3. Horizon Recording Services (Optional Lab)

Introduction to this lab

Note: Parts 1 to Part 3  can be provisionally completed

From Part 4 onwards. Installing the Agent may be completed after you have completed Lab 6
If you would prefer exact screenshot harmony , wait until you have completed the Linux lab which is Lab 9

 

This feature allows administrators to record desktop and application sessions to monitor user behavior for remote desktops and applications.

Administrators can observe a users exact keystrokes, cursor and mouse activity, and other user behavior in a recorded desktop or application session. In addition to providing greater security and auditing for user behavior, recording also helps with troubleshooting and reproducing issues the user experiences during a session. Administrators can play back, store, and audit the recordings.

When a user logs on, Horizon Recording starts automatically, displaying the default message Your session is being recorded in accordance with security policies. The recording runs as long as the session is in a connected state. Recording stops when the user logs out or disconnects. If the user changes the screen resolution of the desktop or application session, Horizon Recording creates a new segment of the recording. Recording file sizes vary based on the duration of the connected session. Recordings are stored in MP4 format and can be downloaded to play in a local player or viewed in the Horizon Recording web console.

Components

Horizon Recording consists of the following components:

  • Horizon Recording Server: Collects information about the session as well as raw recording data for storage and playback. This component is available for Horizon 8 2106 and later.
  • Horizon Recording Agent: Records a user session, registers the session with the Horizon Recording Server, and uploads recording data.
    • The Horizon Recording Agent for Windows is available for Horizon 8 2106 and later.
    • The Horizon Recording Agent for Linux is available for Horizon 8 2306 and later.
Part 1. Deploying the Horizon Recording Server Service
  1. On your ControlCenter server
    • on server Desktop,
      • open the Remote Desktops > Site 1 folder
      • In the Site 1 folder
        • launch the WS1-Connector.RDP shortcut
  1. On the WS1-Connector Server
    • from the desktop
    • select the Software shortcut
      • In the Software folder
        • go to the Horizon > 2412 > Recording services folder
  1. On the WS1-Connector Server
    • Recording services folder
      • launch the HorizonRecordingServer-1.12.0.msi installer
  1. In the Open File - Security Warning window,
    • select Run
  1. In the Omnissa Horizon Recording Server Setup wizard
    • Welcome page
      • select Next
  1. In the Omnissa Horizon Recording Server Setup wizard
    • Destination Folder
      • select Next
  1. In the Omnissa Horizon Recording Server Setup wizard
    • Ready to Install Omnissa Horizon Recording Server
      • select Install
  1. In the Omnissa Horizon Recording Server Setup wizard
    • Installer Completed
      • select Finish
Part 2. Replacing a Self-signed certificate with a CA-signed Certificate
  1. On the ControlCenter server
    • switch back to your WS1-Connector.RDP session
  1. On the WS1-Connector Server
    • on the Desktop
      • select the CACertSnapin
  1. In the Certificates Snapin
    • below Certificates (Local Computer)
      • expand Personal
        • select Certificates
      • In the right pane
        • select and right-click  WS1-CONNECTOR
        • in the dropdown menu
          • select Delete
          • In the Certificates window
            • select Yes
  1. In the Certificates Snapin
    • below Certificates (Local Computer) > Personal
      • select and right-click Certificates
        • In the Drop-down menu
          • select All Tasks > Import
  1. In the Certificate Import Wizard
    • Welcome to the Certificate Import Wizard page
      • select Next
  1. In the Certificate Import Wizard
    • File to Import page
      • select Browse
  1. In the Open window
    • under the Quick access bar
      • select Desktop
        • in the right pane select the software shortcut
  1. In the Open window
    • Software folder
      • browse to Certificates > Techseales
    • In the Open window
      • at the bottom
        • to the right of File name
          • from the drop down
            • change the file type to All Files (*.*)
        • In file area
          • select wildcard_2025
          • select Open
  1. In the Certificate Import Wizard
    • File to Import page
    • select Next
  1. In the Certificate Import Wizard
    • Private key Protection page
      • below Password:
        • enter Pa$$w0rd
      • next to Mark this key as exportable....
        • select the checkbox
      • select Next
  1. In the Certificate Import Wizard
    • Certificate Store page
      • select Next
  1. In the Certificate Import Wizard
    • Completing the Certificate Import Wizard page
      • select Finish
      • To close the Certificate Import Wizard
        • select OK
  1. In the CACertsSnapin
    • Certificates folder
      • select and right-click the *.techseals.co certificate
        • select Properties
  1. In the *.techseals.co Properties window
    • General tab
      • next to Friendly name:
        • enter HorizonSessionRecordingServer
    • select OK
  1. On the Horizon-01a server
    • select and right-click the START button
      • select Run
  1. In the Run window
    • next to Open:
      • enter services.msc
    • select OK
  1. On the Services window
    • scroll down to Omnissa Horizon Recording Server
      • select and right click   Omnissa Horizon Recording Server
        • from the drop down
          • select Restart

wait at least 3 minutes before doing the next step

  1. In the ControlCenter server
    • Open your Site 1 browser
      • from the Favourites bar
        • select the Horizon Site 1 shortcut
      • Notice your Server is now trusted using a CA-signed Certificate
Part 3. Configuring the Recording Service
Task 1. Disabling the Windows Firewall service on WS1-Connector
  1. On the WS1-Connector server
    • select and right-click the START button
      • in the menu pop-up
        • select Run
  1. In the vrun window
    • next to Open:
      • enter wf.msc
        • select OK
  1. In the Windows Defender for Advanced Security window
    • on the System Preparation Tool 3.14
      • select and right-click  Windows Defender Firewall with Security
        • from the dropdown
          • select Properties
  1. In the Windows Defender for Advanced Security Console
    • Windows Defender Firewall with Security on Local Computer window
      • Domain Profile tab
        • next to Firewall state:
          • from the dropdown
          • select Off
  1. In the Windows Defender for Advanced Security Console
    • Windows Defender Firewall with Security on Local Computer window
      • select the Private Profile tab
        • next to Firewall state:
          • from the dropdown
          • select Off
  1. In the Windows Defender for Advanced Security Console
    • Windows Defender Firewall with Security on Local Computer window
      • select the Public Profile tab
        • next to Firewall state:
          • from the dropdown
          • select Off
    • to Close the window
      • select OK
    • Close Windows Defender for Advanced Security Console
Task 2. Configuring the Omnissa Horizon Recording Service.
  1. On the Controlcenter server
    • from the Site 1 Bangalore browser
      • open a new tab
      • In the Address bar
        • enter https://WS1-connector.techseals.co:9443
  1. From the Site 1 Bangalore browser
    • Your connection is not private window
      • select Advanced
  1. From the Site 1 Bangalore browser
    • Your connection is not private window
      • select Proceed to ws1-connector.techseals.co (unsafe)
  1. On the Omnissa Horizon Recording window
    • in the Username area
      • enter administrator
    • In the Password area
      • enter Recording123
    • select LOGON
  1. On the Omnissa Horizon Recording admin console
    • in the top-right corner
      • next to Administrator
        • select the Dropdown
          • from the Dropdown
            • select Service Settings
  1. On the Omnissa Horizon Recording admin console
    • in the left pane
      • select Server Settings:
  1. On the Omnissa Horizon Recording admin console
    • in the Local Server Settings: area
      • select EDIT DEPLOYMENT
  1. On the Setup Wizard
    • 1. Welcome: page
      • select NEXT
  1. On the Setup Wizard
    • 2. Setup Type: page
      • accept the default
        • select NEXT
  1. On the Setup Wizard
    • 3. Database Type: page
      • next to Database Type:
        • select the dropdown
          • from the dropdown
            • select Microsoft SQL
  1. In the Setup Wizard
    • 3. Database Type: page
      • below Connection String:
    • copy and paste the following 
 user id=VIEWADMIN;password=Pa$$w0rd;server=sql-01a.techseals.co;database=Recording;Trusted_Connection=no;Encrypt=False
  • select NEXT
  1. In the Setup Wizard
    • 4. Storage Location: page
      • select TEST PATH
        • if you look carefully as you select TEST PATH you get a tick box
    • note the default Storage Location
      • select NEXT
  1. In the Setup Wizard
    • 5. Storage Location: page
      • select SAVE CONFIGURATION
  1. On your ControlCenter
    • you will notice Web Service Restarting....
      • following by being taken back to the login page
  1. On the Omnissa Horizon Recording window
    • in the Username area
      • enter administrator
    • In the Password area
      • enter Recording123
    • select LOGON
  1. On the Omnissa Horizon Recording window
    • note the Database Type: is now  MSSQL
Part 4. Horizon Recording Services Agent Deployment
Task 1: Installing the Recording Services Agent on the Master Image
  1. On the Controlcenter server
    • from the Site 1 Bangalore browser
      • open a new tab
      • from the Favourites bar
        • select vcenter-01a
  1. From the VMware vSphere login page
    • in the username area
    • in the password area
      • enter Pa$$w0rd
      • select LOGIN
  1. In the vSphere Client desktop
    • expand vcenter-01a.techseals.co
      • expand Region01a
        • expand Bangalore
    • select and right-click  W11INSTMaster
      • from the pop-up
        • select Power > Power On
  1. In the vSphere Client
    • W11INSTMaster area
    • select LAUNCH WEB CONSOLE
  1. In the W11INSTMaster Console area
    • in the right-hand corner
      • select Send Ctrl+Alt+Delete
    • below Administrator
      • in the password area
        • enter Pa$$w0rd
      • to the right
        • select the Submit icon
  1. In W11INSTMaster
    • on the taskbar
      • select and right-click the START button
    • from the pop-up
      • select Run
  1. In the Run window
    • next to Open:
    • enter \\horizon-01a.techseals.co\software
    • select OK
  1. In the File Explorer window
    • Software share
    • browse to Horizon > 2412 > Recording services
  1. In the File Explorer window
    • Recording services share
    • select and right-click the HorizonRecordingAgent-1.12.0.exe
      • from the dropdown
      • select Open
  1. In the User Account Control window
    • select Yes
  1. In the Omnissa Horizon Recording  Agent Setup wizard
    • Welcome Wizard
      • select Next
  1. In the Omnissa Horizon Recording  Agent Setup wizard
    • Destination Folder
      • select Next
  1. In the Omnissa Horizon Recording  Agent wizard
    • enter the following below : -
      • Server Address:
        • enter ws1-connector.techseals.co:9443
      • User Name:
        • enter administrator
      • Password:
      • enter Recording123
      • next to This machine is a template
        • select the checkbox
        • to the right of the window
          • select Register
  1. In the Omnissa Horizon Recording  Agent Setup wizard
    • select Install
  1. In the Omnissa Horizon Recording  Agent Setup wizard
    • select Finish
  1. In the W11INSTMaster desktop
    • from the Taskbar
      • select and right-click the START button
        • from the pop-up
          • select Shut down or sign out > Shut down
  1. In the vSphere Client
    • Hosts & Clusters inventory
      • select and right-click W11INSTMaster
    • from the pop-out select
      • Snapshots > Take Snapshot..
  1. In the Take snapshot window
    • next to Name
      • enter Recording Services agent
    • select CREATE
Task 2. Re-deploying the Desktop Pool
  1. On your Controlcenter server
    • Site 1 - Bangalore browser
      • from the Favourites bar
        • select the Horizon Site 1 shortcut
      • In the Horizon Login window
        • User Name area
          • enter Administrator
        • Password area
          • enter Pa$$w0rd
        • select SIGN IN
  1. In the Horizon Admin Console
    • In the left pane
      • under Inventory,
        • select Desktops
  1. In the Desktop Pools area
    • select W11-BLR-INST
  1. In the W11-BLR-INST property area
    • Summary tab
      • next to MAINTAIN
        • from the Dropdown
          • select Schedule
  1. In the Schedule Push image wizard
    • step 1. Image
      • next to Recording Services agent
        • select the radio button
          • select NEXT
  1. In the Add Pool wizard
    • step 2. Schedule
      • select NEXT
  1. In the Schedule Push image wizard
    • step 3. Ready to Complete
      • select FINISH
  1. Under the Summary tab,
    • scroll down to Secondary Image
      • view the progress of the pool being Provisioned
    • to the right notice the State is Publishing

NOTE: The page does not dynamically update. In the top right corner of the page, select the  refresh icon.  

Move to step 9

  1. In the Horizon Admin Console
    • W11-BLR-INST properties
      • Summary tab
      • when the provisioning is done,
        • note the State will say Published
  1. In the Horizon Admin Console
    • W11-BLR-INST properties
      • Next to the Summary tab
        • select Machines
  1. In Machines area
    • to view the Machine Status ,
      • use the scroll bar at the bottom of the window
        • scroll right.
    • refresh  until the Status shows Available for your Machines
Part 5. Working with Horizon Recording Service Admin Console
Task 1. Viewing the Agent registrations
  1. On the ControlCenter server
    • Site 1 Bangalore Browser
      • In the Address bar
        • enter https://ws1-connector.techseals.co:9443
    • with your keyboard
      • press ENTER
    • In the username area
      • enter administrator
    • in the password area
      • enter Recording123
    • at the bottom of the page
      • select LOGON
  1. In Horizon Recording Services Admin Console
    • In the top right corner
      • next to Administrator
    • select the dropdown
      • select Manage Agents
  1. In Horizon Recording Services Admin Console
    • Registered Machines: Console
    • note your Registered Machines:
      • note the Type is Machine for the Instant Clone virtual machines
      • note the Type is Template for the Master Image
  1. In Horizon Recording Services Admin Console
    • In the top-right corner
      • next to Administrator
    • select the dropdown
      • select Service Settings
  1. In Horizon Recording Services Admin Console
    • Service Settings page
      • in the left-side
        • select Agent Settings:
  1. In Horizon Recording Services Admin Console
    • Agent Settings page
      • next to Notification Message:
        • add the following to the existing message
          • Your Techseals session is being recorded in accordance with security policies.
      • in the bottom left-corner
        • select SAVE
  1. In Horizon Recording Services Admin Console
    • Service Settings page
      • in the left-side
        • select Recording Criterias:
  1. In Horizon Recording Services Admin Console
    • Recording Criteria: page
      • in line with Session Types:
        • next to Record Local Sessions
          • move the Toggle switch to right in an ON position
      • in the bottom left-corner
        • select SAVE
Task 2. Initiating a Horizon Recording session
section 1. Generating a Recording with the [email protected] account
  1. On your ControlCenter server
    • On the Desktop
      • Open the Remote Desktops Folder
        • open Site1
          • launch W11Client-01a.rdp

you should be automatically logged in as [email protected] with the password Pa$$w0rd

  1. On your  W11Client-01a
    • from the Desktop
      • launch the Horizon Client shortcut
  1. On the Horizon Client textbox
    • select horizon-01a.techseals.co more icon
      • from the dropdown
        • select Connect
  1. In the Horizon Client textbox
    • in the Enter your user name area
    • in the Enter your password area
      • enter Pa$$w0rd
        • select Login
  1. In the Horizon Client
    • select the W11INST more icon
      • from the dropdown
        • select Launch
  1. In the Horizon Client session
    • on the Omnissa Horizon Recording Agent prompt
      • select OK
  1. In the Horizon Client session
    • from the desktop
      • select and double-click. the VLC media player shortcut

This step purely to test the Recording Services functionality. Feel free to launch other applications

you could launch the Command prompt and ping the ControlCenter server

  1. In the Horizon Client session
    1. select the More Icon
    2. from the dropdown
      • select Logoff Desktop
  1. On the Disconnect and log off desktop? window
    • select OK
section 2. Generating a Recording with the [email protected] account
  1. On your ControlCenter server
    • On the Desktop
      • Open the Remote Desktops Folder
        • open Site1
          • launch W11EXT-01a.rdp

you should be automatically logged in as [email protected] with the password Pa$$w0rd

  1. On your  W11EXT-01a desktop
    • from the Desktop
      • launch the Omnissa Horizon Client shortcut
  1. On the Horizon Client textbox
    • select the corp.techseals.co more icon
      • from the dropdown
        • select Connect
  1. In the Horizon Client textbox
    • in the Enter your user name area
    • in the Enter your password area
      • enter Pa$$w0rd
        • select Login
  1. In the Horizon Client
    • select the W11INST more icon
      • from the dropdown
        • select Launch
  1. In the Horizon Client session
    • on the Omnissa Horizon Recording Agent prompt
      • select OK
  1. In the Horizon Client session
    • from the desktop
      • select and double-click. the Horizon Performance Tracker shortcut

This step purely to test the Recording Services functionality.

Feel free to launch other applications, you could launch the Command prompt and ping the ControlCenter server

  1. In the Horizon Client session
    1. select the More Icon
    2. from the dropdown
      • select Logoff Desktop
  1. On the Disconnect and log off desktop? window
    • select OK
Task 3. Recording Services Administration

There are two default accounts we can administer the Console with

  • Administrator and Viewer
step 1. Administrative tasks as an Administrator
  1. On the ControlCenter Server
    • Site 1 Chrome browser Address bar
      • enter https://ws1-connector.techseals.co:9443
    • in the Omnissa Horizon Recording login
      • in the username area
        • enter administrator
      • in the password area
        • enter Recording123
      • select LOGON
  1. In the Omnissa Horizon Recording admin console
    • by default we are in the Dashboard area
      • below Recent Recordings
        • notice you have Recent Recordings
          • below the Name: column
            • select Craig
  1. In the Recordings: window
    • select the Play Icon
    • In the right column observer the following examples of information collected related to the recording :-
      • Broker
      • Client Name
      • Client-IP
      • Session Start
      • Session End-Time
      • Size
      • State
  1. In the Recordings: window
    • whilst playing the video
      1. notice that you can increase the play speed
      2. you can go Full-Screen to get a clearer view of the video
      3. I can download the video file for external distribution and analysis
        • notice that when this file is downloaded its in .mp4 format
  1. In Omnissa Horizon Recording admin console
    • select the Dashboard tab
      • below Recent Recordings:
        • next to Craig
          • select the checkbox
      • at the bottom of the window
        • select DELETE
        • in the Confirmation window
          • select DELETE
    • at the top of the admin console
      • select Audit Trail
  1. In the Omnissa Horizon Recording admin console
    • Audit Trail tab
    • take note of the following columns
      • Time
      • User
      • Message
        • If we look at some of the latest messages.
          • We see a session was Deleted by Administrator
          • recordings have been downloaded
          • and even entering the Audit Trail interface is logged
            • "User requested the audit trail"
      • In Omnissa Horizon Recording admin console
      • select the Recordings tab
  1. In Omnissa Horizon Recording admin console
    • Recordings tab
      • to the right of the console
        • select the Search icon

note if we had numerous recordings, we are in a postion to do a filtered search based on dates, Pool/Farm / Resource / Session Source or User Name

step 2. Administrative tasks as an Viewer
  1. On the ControlCenter Server
    • Site 2 Seattle Chrome browser Address bar
      • enter https://ws1-connector.techseals.co:9443
    • in the Omnissa Horizon Recording login
      • in the username area
        • enter viewer
      • in the password area
        • enter Recording456
      • select LOGON
  1. In the Omnissa Horizon Recording admin console
    • by default we are in the Dashboard area
      • to the top-right corner
        • notice you have Viewer privilege and none of the Administrative functions in the top-right corner are available
      • below Recent Recordings
        • notice you have Recent Recordings
          • below the Name: column
            • select Jackie
  1. In the Recordings: window
    • note that the Play Icon is available
    • In the right column observe that recording info is the same administrator
    • To the bottom right
      • note that Viewer can only REFRESH.
        • Viewer cannot DELETE or LOCK
        • Viewer cannot download recording files
    • In the top bar, note that Auditing and Search are not available to Viewer

0 Comments

Add your comment

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.