over internal and external risks. It’s a unique, unified platform combining privilege and vulnerability management solutions, enabling IT professionals and security experts to work together with greater control and enhanced efficiency.

BeyondInsight / PowerBroker Password Safe supports a number of configuration methodologies for high availability, redundancy, and scalability. The solution may be installed as software, or delivered as a ready to run security appliance, called a UVM; the latter being the
more common deployment method. Most configurations require the use of an external application delivery controller as a load balancer to help end-users and software endpoints continue to connect to the BeyondInsight system when a primary IP address goes offline in a


1.2  Document Purpose

This section details a configuration for a specific application that has been provided by a customer but has yet to be fully tested.

The purpose of this document is to give readers an overview on the recommended best practice settings when configuring the BeyondInsight Server components for load balancing.

Configuration has yet to be fully verified, but Kemp Support will gladly assist if BeyondInisght Server is not flowing as expected.


2  Configuration Required

Three Virtual Services

1. PowerBroker Password Safe

2. SSH 4422

3. RDP 4489

 2.1 Global Configuration  

     >No Changes Required


2.2  Virtual Service Configuration

      PowerBroker Password Safe

      > New Virtual Service

      > Enter IP Address

      > Port = 443

      > Name = PowerBroker Password Safe     

      > Add New Virtual Service

 2.3    Standard Options   

   Modify VS > Standard Options


2.4 Real Servers

LoadMaster will Send GET request to URL "/UVMInterface/api/HighAvailability" and will search for string "Active" in the response. Standby Server will show as "Down" as this response will contain string "Passive"

2.5 Configuring SSH and RDP Services

1. Duplicate VS

   Modify VS  > Duplicate > Change Port from 443 to 4489     

   for RDP and 4422 for SSH.

2. Update Real Servers Destination Port

    Real Servers > Modify Real Server > Port

    Change Port from 443 to 4489 for RDP and 4422 for SSH.

If you have successfully Load Balanced your BeyondInsight Password Safe Servers environment by implementing this specific configuration, please give a thumbs up or please leave a comment on a possible alteration that was required to make it function. Thank you




1 comment


John Bohn

High availability (HA) is designed to work in an active / passive configuration. At any time, one of your two servers has the role of the active node, while the other is the passive node. When the passive server detects that the active server has failed, then the passive is promoted to active, and the active is demoted. MyCentura


Please to leave a comment.

Didn't find what you were looking for?