Session Recording Overview

Delinea offers basic and advanced recording options to choose from, enabled by different tools and configurations that capture varying levels of content.

Basic session recording supports logging keystroke metadata for RDP and SSH sessions without requiring an agent across both Windows and Mac environments. Users can search for keystrokes, and the session playback interface displays this additional activity information.

Advanced session recording offers more granular capabilities and process metadata.

The following tools record videos:

  • Protocol Handler

  • Protocol Handler on a session connector server

  • Web Password Filler

  • ASRA (Advanced Session Recording Agent)

  • Privileged Remote Access

The following tools record keystrokes:

  • RDP Proxy

  • SSH Proxy

  • ASRA (Advanced Session Recording Agent)

  • Protocol Handler on a session connector server

The following tool can record process metadata:

  • ASRA (Advanced Session Recording Agent)

Basic Session Recording

macOS Catalina requires additional configuration to use basic session recording. See macOS Catalina Security.

Basic session recording is a licensed feature in Secret Server. It relies on the protocol handler to be configured on client machines through Secret Server's launcher. Using this launcher, Secret Server captures second-by-second screenshots on the client machine during a user's recorded session. The images are compiled into a video that can be downloaded and played back for auditing and security purposes. Activity recorded in the session is based on screen changes only.

This is valid for Mac Launchers. RDP/SSH launchers upload recorded video segments every second. See Session Recording Example Architectures for more details.

The Secret Server Session Connector uses a modified Protocol Handler that supports keystroke recording. Session monitoring allows administrators with the Session Monitoring permission to view all active launched sessions within Secret Server. If session recording is enabled on a secret, an administrator can watch the user's session in real time.

Admins can review active and ended sessions by searching for Session Monitoring. To select what data is searched across sessions, check the options available in the Search across columns search filters.

Some search filters require additional components to be installed or configured, such as:

  • Proxy Session Client Data: Search within keystroke data of proxied SSH sessions. This requires the SSH proxy to be enabled, and for SSH sessions to use it.
  • RDP Keystroke Data: Requires an ASRA to be installed on the target or alternatively, for the RDP proxy or session connector components to be available.
  • RDP Application Name: Requires an additional ASRA be installed on the target.

To view a recording, click the Play icon on the session. Hover over the session line to make the Play icon appear. The Watch Session Recording page appears.

If there is logged session activity, such as keystroke or application data, you can search through session activity and jump to points within the video playback. The playback also displays an activity map to show points of high activity, such as screen changes, keystrokes, and processes started and stopped.

Selecting an activity in the grid also shows additional details such as the full folder path where the application started and the user that performed the operation.

SSH Keystroke data is shown in one-minute segments. In a short session of less than a minute, the "jump to" only goes to the beginning of the video.

For active sessions, there are two actions that can be taken:

  • Watch Live: When session recording is enabled for a secret, an admin can view and replay the user's activity in real time.

  • Terminate: Sends a message to the business user or terminates their session.

    The business user will see an alert dialog pop up on their machine with the message. Session Recording does not need to be enabled for this to work. When Session Recording is enabled, however, the functionality exists on both the secret itself, and the session in Session Monitoring. For ended sessions, admins can watch the recorded video and view the SSH log if session recording was turned on for the secret.

Limitations

Certain scenarios cannot be properly video recorded on the client machine:

  • When using Show SSH Proxy Credentials and connecting manually.

  • When using tabbed SSH clients.

In these cases, video recording in Protocol Handler only records the first launched session.

SSH Session Replay

SSH Session Replay provides video-like playback capability for recorded proxied SSH sessions, by replaying captured data through a terminal emulator.

Requirements

SSH Session Replay is available when:

  • Using Local Proxy

  • Using a Distributed Engine version of 8.4.85.0 or later.

Additionally, the following settings must be configured:

  • SSH Record Keystrokes should be enabled in Proxy Session Recording.

  • Session Recording Enabled is set to Yes on the secret.

Advanced Session Recording

Advanced Session Recording (ASR) is a licensed feature of Secret Server that adds capabilities to those offered by basic session recording. You install the Advanced Session Recording Agent (ASRA), which uses the Remote Desktop Protocol, on any client machine where you want more information from the sessions recorded.

ASR is not available to those using our Mac launcher.
Older ASRAs (earlier than 7.7) require a Distributed Engine configuration with RabbitMQ or MemoryMQ installed.

ASR enhances launcher sessions, which typically only include screenshots, keystrokes, and process activity.

ASR features include:

  • Screen Capture: The Secret Server launcher records second-by-second screen images compiled into a playback video of the user's session. This is essentially the same as basic session recording.
  • Logged Processes: The ASRA logs all processes started and stopped during a user's session.
  • Recorded Keystrokes: The ASRA records all user keystrokes during the session, which can be disabled.

In addition, ASR includes these enhanced video playback features:

  • Searchable Video: You can search video activity to find locations where specific activities occurred, such as certain keystrokes or processes that ran.
  • Enhanced Playback: Sessions recorded using ASR display additional data on playback, such as the current active window, the used processes, and the keystrokes in the session.
  • On-demand video processing
  • Recording all sessions
  • Inactivity timeout
  • Maximum session-length protection

The Windows Protocol Handler encodes your session in WebM format in real-time and sends the recording to Secret Server. There is an Enable On-Demand Video Processing option in Secret Server, which leaves the recordings in the WebM format that Chrome and Firefox can playback without any further processing, saving server processing time.

Edge now also supports WebM playback natively, so recordings in WebM format can be played directly without conversion. You also have the option to click the Request Video Processing button, and the video will be converted to the H.264/MP4 format.

The Mac protocol handler does not yet support this feature, so any recordings created with it are converted to the chosen legacy video codec format. We recommend H.264/MP4. You can set the advanced session recording agent to "Record All Sessions." If someone logs into a server directly without launching from Secret Server, or even logs in at the console, the full session is recorded, including metadata.

See Installing the Advanced Session-Recording Agent for details on configuring ASRAs. See Session Recording Configurations for more in-depth information specific to recording settings.