Session Recording

Session Recording web player

Overview

The web player lets you use a web browser to view and play back recordings. Using the web player, you can:

  • Search for recordings by using filters, including host name, client name, user name, application, client IP address, event text, event type, and time.

  • View and play back both live and completed recordings with tagged events listed in the right pane.

  • configure cache memory for storing recordings while playing.

  • Record idle events and highlight idle periods.

  • Leave comments about a recording and set comment severities.

  • Share URLs of recordings.

Note:

Supported browsers include Google Chrome, Microsoft Edge, and Firefox.

Enable the web player

The web player is enabled by default.

  • To disable the web player, start a Windows command prompt and run the <Session Recording Server installation path>\Bin\SsRecUtils.exe –disablewebplayer command.

  • To enable the web player, start a Windows command prompt and run the <Session Recording Server installation path>\Bin\SsRecUtils.exe -enablewebplayer command.

Logon and password

The URL of the web player website is http(s)://<FQDN of Session Recording Server>/WebPlayer. To ensure the use of HTTPS, add an SSL binding to the website in IIS and update the SsRecWebSocketServer.config configuration file. For more information, see the HTTPS configuration section in this article.

Note:

When logging on to the web player website, domain users do not need to enter credentials while non-domain users must.

Installation

As with the other Session Recording components, you can use the Citrix Virtual Apps and Desktops installer to install the web player.

During installation, selecting Session Recording Administration on the Core Components page installs the web player on the same machine with the Session Recording Server. For more information about installing Session Recording, see Install, upgrade, and uninstall.

Starting from Version 2103, Session Recording migrates the WebSocket server to IIS. With the web player installed, the SessionRecordingRestApiService, SessionRecordingWebStreaming, and WebPlayer applications appear in IIS.

Applications hosted in IIS

A fresh installation of Session Recording 2103 and later connects your web browser to the WebSocket server hosted in IIS when you access the web player website. The WebSocket server hosted in IIS is versioned 2.0, as indicated by the registry value WebSocketServerVersion under the registry key at HKEY_LOCAL_MACHINE\SOFTWARE\Citrix\SmartAuditor\Server.

WebSocket Server Version

An upgrade installation from an earlier version to Session Recording 2103 and later connects your web browser to the Python-based WebSocket server. To connect to the WebSocket server hosted in IIS, run the <Session Recording Server installation path>\Bin\SsRecUtils.exe -enablestreamingservice command. To connect back to the Python-based WebSocket server, run the <Session Recording Server installation path>\Bin\SsRecUtils.exe - disablestreamingservice command. The Python-based WebSocket server is versioned 1.0.

HTTPS configuration

To use HTTPS to access the web player website:

  1. Add an SSL binding in IIS.

    1. Obtain an SSL certificate in PEM format from a trusted Certificate Authority (CA).

      Note:

      Most popular browsers such as Google Chrome and Firefox no longer support the common name in a Certificate Signing Request (CSR). They enforce Subject Alternative Name (SAN) in all publicly trusted certificates. To use the web player over HTTPS, take the following actions accordingly:

      • When a single Session Recording Server is in use, update the certificate of the Session Recording Server to a SAN certificate.

        A single Session Recording Server in use

      • When load balancing is in use, ensure that a SAN certificate is available both on Citrix ADC and on each Session Recording Server.

        Load balancing in use

    2. On IIS, right-click the website and select Add Bindings. The Site Bindings dialog box appears.

      The site bindings dialog box

    3. Click Add in the upper right corner. The Add Site Binding dialog box appears.

    4. Select https from the Type list and select your SSL certificate.

      Select HTTPS

      Select your SSL certificate

    5. Click OK.

  2. Update the SsRecWebSocketServer.config configuration file.

    1. Locate and open the SsRecWebSocketServer.config configuration file.

      The SsRecWebSocketServer.config configuration file is typically located in the <Session Recording Server installation path>\Bin\ folder.

    2. (Optional) For Session Recording 2103 and later that host the WebSocket server in IIS, enable TLS by editing TLSEnable=1 and ignore the ServerPort, SSLCert, and SSLKey fields.

    3. (Optional) For Session Recording 2012 and earlier, enable TLS by editing TLSEnable=1, and fill in the paths to the SSL certificate and its key, respectively.

      Note:

      Only the PEM format of SSL certificates and key files is supported.
      The ServerPort field indicates the port number that the web player uses to collect recording files. In the following screen capture, it is set to the default value (22334).

      Image of updating the WebSocket server configuration file

      To extract the separate certificate and key files used in the WebSocket server configuration:

      1. Ensure that OpenSSL is installed on your Session Recording Server that contains the SSL certificate.

      2. Export the SSL certificate as a .pfx file. The .pfx file includes both the certificate and the private key.

      3. Open the command prompt and go to the folder that contains the .pfx file.

      4. Start OpenSSL from the OpenSSL\bin folder.

      5. Run the following command to extract the certificate:

        openssl pkcs12 -in [yourfile.pfx] -clcerts -nokeys -out [aSRS2.pem]
        <!--NeedCopy-->
        

        Enter the import password that you created when exporting the .pfx file.

      6. Run the following command to extract the private key:

        openssl pkcs12 -in [yourfile.pfx] -nocerts -out [newaSRS2keyWithPassword.pem]
        <!--NeedCopy-->
        

        Enter the import password that you created when exporting the .pfx file. Provide a new password for protecting your key file when prompted for the PEM pass phrase.

      7. Run the following command to decrypt the private key:

        openssl rsa -in [newaSRS2keyWithPassword.pem] -out [newaSRS2key.pem]
        <!--NeedCopy-->
        
    4. Save your changes.

    5. Check your firewall settings. Allow SsRecWebSocketServer.exe to use the TCP port (22334 by default) and allow access to the web player URL.

    6. Run the SsRecUtils –stopwebsocketserver command.

View recordings

After you log on, the web player home page might hide or show content based on whether the following option is selected in Session Recording Server Properties.

Hide or show content on the web player home page

  • With the option selected, the web player home page hides all content. Recordings can be accessed only by way of their URLs. Recording URLs are provided in email alerts that are sent to specified recipients. For information about email alerts, see Email alert policies.You can also share recording URLs through the Share Current Playback control on recording playback pages. See descriptions later in this article.

    Content hidden on the web player home page

  • With the option unselected, the web player home page shows content similar to the following screen capture. Click All Recordings in the left navigation to refresh the page and display new recordings if there are any. Scroll down the webpage to select recordings to view or use filters to customize your search results. For live recordings, the Duration column shows Live and the play button appears green.

    All recordings

To show all recording files of a recorded session, select a recording on the list and click the Follow up icon. The Follow up icon is available only when a recording is selected.

Follow up icon

For a description of the recording items, see the following table.

Item Description
Start time The recording start time. Click the up and down arrows to list recordings in chronological order.
User The user whose session was recorded. Click the up and down arrows to concentrate recordings of a user on the list and arrange users in alphabetical order.
Host The host name of the VDA where the recorded session was hosted. Click the up and down arrows to arrange the VDA host names in alphabetical order.
Client The name of the client device where the session was running. Click the up and down arrows to arrange the client host names in alphabetical order.
Events The quantity of events in the recording. Click the up and down arrows to arrange recordings on the list by event quantity.
Events Only Indicates a screen recording or an event-only recording. An event-only recording played in the web player contains an event statistics pie chart and histogram. The pie chart and histogram hold static throughout playback.
Recording Server The Session Recording Server that processes recording data sent from VDAs.
Duration The time length of the recording. Click the up and down arrows to arrange recordings on the list by time length.

Search for recordings by using filters

You can search for recordings by using filters. The available filters include host name, client name, user name, application, client IP address, event text, event type, and time.

Recording search filters

For example, after you select the host name filter, the following dialog box appears. Type in the host name (of the VDA where recorded sessions are hosted) and click Search to filter out irrelevant recordings and display only the relevant ones.

The host name filter

You can change to a different filter by clicking the currently selected Host name, as shown in the following screen capture. All filters are listed after you click Host name. Select a different filter as needed.

All filters listed

You can also click the + symbol to add filters.

The plus symbol

For example, you can add the Time filter as shown in the following screen.

Add the time filter

The Time filter consists of recording start date, start time, and duration.

Open and play recordings

On the recordings page, each recording has a play button on the right side, next to the Duration item.

Play button

Click the play button. The playback page appears. Playback starts after memory caching.

Recording playback page

For a description of the player controls, see the following table:

Player Control Description
Play button Plays the selected recording file.
Pause button Pauses playback.
Progress bar You can drag the progress bar during playback. Idle periods of recorded sessions are highlighted during playback.
Seek backward 7 seconds Seeks backward 7 seconds.
Current position of recording playback Indicates the current position of the recording playback and the total recording duration. The time format is HH:MM:SS.
Comments icon Lets you click and leave a comment about the recording being played.
Share current playback icon Lets you click and copy the URL of the current recording to the clipboard.
Playback speed Indicates the current speed of playback. Click the icon to switch between options including X0.5, X1, X2, and X4.
Full screen button Displays the playback in full screen.
Exit full screen button Displays the playback within the webpage.

In the right pane of the playback page, the following recording data, event filters, and the quick search box are available:

The right pane of the playback page

  • The date and time on the web player machine. In this example, February 23, 2021 and 11:10:58.
  • The duration of the recording in playback. In this example, 00:07:32.
  • The number of events in the recording. In this example, 11 EVENTS.
  • The name of the user whose session was recorded.
  • The host name of the VDA where the recorded session was hosted.
  • The name of the client device where the session was running.
  • Options for sorting search results: Select Sort by All Categories, Sort by Events, or Sort by Comments to sort search results.
  • Event filters. You can select more than one filter to search for events in the current recording.

    Event filters

    Click the icon to expand folded displays of events.

    Expand folded displays of events

  • Event list. Clicking an event on the list takes you to the position of the event in the recording.
  • Quick search box. The search events quick search box helps to quickly narrow down a list of events in the current recording.

Configure cache memory for storing recordings while playing

On the Configuration page of the web player, click the slider to set up the cache memory for storing recordings while playing.

Tip:

You can access the Configuration page directly through http(s)://<FQDN of Session Recording Server>/WebPlayer/#/configuration/cache.

Configure cache memory for storing recordings while playing

Record idle events and highlight idle periods

Session Recording can record idle events and highlight idle periods in the Session Recording web player. Idle events are not visible in the Session Recording Player because idle events are saved in the Session Recording Database but not in the relevant recording files (.icl files).

To customize the idle event feature, set the following registry keys as required. The registry keys are located at HKEY_LOCAL_MACHINE\SOFTWARE\Citrix\SmartAuditor\SessionEvents.

Registry key Default value Description
DisableIdleEvent 0 To disable the idle event feature, set the value to 1.To enable the idle event feature, set the value to 0.
IdleEventThrottle 120 seconds If there is no user activity (including graphics changes and keyboard/mouse inputs) longer than the time threshold set by the registry key, an idle event is recorded. The idle period is highlighted when the recorded session plays back on the Session Recording web player.
IdleEventActiveThrottle 30 seconds Only a certain number of graphics changes within a specified amount of time qualify as user activities. By default, at least three packets within 30 seconds can qualify as user activities.
IdleEventActivePktNumThrottle 3 packets Only a certain number of graphics changes within a specified amount of time qualify as user activities. By default, at least three packets within 30 seconds can qualify as user activities.
IdleEventActivePktSizeThrottle 100 bytes Graphics packets smaller than the key value are ignored and the relevant time duration is regarded as idle.

Comment on recordings

When a recorded session is being played, you can click the Comments player control to leave comments and set comment severities. Comments of different severities are displayed in different colors in the right event list panel. Severities include Normal, Medium, and Severe. During session playback, you can view all comments about a recording and delete comments from the event list. Refresh the webpage before being able to delete a comment you just left.

Comments on a recording

Clicking a comment in the event list lets you jump to the location where the comment was given. Clicking the comment icon in the upper left corner redirects you to the My comments page where all your comments are presented.

My comments page

Note:

To make the comment feature work as expected, clear the WebDAV Publishing check box in the Add Roles and Features wizard of Server Manager on the Session Recording Server.

Image of configuration in server manager

Share URLs of recordings

Clicking Share Current Playback on the playback page of a recording copies the recording URL to the clipboard. You can share the URL with other users for them to access the recording directly without the need to search in all recordings.

Share current playback

After you click Share Current Playback, either of the following messages appears, indicating a successful or failed operation respectively:

  • The URL to the shared recording has been copied to the clipboard

  • Sharing the recording URL failed

Pasting the shared URL in the address bar lets you jump to the location where the URL was copied.

For secure sharing, set the following registry values under HKEY_LOCAL_MACHINE\SOFTWARE\Citrix\SmartAuditor\Server:

Registry value Description Default value Remarks
LinkExpire Time span beyond which a shared URL expires. Counted as timeticks in the unit of 10 microseconds. 1,728,000,000,000 (The default value equals 2 days.) -
LinkSalt A security method to protect the preceding URL expiration time Kk2od974 Change the default value to an arbitrary string that preferably ends with digits.

Administrator Logging integrated with the web player

The web player integrates the Administrator Logging webpage. An administrator assigned to both the LoggingReader and the Player roles can view the administrator activity logs in the web player.

Note:

The language set for the web player browser must match the language you selected when you installed the Session Recording Administration components.

  • Configuration logging:

    Administrator logging integrated with the web player

  • Recording reason logging:

    Recording reason logging

Ensure that your SessionRecordingLoggingWebApplication site in IIS and the web player have the same SSL settings. Otherwise, 403 errors occur when you request to access the administrator activity logs.

Image of Session Recording Logging Web Application

Session Recording web player