Session Recording is designed to be deployed within a secure network and accessed by administrators, and as such, is secure. Out-of-the-box deployment is designed to be simple and security features such as digital signing and encryption can be configured optionally.
Communication between Session Recording components is achieved through Internet Information Services (IIS) and Microsoft Message Queuing (MSMQ). IIS provides the web services communication link between each Session Recording component. MSMQ provides a reliable data transport mechanism for sending recorded session data from the Session Recording Agent to the Session Recording Server.
Consider these security recommendations when planning your deployment:
+ Disable core memory dump for VDA machines unless for specific troubleshooting cases.
To disable core memory dump:
1. Right-click My Computer, and then click Properties.
2. Click the Advanced tab, and then under Startup and Recovery, click Settings.
3. Under Write Debugging Information, select (none).
See the Microsoft article https://support.microsoft.com/en-us/kb/307973.
+ Ensure log on credentials or security information does not appear in all local and Web applications published or used inside the corporation or they are recorded by Session Recording.
+ Users should close any application that might expose sensitive information before switching to a remote ICA session.
+ Session owners should notify attendees that online meetings and remote assistance software might get recorded if a desktop session is being recorded.
+ Allow only automatic authentication methods (for example, single sign on, smartcard) for accessing published desktops or applications.
1) Install server feature Directory Service Integration on each Session Recording Server and VDA or VDI machine where Session Recording is enabled, and then restart the Message Queuing service.
2) From the Windows Start menu on each Session Recording Server, open Administrative Tools > Computer Management.
3) Open Services and Applications > Message Queuing > Private Queues.
4) Click on the private queue citrixsmauddata to open the Properties page and select the Security tab.
5) Add the computers or security groups of the VDA machines that will send MSMQ data to this server and grant them Send Message permission.
For information about configuring Session Recording features, see http://support.citrix.com/article/CTX200868.