Question & Answer
Question
How do you configure session recording for IBM Security Secret Server?
Answer
During a recorded RDP or PuTTY session, Secret Server requires a codec to create the movie. You must ensure that the codec you selected is correctly installed on the same machine as Secret Server. It does not need to be installed on any client machines where session recording is occurring.
Configuring Session Recording
Go to ADMIN > Configuration > Session Recording. On the Session Recording tab click Edit and select the box for enabling session recording. The VP8 codec is suggested.
· Microsoft Video 1 (Testing Only)
o Microsoft Video 1 has been deprecated in favor of Microsoft Video 9 and should not be used for production. Microsoft Video 1 does not support browser based playback of sessions.
· Microsoft Video 9
Note: On Windows Server 2008 and above, Window Media Player can be installed by adding Desktop Experience from the features in Server Manager.
o High level of compression and quality. Requires Windows Media Player. This option produces comparable size video to Xvid for moderate activity in an RDP session.
· VP8
o High level of compression and quality. VP8 is bundled with Secret Server. This option produces comparable size video to Xvid for moderate activity in an RDP session.
· Xvid
o Xvid provides a similar level of quality and compression to DivX, and is freely available. For more information about Xvid, see the Xvid website. This option produces approximately 20 MBs of video for 1 hour of moderate activity in an RDP session.
Note: For testing and proof of concept deployments Secret Server's Internal Site Connector is sufficient for Session Recording. For production deployments, it is suggested that you use RabbitMQ for more robust message queue.
Enabling Session Recording
Once the codec is installed, you can enable session recording. To enable session recording, go to ADMIN > Configuration > Session Recording, choose your preferred option under "Video Codec", and enable session recording. Under the "Security" tab, you must also enable Session Recording for each Secret that it must apply to. After session recording is enabled on a secret, Secret Server records that session when the launcher is used. To view the recorded session after it is complete, click "View Audit" on the secret screen and then the "View Session Recording" link in the details column.
You can also search through recordings from the Session Monitoring page under ADMIN > Session Monitoring. The Session Monitoring page lets users search and filter sessions based on Session Data, Secrets, Users, Groups, Launcher Type, Date, and Folders.
To view a Session, click the camera icon. The web playback interface is displayed. The video playback shows you an activity map that you can use to skip to sections of higher usage.
Advanced Session Recording
By default Session Recording creates videos of the launched session. Secret Server supports logging additional metadata such as keystrokes for RDP and SSH sessions. When these options are enabled, users can search for keystrokes or applications across sessions and the session playback interface shows additional activity information.
SSH keystroke data relies on the Secret Server SSH Proxy. To enable the SSH Proxy, go to ADMIN > SSH Proxy. For more information, see the SSH proxy configuration and bandwith. Once proxying is enabled recorded SSH sessions will log SSH traffic which can be searched and is displayed in the session playback interface.
Session Recording Storage Settings
Under ADMIN > Configuration > Session Recording there are several settings for configuring how Secret Server stores and retains session videos.
Save Videos To
· Database: Stores the information from a recorded session as Encrypted data to your database.
· Disk: Stores the recorded session as a video file directly to the specified folder path.
Encrypt Archive on Disk
Encrypts the session videos when stored on disk. Videos stored on disk can be played back through the Secret Server UI but cannot be viewed directly from the file system.
Enable Archiving to Disk
After the specified number of days have passed, all recorded session information in your database will be transferred to the specified folder path as video files and cleared from the database.
Enable Deleting
After the specified number of days have passed, all recorded videos in your database will be cleared and video files in your archive path will be deleted.
Notes
· To use Save Videos to Disk or Archive to Disk, the Application Pool Service Account must have Write permissions to the specified file path.
· To delete videos from the archive path, the Application Pool Service Account must have Modify permissions.
· After saving a change to Configuration > Session Recording, the configurations for Save to Disk and Delete will immediately be applied to all existing session recordings.
Using Network Share Path
In a clustered environment, Secret Server must use a network path if saving the files to disk. All nodes require access to the path to read the videos back to the user.
To archive or save to a file path that is a network share instead of a local folder:
· The Secret Server IIS Application Pool must be running as a Service Account. For instructions, see Using a Service Account to run the IIS App Pool and access the SQL database - Best Practices (Advanced).
· You must grant access to the network share (using Windows ACLs) to the account that is running the Secret Server IIS Application Pool
[{"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Product":{"code":"SSWHLP","label":"IBM Security Secret Server"},"Component":"--","Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"10.5","Edition":"","Line of Business":{"code":"LOB24","label":"Security Software"}}]
Was this topic helpful?
Document Information
Modified date:
12 April 2019
UID
swg22016913