BeyondTrust Privileged Remote Access Reviews

One of my customers used old, poorly coded legacy applications, so programs required admin privileges to run. They wanted to give users the ability to run the applications without giving them admin rights.

The company wanted more secure desktops, and the solution provided that. Previously, everybody was an admin of the desktops, and they suffered a cryptographic lock attack. They recovered from this and implemented PRA to avoid repeating the scenario. They bought 500 licenses, the estimated number of staff using the legacy applications. They planned to upgrade to around 1000 licenses a few months later, realizing they had other applications that necessitated this kind of solution. 

The project goal was to allow staff to run applications with admin privileges without being admins, which was the product's most important feature.

The company had distinct groups of staff with different requirements, which weren't fulfilled by giving them all admin rights. The solution's data granularity allowed us to define specific use cases and population types and categorize users based on that. This gave us good control over the system. 

Privileged Remote Access not needing a VPN was a requirement in this case, as the user didn't implement a VPN, nor did they want to. This feature was a plus for the customer. 

From what we observed the security provided by RPA is very good. 

The solution being available in multiple formats was necessary in this case, as the client was adamant that the solution needed to be SaaS; a requirement for their IT configuration. The ability to test issues was crucial to them. 

The solution has improved the security of the client's network. 

Not needing to share passwords was crucial to the client. They were hesitant about credential sharing because of the suffered cryptographic attack.

Having an all-in-one solution was vital in this case, as most of the users did not have technical expertise. This necessitated a solution that is easy to use and implement, and an all-in-one solution simplifies the process significantly. 

The solution is very flexible, which is a plus, but I would say the implementation requires someone with knowledge and experience, as it can be easy to get lost in all the details. The implementation process could be streamlined and simplified. Though the complexity of the solution provides greater flexibility, it requires a lot of time to understand it fully.

The UI is somewhat basic, so that could use some work. It's okay; apart from that, it's an aesthetics issue.

I implemented the solution for one of my customers, which took three months, then I passed it over to them. 

The solution's stability is good. It's reliable and I didn't experience any bugs or glitches.

The product's scalability looks good. My client purchased 1000 licenses, maybe 10% for developers, and the rest for end-users. They need a functioning application without a complex IT setup and maintenance. 

Their customer support is very good. They are quick, knowledgeable, and helpful.

Positive

I carried out the deployment myself, and it was straightforward. I implemented it with Azure, and it took three months. One member of the security team is responsible for the maintenance. We had help from the publisher to set up the tool, and our strategy was to do an initial deployment for 100 users for proof of concept, then deploy for the remaining 400.

My client found the solution a bit expensive but considering their use case and requirements, they didn't have any other choice. As far as I know, implementation and licensing are the only costs. 

I would rate this solution a nine out of 10. 

It's essential to get to know the product in detail because it's very complex. It can do whatever you want, but it requires some effort. That's why it's important to have an implementation team who knows what they are doing. It's crucial to delegate responsibility for the solution to someone who understands it and can work with the publisher team to find the proper configuration.

We use it for remote support for our clients. The main reason we use it is that it allows us to elevate our privileges remotely. While we're using it or supporting the users, we can elevate our smart card.

We are currently using the latest available version of Bomgar. In terms of deployment, we like to have solutions like this on-prem, but it is good to know that it is available in the cloud because we are moving a lot towards the cloud. In the future, once this appliance dies out, we might just transition over to a cloud version. It is good to know that we have the flexibility to do that.

It is the software that our call center uses all the time, and it is very important for us that Privileged Remote Access doesn't require a VPN. Otherwise, if the VPN is down or something like that, we won't be able to access a computer. With PRA, we're able to get to them even if the VPN is down.

The security provided by PRA when it comes to access for remote and privileged users is great. It is really good. They take a lot of interest and put effort into making sure that the product is very secure because everything has to go through the appliance.

It is easy to do things and set up everything. We have it integrated with Active Directory. So, the customer service group can log in really quickly and easily whenever they need to assist someone. It is a great product. I have no issue with it.

It is used by our IT engineers and customer services team. One of its great features is that you can install it on computers in the DMZ to which they usually don't have network access. They can then use it to access them. Because we all have to use our smart cards to log in, the ability to pass the smart card over to the client is the best thing. It is the golden feature that we like to use. It just makes it easier to quickly help people resolve any issues. A lot of times we try to monitor the computer in different ways, such as through on-calls, and it lets us in. If the elevator screen comes up, you can still view the screen, whereas if you are sharing your screen on Teams or something like that, it might blank out when you elevate your privileges. It is a necessary tool that we have. It is deeply integrated into our process.

It is very important that through the use of PRA, there is no need to share passwords with users. That's very much needed. We definitely don't want to share passwords with the clients. It is a highly needed feature, and it is great that we have that ability.

It offers SSO authentication, which is very important because it allows secure transmissions. We know that no one is eavesdropping. It meets all the latest security requirements. They're doing away with a lot of the older formats.

It is pretty good in terms of session auditing and monitoring of third-party and remote-worker access. It is very detailed, and it is very granular. I like the fact that it can record the actual session. You can pretty much audit anything.

I like all of it. You can access computers that are on a DMZ. You can access computers that are off the network and on the network. You pretty much have access to computers wherever they are. As long as they have the client on them, you can get to them. So, it is convenient, but its main feature is that you can use your smart card to elevate your privileges remotely. That's a great feature.

Another great feature of it is being able to use it on mobile phones as well. If it is an agency or a company that has a lot of BYOD devices or company-provided phones and tablets, you can provide support for them as well.

Their support is A+. I've spent many hours on the phone with them. They're very prompt. They call you right back. They follow up all the time, and they stick with you all the way until the issue is resolved. I've never had a problem where I was not able to contact anyone.

It works perfectly. I haven't had any issues with the service account or anything else. It is almost a set-it-and-forget-it solution. Things don't break that often. The way it is set up now, I have no issue with it. It is a good system.

It makes remote access highly secure. We don't have a fear that anyone is eavesdropping on a session. In that aspect, it has had a positive effect.

I would love to have a web console and the ability to use the smart card with the web console to provide remote support. If you are on a computer that doesn't have the Bomgar console, you should be able to use the web console to provide support. That's the only thing right now. A web console is nice when you're jumping into a computer, but if you need to elevate the privileges, you currently can't do it with the smart card. If they could figure that out, that would be money.

One thing that's confusing is the way of setting up group policies and permissions. It is very complicated. There are a lot of small pieces to it. The way they have set everything up is weird. I'm sure there is a reason for that, but I feel it should be a lot easier to provide different permissions and things like that.

I have been using this solution for at least six years. I'm using it just about every day.

It is highly stable. It is almost set-it-and-forget-it. You don't have to constantly check on it and make sure it is working. It just works. When it breaks, you definitely know that something is wrong. Currently, it is showing that it has been up for 18 days, which could be because we had a power cut, but usually, it is up for months with no issue.

It is highly scalable. If we need to add more licenses and more users, it is easy. We had to do that during COVID when everyone worked remotely. It was easy to just buy a license and add more users. If we need to add another appliance, which we won't, it would be very easy to do that.

Currently, about 100 people are using it, but only 40 people can use it concurrently. Overall, we have about 100 users who have access to it, and they range from engineers to Tier One, Tier Two, and Tier Three customer support. Pretty much everyone on my team has access to it.

It is being used all the time. At any given point, at least 15 to 20 people are signed into it. It is tightly integrated into our daily operations. In terms of expanding its usage, I'm not too sure because our agency only has about 5,000 employees at this time. Something that I've always tried to get them to do is to get it integrated with the service desk or ticketing system, but they don't want to put money into integrating it. I have been pushing for a couple of years, but they just don't want to. The management over there doesn't see the benefits of it.

Whenever I call Bomgar support, they provide AAA support. Based on the products I have used, they are one of the best in terms of support. I have no complaints or issues there. I would rate them a ten out of ten.

Positive

We just had the regular Windows remote desktop or something like that. We didn't have any solution like this.

It is straightforward and very easy. It took about a day. You can get everything set up within a day, but I had to do testing and things like that. It took me about a month to get everything worked out. If this was a private company, I probably could have done it in a couple of days, but because we have to get approval for a lot of different things before we can deploy anything, it took about a month. However, setting it up and testing it out to say that we have it working took about a day.

It was a virtual box. I planned out the permissions and backed up the old appliance. I had a virtual appliance. I installed the software, imported the information, and started importing all the users. I then just started testing it out from there.

I take care of its deployment and maintenance, and one person is enough for that.

We have definitely seen an ROI. It is worth its weight in gold. If it goes down, we are at a standstill. We can't provide adequate support to our users if we don't have this software. 

It is tightly integrated with our operations. We use it all the time across the board. Every single person who is a part of IT uses this system, and it is great. I don't have the metrics for the ROI, but 100% of the IT department uses it. It has definitely helped us out on many occasions, and it is used every day.

Its price is pretty good for the features and services that it provides. It is not outrageous. I'm not aware of any additional charges or anything like that.

It won't hurt to give it a shot. I know they have a virtual trial where they can let you use it to try out things. It is a great product. It simply works once it is all set up and configured. If there is an issue, it is easy to troubleshoot and figure out what the problem is. It is usually pretty easy to figure it out. 

It is very important that PRA stands on its own as a full product, as compared to some of the competitive products that are add-ons to PAM solutions. We wouldn't want to be forced to set up another system just so that we can use PRA. It is great that it is separated out. So, we can just use one portion of it.

I would rate it a ten out of ten. It is a great product that I enjoy using, but they should work out the smart card on the web console.

It is remote support for our customers. We use it to connect to our clients.

We have a lot of external customers who don't have access to their networks. BeyondTrust helps us access our services inside their networks without the setup of that entire process.

Our use case has to be on-premises. We are not allowed to use cloud stuff. So, we need an on-premises solution. If that went away, we would have to find a new vendor. This is very important for us.

It is used 24/7, as we are a 24/7 operation. So, it is used all the time very extensively. We just increased usage of it last week, increasing our licenses and everything on them.

It is very important that Privileged Remote Access does not require a VPN. We don't have access to a lot of people's networks. We have a lot of external customers and BeyondTrust allows us to access our stuff on their premises without having to set up 20 VPNs or having different WeVPNs per customer. So, it simplifies the process of onboarding a new customer.

As a whole, Privileged Remote Access is very secure. We have never had a customer deny us having access to it. That is a huge plus for us as it is basically an industry standard at this point. The solution is very highly regarded by anyone and everyone who uses it. That is why we use them.

Since we use it mainly for support, our support team is able to do so much more without having to actively engage our customers. This saves us time and money, helping our customer get back up. Normally, when they are engaging with us, it is a support issue. Therefore, the faster that we can alleviate that support issue, the better it is for our customers. Also, the better it looks for us.

It helps us maintain connections to outside stuff without having to compromise our internal networks when accessing external clients.

It is very important to us that PRA stands on its own as a full solution because of the nature of some of our clients. We can't have too much coupled into our internal stuff versus the stuff that we use to interact with our clients. We use this solution because it is a standalone product that is highly regarded in our industry.

In recent days, the most valuable feature would be the Vault. Overall, the most valuable feature would be that ability to do remote support.

Vault does a good job of providing visibility for domain accounts, endpoints, and local accounts associated with discovery jobs.

The report tools are very robust. I know they have their report tools that you can filter through, which also give you access to the data. So, if you ever want to just do a data dump and your own analytics on it, then you could, which is really nice. We also integrate with the API for reports, which is really nice as well.

We use the solution’s Vault for service account management. It has gotten much better with the most recent update. It has been clunky but that has gotten a lot better. I would give it seven out of 10. There is definitely improvement that needs to be done on it over the long term, but I am very pleased with the progress so far.

I would like a better dark theme. The dark theme is still new but a little harsh on the eyes with the colors it shows

I would like better administrative tools for the Vault.

I have been using it for three years. The company has been a customer for more than 10 years.

It is very stable. In the three years that I have been administering this solution, I have never had downtime on the box because of BeyondTrust.

Once you have it up and running, it hums along on its own little thing.

We are very small scale. We have 22 users who are mostly support and development.

I know it is scalable, but I have never actually done it.

They are very technical. I have only engaged with support twice when we were migrating from an older appliance to a newer appliance, and they answered every single question wonderfully. I would rate them as nine out of 10 since there is always room for improvement.

Positive

It is very important for us that there is no need to share passwords with users. Our previous solution was terrible in regards to this. Using PRA has been much nicer. Our customers like it a lot more that our frontline reps don't know the passwords to get into anything that they share with us. It is managed and logged. There is actually governance around it.

I personally have used LogMeIn and some other software in the past. As an end user, this is much easier to use.

I have only been involved when we migrated from multiple boxes. 

We have seen ROI. Our customers constantly rate our company very highly in support, and that is what we mainly use Privileged Remote Access for. The longer that we keep customers, the more reoccurring revenue we get from them.

It is expensive. However, in the grand scheme of things for us, since we are 24/7 and haven't had any downtime in the last three years, it is an easy check to write every year. It definitely pays for itself.

Overall, the product is great. I am the administrator of it. I have to use it every day. I use it for both endpoints and that is very easy on both sites.

I would rate it as nine out of 10. Right now, it is just all the minor little things for the most part.

Improvement-wise, I would like to look at the assessment results. Some of the capabilities in the solution were not as available or not as outstanding as CyberArk. We had to manage whatever little was available for us, especially its recording capabilities, logs, and a number of things.

I have experience with BeyondTrust Privileged Remote Access. I am a customer of the solution.

It's a stable product. Based on the demos and interaction with it, it was stable.

I think the solution can be scaled, and it can be enhanced. I think that the thought process did include some feature scenarios that were not present in the solution at the moment. It is good in terms of scalability, considering some of the issues that may arise in the future.

The setup was done by somebody else in my company. The solution is deployed on the cloud.

Though the solution was a bit expensive, the overall pricing was average.

BeyondTrust Privileged Remote Access was a great product. A consultant was assigned to us. They helped us understand the product with the demo.

It does address setting and specific requirements for different clients. It is not a one-size fits all type of solution, but it does address a number of important requirements for specific clients to an extent.

I think BeyondTrust Privileged Remote Access should expand its use cases, considering that customers may have ten use cases. The solution should include some of the recommended use cases by customers.

I rate the overall solution a ten out of ten.

Initially, we had a different VPN set up for our external vendors, and working for a pharmaceutical company, we had a lot of equipment vendors telecommuting in to do maintenance on the equipment. Using BeyondTrust PRA streamlined this process; it made it easy for us to manage and distribute the proper certificates and assign privileges to all external users. If one of the remote parties got a new employee, we would set up an access account using their name, providing the same permissions as their coworkers to manage parts of our infrastructure. This was an excellent addition to our company and alleviated a lot of pressure from our support staff.

We signed a contract with a new IT management firm that took over our IT support. That's 300 new employees that needed access to the right groups, et cetera. It took just one day to create the 300 accounts and assign them to the proper teams. PRA streamlines the onboarding process, even for large groups of new remote helpers, setting up the correct templates, having the Discovery in place, and assigning and revoking access.

We like the integration with Active Directory. It allows us to discover the endpoints and user accounts that need protection. It's a good way of securing our privileged access.

Another feature I like is the approach to jump points. Jump points are the external-facing proxies, which use the same outbound HTTPS connection method as the jump client but allow the initiation of RDP connections, et cetera, into the downstream networks. This feature was the key selling point for us in choosing BeyondTrust PRA. 

The security provided by the solution regarding remote and privileged access is about as good as we can get without completely locking down permissions. Going with PRA is the best step if a client is looking to lock down administrative access with a remote solution while applying the principle of least privilege. 

We used the solution's Vault to add not just service accounts but also the users' main administrative accounts discovered through Active Directory. We limited permissions, so users couldn't even review their account passwords. This was managed in the Vault and injected into each session. 

Compared to other products, PRA is one of the better ones. We need to start the discovery manually, but it's comprehensive and clear. It allows us to select what to import and has the automation behind it to manage endpoints and accounts, which is a valuable feature for any enterprise business.

The physical solution wasn't as important to us; our architecture strategy was SaaS first, virtual later. If BeyondTrust didn't have a SaaS offering, we would look at availability to install it in one of the public cloud offerings on the market. Having the SaaS option available, especially for medium-sized businesses, is very much something that gives BeyondTrust an edge in the market. 

The solution improved our network security. Especially regarding remote vendors, it allowed us to complete our network segregation goals. We could close down all external access to that network and leverage PRA as the single entry point. 

Not needing to share passwords is essential to us. We have peace of mind knowing nobody can view passwords, share credentials, and operate outside their defined context within the network unless they have explicit permissions. That helps us sleep at night.  

Previously, third parties had VPN access, and it was important for us to shut that down. Now that the entry point is closed, there is only one dimension for us to consider; which vendor has access to what. This makes management and the general security picture clearer.  

SSO authentication was one of our main requirements, so that integration was crucial. It allows us to provide quick access to the tool itself using the same credentials. 

The solution stands above its competitors in this regard. Using the team functionality allows us to create groups of users with a team leader who can monitor those sessions. This functionality works great, and PRA is at the top of the spectrum here. Having somebody at a physical station and someone remotely accessing the station works very well, especially for training purposes. The recording functionality is another nice feature; the video view is small but can be expanded to a larger view. 

The integration client, backup solution, and SSO setup and provisioning could be improved. There isn't any documented or supported user provisioning currently, which slows down the processes of onboarding and assigning permissions. I would like to see this improved soon.

The Vault could use some attention, specifically in managing named administrative accounts. I have to assign permissions to my named admin account during sessions manually, but I think that should be the default. Admin account permissions could use some more automation and be adjusted to be more user-centric.

BeyondTrust could improve text-based auditing; it's not very readable. I can get the details through the jump client and other tools, but if I run a simple PowerShell command, the solution generates multiple lines for that specific session in the text audit, which doesn't make sense.

I was the lead implementer for the solution for one of my clients, a global pharmaceutical company. The project took over a year, and I used the product for another six months as both an end user and an admin before leaving that job. I used the solution for almost two years in total.

The solution never let me down during the entire implementation; though the integration client was the opposite, I was never satisfied with it. I recall some stability issues stemming from significant database actions that slowed down the system. There was also a bug that took both our team and the BeyondTrust team three business days to resolve, which didn't help with our impression of the tool.

I would say the SaaS offering isn't particularly scalable. The more endpoints we added, the more sluggish the tool became. However, BeyondTrust's high availability approach offers much better scalability on the backend side, and endpoints with added jump points can be clustered for higher availability. The sky is the limit by improving the database size and storage at the backend.

We had over 600 total users; mostly IT support and admin teams. There were also 10 to 20 vendors each with three to ten users that used the tool to remotely manage equipment. 

The product is used daily by a large number of users simultaneously. Before I left the company, the highest number of concurrent sessions I saw was 25. If I had to estimate, I would say PRA is used for over 300 sessions daily with the same number of users.

I would like to differentiate the implementation team and the technical support as they are two separate entities. The implementation team could improve how they guide the customer through the process. The technical support staff are knowledgeable and do everything they can to help, but they aren't the easiest to reach. They don't do user-to-user sessions, and the only way to reach them is through tickets. There is a chat function, but that's more for gleaning more details of the issue; I often just wanted to pick up the phone and ask someone a question or explain my problem to them. BeyondTrust's documentation appears to be aimed more toward executives than technicians, and that doesn't help the situation either.

This may have been specific to how we wanted to implement the solution, but a lot of technical information was missing. It took some back and forth through the ticket system to finally get that information via a member of support staff doing a screen-sharing session. Screen sharing is much more effective than only having a text chat, but it took too long for us to get there.

I would still give them a seven out of ten because they're very knowledgeable and do everything they can to help. The support system is impersonal; especially when we were starting out, that personal touch makes all the difference. Ultimately, this is about the security of our organization; we don't want to go back and forth with bots and tickets before finally reaching a member of staff who can help us.

Neutral

The initial setup was complex because we didn't know precisely what we wanted to achieve and neither did BeyondTrust, and the communication between us wasn't the best. It took a while for us to realize what we wanted to achieve, how the solution could deliver that, and in what configuration, and they could have helped us out more with that. It isn't easy to fill out the integration sheet; it requires a fair amount of product knowledge.

It took us six months to understand the basics and set up the tool according to our requirements. It took another six months to get the implementation going. That is partly because the pharmaceutical company required the solution to be qualified. That process took time because BeyondTrust didn't have much relevant documentation; we had to write much of it ourselves.

Deployment can be completed with one engineer and one server admin, with the latter deploying the clients and jump points. Once we understood the basic principles of the product, it became straightforward to implement. BeyondTrust could better convey that to new customers unfamiliar with their solution. A dedicated team of three to four staff is sufficient for deploying and maintaining the solution for an enterprise business.

I wasn't directly involved in the licensing and pricing, but I can say that PRA is licensed per endpoint added to the Vault. I would advise users to take frequent exports of their license usage package; it's a simple feature that provides a spreadsheet of every machine in the Vault. This helps to cut down on duplicate licenses, which can happen by adding the same endpoint using an IP address and a fully qualified domain name, for instance.

The implementation is an additional cost, and they offer several tiers, so the price varies. There are also some optional add-ons, so I would advise people to research the product well and find out precisely what they need regarding features. The Advanced Web Access add-on provides some required functionality when interfacing with websites; that's one to consider.

We reviewed two other vendors: CyberArk and Devolutions, but we eventually went with BeyondTrust for several reasons. Devolutions fell off quickly because it's too small, which is a risk. We liked the approach of operating over an outbound HTTPS connection to the SaaS appliance, which was more of a security benefit for us than the CyberArk solution, so we went with PRA.

I would rate this solution an eight out of ten. 

I would advise potential customers to have an excellent understanding of their requirements and what their landscape will look like five years down the line. Consider if the SaaS offering is appropriate, as I understand switching to a self-hosted instance isn't a straightforward process, so it's essential to plan.

If I need a privileged remote access solution in my future endeavors, BeyondTrust's offering will be my go-to, and I recommend it for any size of business.

We went with the SaaS version of the solution and had some regrets about that. Pharmaceutical companies must comply with a host of rules and regulations, and one of the requirements was to keep recordings of every session for over 90 days. The SaaS solution's storage did not meet our needs in a large enterprise environment. We had to use a third-party backup tool provided by BeyondTrust to download sessions to our local storage, but it was a poor tool; the error handling and logging functions were sub-standard.

The ability to operate without a VPN wasn't particularly a requirement. Our project aimed to secure administrative access, so our focus was more on user accounts than endpoints and connections. During our market research, we discovered that few solutions focus on privileged identity management; they're usually integrated with PAM tools like BeyondTrust PRA.

As a technician, I can vouch for both ends of that spectrum. The benefit of PRA being a standalone solution in our case is the ability to quickly and definitively sever that tie into our network. That being said, the solution currently doesn't solve all of our privileged access difficulties; we still have to manage roles and privileges in cloud solutions. I don't think there is a product on the market that allows for efficient management of both worlds; the cloud SaaS product and on-premises remote access.

Regarding leveraging service accounts as a password manager, there are better solutions, including BeyondTrust's own Password Safe, which integrates well. In terms of managing remote access accounts, PRA does an excellent job and provides relatively fine-grain policy permissions customization. We can have users operating accounts where they cannot view the password, and other users can access the password if needed to access some legacy applications, for example.

We have two use cases. We have it for the PAM, Privileged Identity (PI), the Vault solution, and Password List. We also have it on the desktop side of the house for our admin accounts.

Our network requires that Privileged Remote Access (PRA) does not require a VPN.

We are extensively using Privileged Identity, but not PRA.

We are one version back from the latest.

PRA only works in our Windows environment. It has helped us with not being able to see the password for our security reasons, but only in a subset of our environment. We only use it for password injection. We wanted it for all platforms, but it doesn't work. So, it is only used in our Windows environment.

It met a NIS control in which we needed to not have passwords visible to users because of malicious activity that happened to our company. That is the only positive effect that it has had so far. We have been able to go to the Windows platform and inject the passwords without people viewing passwords. It is not helping us with our Linux or cloud environments.

For the most part, it has been meeting our requirements for safe controls and just-in-time access.

It has been semi-easy to configure.

The visibility of the solution's Vault works as it is supposed to: out-of-the-box for domain accounts, endpoints, and local accounts associated with discovery jobs.

It is important to us that PRA offers SSO authentication. Our strategic requirements for NIS control, CCMC, and other regulations want us to do multifactor and single sign-on. 

We have been having some problems as of late.

One of our gaps or pain points is having multi-factor authentication at the endpoint and using the PRA password injection from BeyondTrust, which does not work in our environment. We can only have MFA at the login of BeyondTrust to check out the password. Therefore, we can't meet our security requirements of having it on the endpoint.

The solution's Vault seems to do what we need. It has some gaps when it is trying to process the password through multiple applications. If it fails, it doesn't notify us that it has failed. So, we only find that failure when we have an escalation or have to go back through to see what has happened, e.g., why the password didn't reset accurately. While it has some gaps, it works for the scenario that we need for the most part.

When we decided on this solution, it was extremely important to us that PRA was available in multiple formats, such as a physical and virtual appliance or as SaaS. Unfortunately, we can't use PRA because of our environment, which was disheartening. When we were sold the tool, they said that we could, but we can't because our environment is highly customized. We have so many use cases that it is not a feature that can be used across platforms for us.

We use PI and PRA together. If someone has checked out an account in PI, the session is open, and PI closed or checked back that account. Then, someone else checks out an account that is still active in a session, which causes multiple lockouts.

10 years.

The stability is not good. It has been taking over a year to get our platform. BeyondTrust hasn't been able to figure out what's wrong or why. We have been notified just recently, as of Friday, of two additional bugs in PRA. I don't consider this tool stable if there are bugs.

I have an internal team who manages all maintenance, batching, and fixing.

I don't have a good impression of scalability because we can't get past having a Windows platform.

We have over 130,000 people in our company. Only 100 people are able to use it because that is the amount of servers that we can deploy.

We have a dedicated TAM. We have a dedicated technical manager who helps us with any questions or deployment issues. We create tickets, working through him, and he goes to Level 3 if needed.

We have about 10 tickets open. 

We started with PI when it was Bomgar and Lieberman. We have also been using the Vault solution. Last year, we purchased PRA to help with our mitigation of malicious findings from a major outage from the malicious findings.

The initial setup was a bit confusing. We had to have our TAM help. We had problems right out of the box. It was not a smooth setup for us.

We have been trying for over a year. We only have 8,000 out of 26,000 servers deployed. It is not fully deployed because we don't have all our platforms working with PRA. 

We wanted all servers in our environment on all our platforms to have password injection, helping with the malicious activity and stopping people from seeing passwords. We were trying to meet some findings, but we didn't meet those findings.

We have a dedicated TAM from BeyondTrust, whom we pay for through an annual contract, and they help us.

We have not seen ROI when it comes to PRA.

Be cautious about:

• The number of licenses.
• What you consider a license does.
• Who your members are. 

Don't get into a situation where you are licensing per desktop or per person until you fully understand the licensing.

We pay an additional fee for a TAM.

After the PRA situation that we have been having for a year, we have been looking at other tools that can meet our requirements better than BeyondTrust. We are trying to move to other different modules.

We would like to use PRA, but it is not meeting our requirements for our different platforms. So, we are moving the password protection possibly to EPM because PRA cannot meet our requirements.

Know the requirements that you are trying to meet. This way, you purchase the correct module for the requirements that you are trying to meet. PRA is not always the correct module for certain requirements that you need if your environment isn't straightforward with only one operating system. If you are only in Azure and Windows, it probably works very well. However, if you have a hybrid or multiple platforms, then it is not the best tool.

For PRA specifically, our requirements weren't understood from point one. Our TAM said it would work, and once we got into it, it did not work. 

I would rate PRA as five out of 10.

It is used for server access. I am using the latest version. Initially, I started with 10.6, and now, I am on the latest version.

It is currently on-premises, and down the line, we will be moving to the cloud. As of now, we have physical appliances for PRA. We do have plans to move the cloud. We've added two more servers at our end, and they will be moved to the cloud. 

Our client was using a different product, and they were not able to manage some critical parts. So, they started looking for a replacement, and they found BeyondTrust. As soon as they brought in this product, it was a very easy configuration. Implementing this product was very easy. It doesn't require much. It is very simple, and we can implement it in a week or two, which is what I like about BeyondTrust. It takes much longer to bring in other products. It is also very easy to bring privileged accounts into the product. It is much easier to do management and operational tasks as compared to other solutions.

It is very simple. You just open the URL, and you'll be able to see all your servers. Previously, it was a very tough task. There was either direct access or a VPN. There were a lot of restrictions for connecting to the VPN. There were also some other restrictions to access other products, such as if they want to go for SSO and other things. BeyondTrust is very easy. The users can open a URL, and they will be able to see all their servers. It is very easy for the users, and we are getting very good feedback from the users as well. Previously, there were multiple steps to connect, and now, there is only one step to connect to the servers remotely.

It is a very secure product, which is very important for us. For example, there are 5 to 10 users of an application, and everybody has access to a different machine. With this product, we can easily do segregation of duties and segregation of the server connectivity. Everybody is able to see the servers, but only those people who have access will be able to log into a server with a single click. It is a great tool, and everything has improved over here. Until now, we haven't faced any issues with this product. It is very simple and secure.

We use the vault for service account management. All the passwords and all the credentials get vaulted. In the PRA console, users can select the correct credential and log in. They don't have to know or see the actual password. Whenever a privileged account is managed by a PAM solution, there is a connector between the PRA solution and the PAM solution. This connector gets the credentials and injects them without any manual intervention. Other solutions also have this feature, but in BeyondTrust, it is very simple and different. The connector does all the work in the background.

It does good discovery. When we are trying to pull the local accounts, every local account is visible in the scanned report, and we can easily identify that this is a local account. We'll also be able to get a list of the domain accounts parallelly. There is a clear set of data indicating whether an account is a domain account or a local account. For cross verification, we also check with the application team whether these accounts are domain accounts or local accounts. The scanner works very well for us.

We can bring all kinds of accounts into the solution. Most products target privileged accounts or the accounts with privileged access. With this product, you can segregate a privileged account, a local account, and a normal account or a user account with the least privilege. All these accounts can be brought into the solution.

Through the use of PRA, there is no need to share passwords with users. There is no password sharing. Everything is vaulted. There are two types of integration in PRA. One is with the privileged accounts that are already managed by the PAM solution. The other one is with the least privileged accounts, such as a local account or a test account. Those accounts will be managed by the end-users. If I have the access to the privileged account, my password will be injected from the other solution by using the connector from PAM to PRA. If I have a local account on a test server or a development environment, the connection will be initiated from the PRA solution, and it'll be encrypted and monitored. All other features will also be there. I only have to key in the password.

We use the solution to provide access to third-party vendors. We can't create an AD account or some other account for the vendors in my organization because of some security and violation concerns. With the PRA solution, it is very easy. I can just add or create an account, and I can map this account only for the PRA solution. Whenever they log in, all the sessions are recorded. In case of any violation or issue, I have the recorded session. I can go and check what happened to the server. This way, it helps the vendors a lot, and a vendor doesn't need my intervention whenever they want to log in, even if he is in a different timezone. Previously, I had to be available for the session. I used to share the session via some other third-party platform, such as Teams or Skype, and my availability was very important. If I close the session, the session would get closed for them too.

It offers SSO authentication. We have multi-factor authentication, and we have RADIUS and other authentications. Multi-factor authentication is mandatory across any application or any URL.

In terms of session auditing and monitoring of third-party and remote work access, I have worked with another solution that was only for privileged accounts or privileged servers. PRA can be used for both privileged accounts and non-privileged accounts in the development environment. All transactions or accesses get checked and recorded. So, it is very easy for an administrator to manage the solution across the organization.

When it comes to the Privileged Remote Access (PRA) solution, instead of depending on a VPN client, from Cisco or any other vendor, we can directly use this product from the internet. It is very easy to do the implementation, and it is easy for every user to access the server from outside of their organization. They can open the URL and put their name and password, and it'll do the multi-factor authentication. They can easily access the server. Prior to this solution, the users had to log into the VPN, which is not required with BeyondTrust. Now, they can use their computer over the internet. In Privileged Access Management (PAM), the AD bridging feature where you can bring all your Linux boxes into the tool is an important feature.

I have been using this solution for close to three years.

Its stability is good.

Its scalability is very good. It makes things easier for the end-users.

I am an administrator of the PRA here. All the users in my organization are using this. There are more than 900 users, and there are some 4,000 or 5,000 servers. It is being used on a daily basis. We are in the process of increasing its usage.

Their support is very good. As soon as we log a case, their support engineers respond and help us out. The response time depends on the severity of the case. For a severity C case, they get back in a day or two. For a severity B case, they get back within 24 hours, and for severity A case, they get back immediately. They respond and resolve the issue within defined SLAs. I would rate them an eight out of ten.

Positive

I have worked on another solution previously, which is a market leader. I wanted to get into a product that was booming in the market. I was very focused on this solution because I knew this is going to be a market leader in the coming days. I was going through some articles on the internet, and suddenly, I got the opportunity in my company to work with BeyondTrust. I was very happy to get into this. It is working very well.

I was not a part of the complete deployment. When I joined this organization, deployment was already done. Some fine-tuning was happening, and I was part of that. It took about two weeks to fine-tune it based on the requirements, and that's all.

Overall, its setup is very simple. It would take us a week or two to bring other solutions into the organization, but we can bring in this solution within a week. We can easily bring 10 to 20 servers into the product.

For its implementation, probably there was someone who helped us remotely.

I have got a very good impression of BeyondTrust. It is a very good and booming product across the globe. I have been using this solution for close to three years, and I am still learning about its full capability. There is a lot to be explored.

They provide a lot of updates, and I am able to see a lot of fine-tuning happening. We can bring our own tool, and if we have an RDP tool, that can also be integrated. They are adding many features related to reporting, connectivity, and stabilization of connectivity. They are improving their product in every aspect.

BeyondTrust has many products such as PAM and PRA. AD bridging is also there. Specifically, with the PRA, you can ignore VPN. You don't have to pay for a license for the VPN. You can use this product.

All servers, with privileged activities as well as those without privileged activities, are assets of the organization. They all also should be monitored and should be in the control of the organization. PRA is helpful there because you can also onboard the least privileged servers. This helps a lot because everything is recorded and monitored. The management will have a crystal clear report about who accessed them and for what. Everything will be very clear.

I would rate this solution an eight out of ten. It makes the life of end-users easier.

The help desk utilizes it for basic end-user support to make sure they can get something installed or just walk through an issue with an end-user. I use it a lot for helping other admins to fix servers.

Our RPA team also uses it. They basically have virtual desktops that have a script running on them constantly to move data from one location to another manually. They get in, and they use it to manage 50 different desktops for that team. So, three team members manage those 50 clients just to make sure that they're processing all the data correctly throughout the day.

We have a cloud solution. The virtual server is in the cloud, and then it installs the client down to all of our desktops. From there, the ones that utilize it install the admin client on their machines.

We have 20 accounts in there that are utilizing the solution, but not all of them are active at the same time. Throughout the day, all 20 of those may go in. They do what they need to do and then drop out of it to free up a license.

It provides us the ability to get an end-user back up and running and keep them running efficiently. We can fix something usually within hours, instead of a half a day to three days. They don't have to pack their stuff up, come into the office, and hand it to us to work on it. We're able to truly just sit there with them and help them get their issues resolved. It keeps our business moving.

It saves time. Without it, the RPA team would need all of those desktops in a physical format sitting in their office, and they would have to be on them 100%. Their time savings alone probably is man-days. They are not just saving hours per week. For the RPA team, I can't even begin to give the time and the amount of work this product saves. For the help desk and the rest of the tier-two support, it probably saves 2 hours a day for each member. There are roughly 10 of us, which is 20 hours a day of time savings of workload.

It is important for us that it does not require a VPN. Now that half of our people are remote, our data lives on OneDrive or Microsoft SharePoint. They don't need to be remoted into us through a VPN to be able to get everything. When we remote in, it is nice to not have to worry about whether they are on a VPN because for any number of reasons, they might not be able to get into the VPN, such as our VPN is down or the Dallas office is messing up. So, this flexibility gives us more options, and we like that.

Its security is very tight. I'm the one who manages who can use the software to remote into other machines. In my opinion, it is more powerful than what we need, and I am glad that it is because it gives me room to grow our teams to allow them to do more if they need to or restrict some to only do certain things if they don't need as many privileges whenever they go in.

It is available in multiple formats: as a physical and virtual appliance, or as SaaS. It is very important to have it accessible in multiple ways, whether it be on-prem or SaaS. It allows me to know that if my solution goes down, in a short period of time, I can get somebody to help me get something back up and running.

We can truly elevate our admin rights while we're in there to fully take control of a system and manage it as if it was sitting right here on our desk. Most of the organization has gone to remote work or work from home. With that being the case, this solution allows us to be able to still work with our end-users, even though they're not always sitting on our network.

Its management is through two different portals, and you can't get from one portal to the other. I have to literally open up another website and go into it a different way. There are no inner links between the two. They should interlink the actual virtual server and the appliance. In general, there should be one interface for management for admins.

I have been using this solution for close to seven or eight years. I have used it in two different companies. In my current company, we've been using it for a good long time. I don't remember when they originally started using the product. It was before I came on board, but I have been using it here for four years, and I've been the admin on it for a year. The previous admin left the company. So, I took over because I had the most experience.

It doesn't go down. The only time it goes down is whenever I tell it to go down. When I need to do some updates, it requires scheduling and taking it down, but the updates are user-friendly. It is time-consuming, and I can't schedule it. The way it is set up currently, I'm not able to just say, "Hey, do this at this time," and know that it is going to get done. I have to actually be involved with it. I am not sure if it is because of our setup or BeyondTrust. I haven't had enough training to know for sure if that's possible or not.

I have used their support. Every time I've used it, they have been very useful and beneficial. It has not been one of those things where I've felt I needed to spend the resources to see if they could walk me through setting it up. I used their support only a handful of times in both companies. In the past four years, I've only used them three times because the product is solid. I would rate their support a 10 out of 10.

Positive

I have used another solution. There is a night and day difference. Whenever
BeyondTrust is installed, it works, whereas the other one didn't work half the time. The BeyondTrust solution is absolutely reliable. If anybody ever asks me for remote access software for corporate-wide usage, this is what I'd tell them to go with.

I have not been a part of its deployment. In both organizations, it had already been deployed, but I know it was pretty straightforward. I've talked to the admins for both companies because I've always enjoyed this product. I just always wanted to know more about it, and both of them said, "It was one of the easiest." Working with BeyondTrust or Bomgar was super intuitive, user-friendly, and streamlined whenever they were setting up the product.

I wish it was a little bit cheaper, but when a product is as solid as this, I understand what the cost does. It helps them to make sure it stays that way. If you want a reliable, solid product, you're going to pay more.

I am testing the Vault for service account management, but the problem with it is that the admin credentials on local machines are randomly generated on a randomly generated timeframe. So, the Vault password can't be saved. Every machine is different, and the only way to get that password is to go into another portal, which is frustrating. It is not Bomgar's or BeyondTrust's issue. It is the way we chose to manage that particular account. I'm one of the only ones who utilize it, and I utilize it mainly for testing. If we had a full PAM or our PAM was truly integrated and was BeyondTrust's PAM solution, it would elevate our use of the Vault more, but I am glad that it is there. It allows me to save some passwords that I don't utilize on a regular basis. I don't have to remember those, and I don't have to keep them at multiple different locations. I can just put them there, and I don't have to worry about it. They're safe. They're secure, and they're easy to just have. The system pushes them through. So, I don't even see them anymore. So, it is double secure in my opinion because I don't have to even see the password to remember to type that in somewhere. It just puts it in for me. I appreciate that from the security side.

It hasn't had an effect on our network security outside of we had to open a couple of ports when remote happened so that the software gets installed correctly. It wasn't something concerning. It is truly a benefit in the long run.

When compared with some competitive products that are add-ons to PAM solutions, it is important that PRA stands on its own as a full solution. It needs to be its own solution but also interlink with other solutions. 

We don't use the solution to provide access to third-party vendors. It also offers SSO authentication, but I wish it worked with our solution.

I know we can do session auditing and monitoring of third-party and remote-worker access, but we just haven't used the capability. We have also not used audio integration during a remote session.

I would rate it a 10 out of 10.