VMware Horizon Session Recording Fling: The VMware Horizon Session Recording fling allows administrators to record VMware Blast Extreme sessions to a central server for playback. These recordings can be leveraged for both auditing and troubleshooting purposes. These recordings are stored in MP4 format and can be exported with ease.
Contents VMware Horizon Session Recording Fling:... 1 Quick Start Guide:... 3 Deploying the Horizon Session Recording server:... 4 About the Session recording server:... 4 Database:... 4 Recordings:... 4 Installation Prerequisites:... 4 Installing the service:... 4 Updating the service:... 4 Configuring the SSL Certificate:... 5 Administration:... 6 Accessing the server:... 6 Authentication:... 6 Roles:... 6 Adding additional access rules:... 7 About recordings:... 9 Sessions:... 9 Segments:... 9 Interacting with recordings:... 10 Configuring Settings:... 11 Settings Overview:... 12 Uninstalling the service:... 12 Installing the VMware Horizon Session Recording Agent:... 13 About the VMware Horizon Session Recording Agent:... 13 Pre-requisites:... 13 Installation steps:... 13
Quick Start Guide: Install the VMware Horizon Session Recording server on windows server 2016. Install a trusted web service SSL certificate. Browse to https://<serverfqdn>:9443/ Configure the access roles to limit administration. Configure policies in the console for recording. Install the recording agent into a test desktop pool and provision the pool.
Deploying the Horizon Session Recording server: About the Session recording server: The VMware Horizon Session Recording Server is an ASP.Net Core Web service comprising of three components: An SQLite Database. An ASP.Net Core API. An ASP.Net Core MVC web application. Database: The SQLite database (recording.db) is stored in the installation directory and is intended for Proof of Concept or small installation. Support for Microsoft SQL will be added in future versions. Recordings: The MP4 Recording files are by default stored in a recordings folder in the installation directory of the Server. Installation Prerequisites: Windows Server 2016 (PowerShell version 5.1) Server must be domain Joined Installing the service: Run the MSI installation. Import a trusted web service certificate to host the web service. Run PowerShell as an administrator and execute the InstallRecordingCertificate.ps1 script in the installation directory (typically c:\program files\vmware\sessionrecording) Updating the service: While not something you may have to do immediately, ensure to uninstall the previous version before installing a new version. Your recordings and configuration will be retained during this process.
Configuring the SSL Certificate: The horizon Session recording service leverages a native certificate for SSL communications. Acquire an SSL Certificate (via domain or trusted authority) and install it to the local computer certificates repository as below: Once installed, run the pre-prepared PowerShell script (as administrator) to configure the service for this certificate: Choose the certificate you installed earlier:
Administration: Once installed, the local administrators of the server will have administrative access to the web app, this can be configured and secured later under the settings > roles tab. Accessing the server: Browse to the server address, as follows: https://<recording servers FQDN>9443. Authenticate with active directory credentials. Authentication: Authentication to the session recording server is achieved leveraging native IIS authentication. By default, the local users and administrators of the server onto which you deploy the Session Recording server is installed will have access to the server. To modify this, see adding roles later in this document. As the local users group is insecure by default, the web service will warn you of the default permissions and encourage you to fix it as soon as possible. Roles: Administrators have full access to the server, settings, etc. Viewers can playback recordings and lock / unlock recordings to save recordings from the default clean-up schedule.
Adding additional access rules: To allow other users or groups to use the service, you can add additional entitlements via the settings menu: Now select access roles: Once here you can review the current rules. You can add an additional rule by clicking add new Assignment: Once clicked, a new menu will appear above, enter the Active directory group name (or part of) you wish to add then click search: The server queries active directory and provides a list below of the potential matches. Select the group(s) you wish to add, select the group (administrator or viewer) and click add.
Once added. The Web service will require a restart to re-load the entitlement groups. This can result in a loss of recording data if the agents call in during the restart, so be careful to only restart out of hours.
About recordings: Session recordings are logically grouped into Sessions and Segments. Sessions: Sessions are an interval of recording which is uninterrupted. If a user logs off the session ends. If the session locks, manually or via timeout etc, the session ends. Once a user signs in again (via new login or unlock) a new session recording begins. Segments: Segments are intervals during a session recording where we could not maintain the current context and needed to create a new segment. Segments roll directly into each other and no time is lost. A new segment for each screen is created in the event of multimonitor. A new segment is created if the session is resized. To ease the ability to differentiate between screens and recordings, simply reference the start time and screen id, if the ID s are different and the start times are the same, a multiscreen session is present.
Interacting with recordings: Once signed in you will receive a list of recent recordings, you may also search via the search dialog in the page banner. To interact with sessions, there are three potential options: (Default layout) (Unlock icon) Play: play the recording Lock: save recording from being deleted by the default clean-up interval Unlock: remove the lock on the recording to allow it to be cleaned up. Delete: deletes the recording (cannot be recovered). You can also elect to bulk delete via the checkboxes. Once you select play, a new page will be loaded as below: 1: the session details (more are coming). 2: Play or Download segments. By default, the first segment will be loaded when you open a recording.
Configuring Settings: Once authenticated to the server, you can access the settings tab in the top right if you hold the administrator role: From here, you can access the server settings and access roles. Note, all changes occur in Realtime, but already connected devices will not reload their configuration until the local service has been restarted.
Settings Overview: Record local sessions Record Remote Sessions Days to retain: Upload Chunk Size (MB) Minimum Duration (seconds) Notify users when recording starts Debug Logging ChunkSize (MB) Conversion Delay Record sessions that DO NOT traverse an external gateway Record sessions that DO traverse an external gateway The maximum age of a session before it is deleted from the Server. Note: locking the recording will retain the recording past the expiry threshold. The Size of the chunks that the Agent will upload to the server. Do not change this value unless instructed. The minimum duration of a session the agent will consider as a viable recording. If you Enable this setting, the message will be displayed to the users when recording begins. Enables debug logging on the Agent, do not configure this value unless requested. The chunk size the recording will be converted to an MP4 file. Do not change this value unless instructed. The delay before the recording will be converted to an MP4 file. Do not change this value unless instructed. Uninstalling the service: Use add-remove programs to remove the installation. If you wish to fully delete all data, delete the installation directory, typically c:\program files\vmware\sessionrecording.
Installing the VMware Horizon Session Recording Agent: About the VMware Horizon Session Recording Agent: The VMware Horizon Session Recording Agent is a local installation in each desktop from which you may want to record. The service monitors user logon activity notifications and interacts with the Blast Extreme API s to record the sessions. At the designated Chunk File size, the agent will upload the recording data to the server. Once the recording has been finalised, the MP4 header is sent to the server to be converted. Note: if a session is ended, and the agent was unable to upload the final data to the server, the recording will be lost and cleaned up periodically by the server. Pre-requisites: Windows 7 or Windows 10. Windows server 2012 and 2016 (Experimental Support). 64-bit operating system. VMware Horizon Agent (7.4 or better) Installation steps: Run the provided MSI Enter the servers name including the port selection, e.g.: During the installation, if you have not yet installed a trusted certificate on the server, you may be prompted to trust the server provided certificate:
Upon completion, restart the machine.
Once restarted, verify the horizon session recording service starts successfully. Additionally, you can check the logs folder in the installation directory for a recordingdebug.log file:
In this file, you can view the settings the client received from the server: (or debug the connectivity issue):