Many technical support people hear from users: “I do the same thing as always, but sometimes an error occurs.” In this case, recording the user session helps to find a floating-issue that is reproducing by accident. A website visitors recording service can record user actions with sensitive data and quickly find sources of information leakage. The very fact of recording can warn users against privacy violations: there are special warnings for this:
Session Recording registers key events for information security and technical support on VRS, for example: connecting external storage, changing specific files, and launching certain applications.
How does it work
Several components are used to record virtual desktop sessions:
The Session Recording Agent is installed on each virtual desktop. It picks up the HDX stream – the desktop broadcast that the user sees.
The Session Recording Server manages the storage of the recording files and is responsible for searching, indexing, and digitally signing the records to ensure integrity.
The session record database (Database) stores metadata for each session: ID, time, users, user groups, events, and so on.
In the Session Recording Policy Console, the administrator configures which events to record for which users or groups.
The recording files themselves are stored in a special format locally or in shared storage.
Here are the events that can be recorded on the record:
installation of USB storage devices,
start and end of the application,
renaming, creating, deleting, and moving files,
the most popular window actions.
At the same time, the recording does not display content inside systems for conference calls, for example, video conversations and other uploaded content using HDX Flash or Multimedia Redirection (MMR) technology.
How are access rights to a record divided? By default, a session recording includes all user actions without regard to data privacy, so credentials and third-party screens may be included in the recording. Therefore, when you want to track website users, it is important to pay attention to the access rights to such records in its security recommendations. Our service has several types of access rights:
Administrator rights – allow you to work with policies and recording files: view, create, edit, delete;
Rights to view recordings – allow you to search and play recorded sessions.
Where and how is it stored. For recording, HDX technology is used, which is responsible for delivering content to the user. Initially, the technology was needed so that the user would not notice a large delay between the action on the physical machine and the broadcast of the session on his personal screen. The HDX stream is already heavily compressed, so to record sessions, the agent simply picks it up and sends it to storage. This helps to store the user’s daily activity not in gigabytes, but in megabytes.
You can further configure the archiving policy and store fresh entries in the main operational storage and move old files to the archive. By default, records older than two days can be moved to the archive. This prevents live recordings from being archived before they are complete. During and after archiving, the client can automatically transfer the recording files to his storage server.
In the session recording player, you can view files directly from the main storage. If you want to play back the archived recording from the client’s server, it is imported into the storage of restored recordings.
How fault tolerance is ensured. If the connection to the server is lost, the default recording agent can keep a queue for the server locally for about two hours. After resuming work, the agent will send all records to the server. Additionally, you can cluster servers and set up load balancing and automatic failover.