This blog post was co-authored by Leon Feng, Senior Product Manager at Citrix.
The Session Recording team is constantly working to make improvements and add new capabilities. We are committed to providing a great in-session user activity monitoring experience, with minimal storage cost. That’s why we are excited about the new dynamic recording capabilities included with the Citrix Virtual Apps and Desktops 2203 Long Term Service Release (LTSR).
If you’re familiar with Session Recording, you’re probably used to needing enough storage to keep the screen recordings of full-length user sessions. This takes up a lot of space, and it can be difficult to troubleshoot and monitor malicious behavior when you have to parse through lengthy recordings to find the exact event that caused concern. With this update, we’ve taken huge strides to make the lives of IT admins easier.
The Evolution of Dynamic Recording
Previously, we discussed leveraging our event-only recording capabilities to allow IT admins to capture user events without recording the entire video stream. It’s a powerful feature for activity monitoring; however, we know recording the entire event is important in some cases because it provides more detail than you’d get from a list of events that happen in a session. So, we asked ourselves, can we configure Session Recording to capture only the most relevant part of a user session dynamically, while keeping the other parts event-only or even skipping them?
I’m pleased to say that we can answer “yes” to that question now, with session pre-recording! The benefits of this capability are obvious. It downgrades the storage requirement compared with capturing the whole session. The concurrency of storage access will go down, as will the required storage size. And, because the total number of recording files will be smaller, IT management will be easier.
Session Recording introduced a detection-and-response model that enables dynamic recording. The solution allows IT admins to define relevancy via in-session event detection. Session Recording has a powerful, built-in event monitoring system that focuses on auditing and troubleshooting. It captures a wide range of events, almost in real-time. As of Session Recording 2203 LTSR, it supports 13 categories of events that are available in the Windows system.
Admins can define the most pressing activities they would like to monitor. For example, when troubleshooting, admins can set Session Recording to detect application failures. When leveraging Session Recording for compliance, admins can configure it to focus on file transfers, registry modification, and more. Once an event is defined, admins can use Event Response Policies to define what they want Session Recording to do when the agent identifies events. There are two options in product: send an email to predefined admins to notify them something has happened and trigger a screen recording.
Admins can also define whether they want to record a short period of time before or after the event. For example, when leveraging the product for troubleshooting, admins can instruct Session Recording to start screen recording 60 seconds before the event and several minutes after the event. The recorded session would then have enough details around the event to give the admin context to resolve the user’s issue.
The best way to see it in action is to try it yourself. Follow these steps to see just how great these new capabilities are:
Step 1. Activate the Event Only Recording policy to enable event capturing.
Step 2. Add a new Event Detection Policy with rules below:
- Log File Transfer
Admins can define events based on their interest and in the example here, Admins want to understand if the user transfers any files into or from the VDI
Step 3. Add a new Event Response Policy with rules below:
Event Type | Dimension 1 | Action |
File Transfer | File source Equals host | Start screen recording |
Step 4. Launch a virtual desktop session and test it.
In the demo, we simulated an outsourced worker use case. Screen recording is triggered when the user copies a file to client device thru the mapped client drive.
As you can see, event-based dynamic recording makes the Session Recording engine smarter, so it focuses on the most important aspects of a user session. However, it also means there will be multiple event records or playback files for a single user session. So, we needed to make it easier when admins perform playback.
In the web player, admins can use the “Follow up” ability, as shown in the screenshot below, to list all events or video clips related to a single user session.
All you have to do is find the session you want to follow. (Click image below to view larger.)
Then click “Follow up,” and all recordings and events in the same session will be listed. (Click image below to view larger.)
What’s Next?
We are thrilled to deliver these capabilities to organizations to help them with security and troubleshooting. Be sure to download Session Recording 2203 LTSR and leverage the web playback console to take full advantage of these capabilities. After you give it a try, please share your feedback with us in the comments!
Disclaimer: The development, release and timing of any features or functionality described for our products remains at our sole discretion and are subject to change without notice or consultation. The information provided is for informational purposes only and is not a commitment, promise or legal obligation to deliver any material, code or functionality and should not be relied upon in making purchasing decisions or incorporated into any contract.