Caveats and Recommendations

General

System requirements apply to both physical and virtual machines.

• Delinea does not support these Web servers:
• Any Client OS
• Domain Controllers
• SharePoint Servers
• Small Business Server (SBS)
• Windows Server Essentials
• For best performance, we recommend using dedicated (clean) servers for hosting Delinea products.
• If .NET and IIS features are not already installed on the Web server, the Delinea Installer adds and configure them automatically.

Components Supporting Session Recording

Things that can record video:

• Protocol Handler (PH)

• PH on a session connector server

• Web Password Filler (WPF)

• Advanced Session Recording Agent (ASRA)

• Remote Access Service (RAS)

Things that can record keystrokes:

• Remote Desktop Protocol (RDP) Proxy

• Secure SHell (SSH) Proxy

• ASRA

• PH on a session connector server

• RAS

Things that can record process metadata:

• ASRA

Things that can record nothing:

• Secret Server Session Connector (SSSC)

Database

• Database disk storage depends directly on how many recorded videos are stored to disk. For active users, we recommend you use a 1 TB shared or local drive for archival or storage space. For light users, we recommend beginning with 300 GB. Monitor your disk space usage closely, and tailor it for best results.
• Carefully consider how quickly your allotted storage might be exhausted. Once again, it is highly variable, but you might expect around 15 hours of recording per GB of storage. Using the example of encoding capacity used in the Session Recording section, if you wanted to record one year of usage by your 60 8-hour users, you would need around 11 TBs of storage (given vacations and holidays). Our recommended 1 TB would last nearly a month in that scenario. A session retention policy using the automatic deletion feature is likely your best option.
• If MS SQL Server is not already installed on your database server, the Delinea Installer can setup SQL Express on the Web server; however, SQL Express is only for trials and sandbox environments. Delinea does not support using SQL Express in a production environment due to size and performance limitations.

Network Bandwidth and Video

• For Secret Server 10.6 ASR requires around 300 Kbps. Older versions of Session Recording require 1-3 Mbps.

• Session recording bandwidth requirements vary widely based on monitor resolution and image complexity--higher resolutions and more complex images (simpler screen images compress better) use more bandwidth. For example, with a 1024×768 screen resolution, the required network bandwidth is typically between 0.1 Mbps and 1 Mbps.
• If your connection cannot support the needed bandwidth, the session data is still transmitted, but it takes longer to process each session.
• If a user tries to cancel the transmission, this activity appears in the audit record for the Session Recording Secret.
• All sessions are recorded at 1080p.

• Sessions are recorded using the H.264 MPEG-4 codec.

Session Recording

• Server hosting session recording requires fixed RAM and disk space. We strongly recommend that you do not apply dynamic settings.
• Do not record more sessions than you can encode. If more concurrent sessions are recorded than the system can process, the sessions wait in a queue and are processed when enough server resources become available, which could be in a very long time or perhaps never if your storage is overwhelmed.
• The frame rate we can encode varies dramatically based on many factors, so testing what encoding rate your session recording configuration can sustain is a must. From there, you can get an idea of what is possible. For example, let us say you found that we can process 20 FPS on average on your Xeon processors. Given that rate, we could encode around 1 minute of a session recording in 3 seconds, or 1 hour in 3 minutes, or 1 day in 72 minutes--giving you perhaps 480 session hours per day. You could then parse that figure based on your typical usage to arrive at a maximum potential usage, for example, 60 people doing 8-hours of session recording.
• Typically, you can record up to one hundred sessions at a time per web node, load balanced, which should handle large use cases.
• CPU usage during video processing varies depending on concurrent users and recording length. We recommend that you closely monitor CPU percentages on your web server during video processing, as well on your client machines during recording, to increase CPU count for machines, if needed.
• We recommend that you set up RabbitMQ as the backbone service bus in session recording environments. To setup RabbitMQ, see Installing RabbitMQ.

Session Recording Web Node Connectivity Failures

In the event that a session recording web node is disconnected, there is a caching mechanisms:

• Protocol Handler - The information is cached on the machine when just using basic Session Recording.

• Web Password Filler - When recording a browser session if the Web Password Filler loses connectivity to Secret Server's web server over 443, the session is disconnected, and whatever had been recorded up to that point is sent to Secret Server when the connection is restored.

• Advanced Session Recording Agent - If the connection is lost over port 443, the session is unaffected. ASRA will record locally and then when connectivity is restored it will send the data to Secret Server.

• Session Recording with the Proxy - You can block port 443 without any issues when using the proxy but, if you were to block the Proxying port the session would be disconnected.

macOS Catalina Security

macOS Catalina enforces security policy around screen recording. To use the session recording feature of the Delinea launcher on MacOS Catalina, you must first:

1. Go to System Preferences > Security & Privacy > Screen Recording on your Mac.

2. Allow recording for the SecretServerLauncher.app: