Ultima Blog

Increase security and simplify support with Citrix Session Recording

Written by Andy McCullough | 08-Aug-2019 11:05:44

Full disclosure, this isn’t new – however this is possibly one of the most frequently overlooked and misunderstood features of Citrix Virtual Apps and Desktops. Hopefully this whistle-stop tour will help demystify this capability and give you a few ideas as to how it can be used in your Citrix environment.

What is Session Recording?

Simply put, it allows you to record the activity of your users while working in a Citrix Virtual Apps and Desktops session and enables you to play back this activity. The Session Recording infrastructure is separate to that of your Citrix Farm, you can have a Session Recording farm that supports multiple Citrix Farms if your environment has them.

Session Recording consists of four components:

  • Session Recording Agent – This is deployed on your Citrix Workloads and enables the recording of connections to that workload.
  • Session Recording Server – This is the Server component that handles the storage of the recording files (either locally or on shared storage), searching, indexing and digital signing of the recordings to ensure integrity.
  • Policy Console – This is where you can define when sessions will be recorded using a variety of criteria.
  • Session Recording Player – This is the console that enables playback of the recording files. 

It’s important to note that the magic of session recording is that because it’s not just recording a video of the user's session, it is recording the screen instructions in a similar manner to HDX connections – this results in highly optimised sizes for recording files. Rather than Gigabytes of storage for recording a day’s activity, we’re talking Megabytes of storage.

Now we know what it is, let’s look at a few of use cases for how we can use it.

Security beyond logging

Lots of organisations will have things they care about in a security context more than others – this may be a dedicated “High Security” Citrix Farm, or it may be a sensitive application holding customer data or payment information. In these scenarios Citrix Session recording can add an additional layer of auditing and deterrent to misuse of these systems.

Users can be notified when accessing a secure application or environment that their activity is being recorded – perhaps giving pause for thought for anyone considering doing something they shouldn’t. Being able to review a user’s activity in response to a security incident also gives a security team an additional point of reference and context when correlating security events.

Session Recording also enables the ability to log key events within the recording – such as when external storage is attached, or specified files are modified, or even when particular applications are started. This allows for critical activities to be quickly identified in the recording timeline.

The below video provides an overview of how Session Recording can be used to enhance your security posture.

 

It always happens apart from when you're watching!

Support teams will know the pain of intermittent issues. The problem only happens every 9th time I do it. I’m doing exactly the same thing I always do, but sometimes it throws an error. These are some of the hardest issues to track down and resolve by their nature as without evidence of what is happening, isolating the cause can sometimes be impossible.

With session recording integrated into Citrix Director, your support teams can - when a user calls with one of these type of issues - just enable session recording for the user directly in Citrix Director. When they call back to say it’s happened again, simply watch back what happened in the session recording player. Easy!

The video below shows an example of how use case can work in practice.

 

Security analytics

In combination with Citrix Analytics for Security, Session Recording can be used as an action in response to a user’s risk level. If it has been determined that a user may be performing some risky activities (as determined by User Behavioral Analytics) – you can configure a policy to dynamically enable Session Recording for that user as an additional safety mechanism to allow you to review their activities.

Overall Citrix Session Recording has some great capabilities – for security conscious organisations, or simply as an additional support tool, there are lots of reasons why this can add value to your Citrix solution. The best news is that many of you already have licensing that enables the use of this – any customer with Citrix Virtual Apps and/or Desktops Premium Edition or the Citrix Virtual Apps and Desktops Service are able to use Citrix Session Recording for no additional cost. If this includes you, then do let us know if you would like to add Citrix Session Recording to your Citrix portfolio.

 

Written by Andy McCullough, Solutions Architect