---

Description

BeyondTrust Privileged Remote Access allows users to remotely connect into their system, which has been approved for UCSF.  Users will be able to use a Web Access Console or Full Access Console (Windows, Mac and Linux*) to remotely access their Windows, Mac and Linux* systems. BeyondTrust Privileged Remote Access has additional security controls in place compared to other protects such a PCAnywhere, RemotePC, Teamviewer, Google Remote Desktop, etc. Learn more about Remote Access Controls as they relate to the IS-3 Project.

Benefits

• Privileged Access Control - Enforce least privilege by giving users the right level of remote access to do their jobs, but nothing more.
• Advanced Session Monitoring - Control and monitor sessions using standard protocols for RDP, VNC, HTTP/S, and SSH connections.
• Attack Surface Reduction - Reduce attacks by consolidating the tracking, approval, and auditing of privileged accounts in one place and by creating a single access pathway.
• Audit & Compliance Features - Create audit trails, session forensics, and other reporting features by capturing detailed session data in real-time or post-session. Then, gain access to attestation reports to prove compliance.

Use Cases

• Remote Access to their workstation from anywhere without VPN.
• Allow vendors to perform remote support/maintenance on vendor supported systems with an UCSF employee who will initiate and shadow/monitor the remote session. 
• UCSF technical staff will be able to remotely administer a server.
• Operating a piece of equipment attached to one computer (e.g. scientific equipment) without needing to be there.

Limitations

BeyondTrust PRA doesn’t support a virtual remote session such as Citrix, X2GO, XRDP, MS Remote Desktop Session Host (Terminal Sessions), etc.. PRA remotes into the system as Session #0.

Support

For questions and support, please submit a ticket on our Employee Self-Service Portal (https://ucsf.service-now.com/ucsfit).