VMware Horizon Session Recording Fling: The VMware Horizon Session Recording fling allows administrators to record VMware Blast Extreme sessions to a central server for playback. These recordings can be leveraged for both auditing and troubleshooting purposes. These recordings are stored in MP4 format and can be exported with ease.

Contents VMware Horizon Session Recording Fling: ............................................................................................. 1

Quick Start Guide: ................................................................................................................................... 3

Deploying the Horizon Session Recording server: .................................................................................. 4

About the Session recording server: ................................................................................................... 4

Database: ........................................................................................................................................ 4

Recordings: ...................................................................................................................................... 4

Installation Prerequisites: ................................................................................................................... 4

Installing the service: .......................................................................................................................... 4

Updating the service: .......................................................................................................................... 4

Configuring the SSL Certificate: .......................................................................................................... 5

Administration: ................................................................................................................................... 6

Accessing the server: .......................................................................................................................... 6

Authentication: ................................................................................................................................... 6

Roles: ............................................................................................................................................... 6

Adding additional access rules: ........................................................................................................... 7

About recordings: ............................................................................................................................... 9

Sessions: .......................................................................................................................................... 9

Segments: ........................................................................................................................................ 9

Interacting with recordings: .............................................................................................................. 10

Configuring Settings: ......................................................................................................................... 11

Settings Overview: ........................................................................................................................ 12

Uninstalling the service: .................................................................................................................... 12

Installing the VMware Horizon Session Recording Agent:.................................................................... 13

About the VMware Horizon Session Recording Agent: ................................................................ 13

Pre-requisites: ............................................................................................................................... 13

Installation steps: .......................................................................................................................... 13

Quick Start Guide:

• Install the VMware Horizon Session Recording server on windows server 2016.

• Install a trusted web service SSL certificate.

• Browse to https://<serverfqdn>:9443/

• Configure the access roles to limit administration.

• Configure policies in the console for recording.

• Install the recording agent into a test desktop pool and provision the pool.

Deploying the Horizon Session Recording server:

About the Session recording server:

The VMware Horizon Session Recording Server is an ASP.Net Core Web service comprising of three

components:

• An SQLite Database.

• An ASP.Net Core API.

• An ASP.Net Core MVC web application.

Database:

The SQLite database (recording.db) is stored in the installation directory and is intended for Proof of

Concept or small installation. Support for Microsoft SQL will be added in future versions.

Recordings:

The MP4 Recording files are by default stored in a “recordings” folder in the installation directory of

the Server.

Installation Prerequisites:

• Windows Server 2016 (PowerShell version 5.1)

Installing the service:

• Run the MSI installation

• Import a trusted certificate to web service certificate to host the web service

• Run PowerShell as an administrator and execute the “InstallRecordingCertificate.ps1” script

in the installation directory (typically c:\program files\VMware\SessionRecording)

Updating the service:

While not something you may have to do immediately, ensure to uninstall the previous version

before installing a new version.

Configuring the SSL Certificate:

The horizon Session recording service leverages a native certificate for SSL communications. Acquire

an SSL Certificate (via domain or trusted authority) and install it to the local computer certificates

repository as below:

Once installed, run the pre-prepared PowerShell script (as administrator) to configure the service for

this certificate:

Choose the certificate you installed earlier:

Administration:

Once installed, the local administrators of the server will have administrative access to the web app,

this can be configured and secured later under the settings > roles tab.

Accessing the server:

Browse to the server address, as follows: https://<recording servers FQDN>9443.

Authenticate with active directory credentials.

Authentication:

Authentication to the session recording server is achieved leveraging native IIS authentication. By

default, the local users and administrators of the server onto which you deploy the Session

Recording server is installed will have access to the server. To modify this, see adding roles later in

this document.

As the local users’ group is insecure by default, the web service will warn you of the default

permissions and encourage you to fix it as soon as possible.

Roles:

• Administrators have full access to the server, settings, etc.

• Viewers can playback recordings and lock / unlock recordings to save recordings from the

default clean-up schedule.

Adding additional access rules:

To allow other users or groups to use the service, you can add additional entitlements via the

settings menu:

Now select access roles:

Once here you can review the current rules.

You can add an additional rule by clicking add new Assignment:

Once clicked, a new menu will appear above, enter the Active directory group name (or part of) you

wish to add then click search:

The server queries active directory and provides a list below of the potential matches.

Select the group(s) you wish to add, select the group (administrator or viewer) and click add.

Once added. The Web service will require a restart to re-load the entitlement groups. This can result

in a loss of recording data if the agents call in during the restart, so be careful to only restart out of

hours.

About recordings:

Session recordings are logically grouped into Sessions and Segments.

Sessions:

Sessions are an interval of recording which is uninterrupted.

• If a user logs off the session ends.

• If the session locks, manually or via timeout etc, the session ends.

• Once a user signs in again (via new login or unlock) a new session recording begins.

Segments:

Segments are intervals during a session recording where we could not maintain the current context

and needed to create a new segment. Segments roll directly into each other and no time is lost.

• A new segment for each screen is created in the event of multimonitor.

• A new segment is created if the session is resized.

To ease the ability to differentiate between screens and recordings, simply reference the start time

and screen id, if the ID’s are different and the start times are the same, a multiscreen session is

present.

Interacting with recordings:

Once signed in you will receive a list of recent recordings, you may also search via the search dialog

in the page banner.

To interact with sessions, there are three potential options:

(Default layout)

(Unlock icon)

• Play: play the recording

• Lock: save recording from being deleted by the default clean-up interval

• Unlock: remove the lock on the recording to allow it to be cleaned up.

• Delete: deletes the recording (cannot be recovered).

• You can also elect to bulk delete via the checkboxes.

Once you select play, a new page will be loaded as below:

• 1: the session details (more are coming).

• 2: Play or Download segments.

By default, the first segment will be loaded when you open a recording.

Configuring Settings:

Once authenticated to the server, you can access the settings tab in the top right if you hold the

administrator role:

From here, you can access the server settings and access roles.

Note, all changes occur in Realtime, but already connected devices will not reload their configuration

until the local service has been restarted.

Settings Overview:

Record local sessions Record sessions that DO NOT traverse an external gateway

Record Remote Sessions Record sessions that DO traverse an external gateway

Sessions to record Only members of these groups will be recorded

Days to retain: The maximum age of a session before it is deleted from the Server. Note: locking the recording will retain the recording past the expiry threshold.

Upload Chunk Size (MB) The Size of the chunks that the Agent will upload to the server. Do not change this value unless instructed.

Minimum Duration (seconds) The minimum duration of a session the agent will consider as a viable recording.

Notify users when recording starts

If you Enable this setting, the message will be displayed to the users when recording begins.

Debug Logging Enables debug logging on the Agent, do not configure this value unless requested.

ChunkSize (MB) The chunk size the recording will be converted to an MP4 file. Do not change this value unless instructed.

Conversion Delay The delay before the recording will be converted to an MP4 file. Do not change this value unless instructed.

Uninstalling the service:

• Use add-remove programs to remove the installation.

• If you wish to fully delete all data, delete the installation directory, typically c:\program

files\VMware\sessionrecording.

Installing the VMware Horizon Session Recording Agent:

About the VMware Horizon Session Recording Agent:

The VMware Horizon Session Recording Agent is a local installation in each desktop from which you

may want to record. The service monitors user logon activity notifications and interacts with the

Blast Extreme API’s to record the sessions.

At the designated Chunk File size, the agent will upload the recording data to the server. Once the

recording has been finalised, the MP4 header is sent to the server to be converted.

Note: if a session is ended, and the agent was unable to upload the final data to the server, the

recording will be lost and cleaned up periodically by the server.

Pre-requisites:

• Windows 7 or Windows 10.

• Windows server 2012 and 2016 (Experimental Support).

• 64-bit operating system.

• VMware Horizon Agent (7.4 or better)

Installation steps:

Run the provided MSI

Enter the servers name including the port selection, e.g.:

During the installation, if you have not yet installed a trusted certificate on the server, you may be

prompted to trust the server provided certificate:

• Upon completion, restart the machine.

• Once restarted, verify the horizon session recording service starts successfully.

Additionally, you can check the “logs” folder in the installation directory for a recordingdebug.log

file:

In this file, you can view the settings the client received from the server: (or debug the connectivity

issue):