Configure policies 编辑

Configure policies

Use the Session Recording Policy Console to create recording policies, event logging policies, and recording viewing policies. When creating the policies, you can specify Delivery Controllers from both the Citrix Cloud and on-premises environments.

Important:

To use the Session Recording Policy Console, you must have the Broker PowerShell Snap-in (Broker_PowerShellSnapIn_x64.msi) or the Citrix Virtual Apps and Desktops Remote PowerShell SDK (CitrixPoshSdk.exe) installed manually. The installer does not install the snap-ins automatically. Locate the Broker PowerShell snap-in on the Citrix Virtual Apps and Desktops ISO (\layout\image- full\x64\Citrix Desktop Delivery Controller), or download the Citrix Virtual Apps and Desktops Remote PowerShell SDK from the Citrix Virtual Apps and Desktops Service download page.

Tip:

You can edit the registry to prevent recording file losses in case that your Session Recording Server might fail unexpectedly. Log on as an administrator to the machine where you installed the Session Recording Agent, open the Registry Editor, and add a DWORD value DefaultRecordActionOnError =1 under HKEY_LOCAL_MACHINE\SOFTWARE\Citrix\SmartAuditor\Agent.

Recording policies

You can activate system-defined recording policies available when Session Recording is installed or create and activate your own custom recording policies. System-defined recording policies apply a single rule to all users, published applications, and servers. Custom recording policies specifying which users, published applications, and servers are recorded.  

The active recording policy determines which sessions are recorded. Only one recording policy is active at a time.

System-defined recording policies

Session Recording provides the following system-defined recording policies:

  • Do not record. The default policy. If you do not specify another policy, no sessions are recorded.
  • Record everyone with notification. If you choose this policy, all sessions are recorded. A pop-up window appears to notify recording occurrence.
  • Record everyone without notification. If you choose this policy, all sessions are recorded. No pop-up window appears to notify recording occurrence.

You cannot modify or delete the system-defined recording policies.

Create a custom recording policy

When you create your own recording policy, you make rules to specify which users or groups, published applications or desktops, delivery groups or VDA machines, and Citrix Workspace app client IP addresses have their sessions recorded. A wizard within the Session Recording Policy Console helps you create rules. To obtain the list of published applications or desktops and the list of delivery groups or VDA machines, you must have the read permission as a Site administrator. Configure the administrator read permission on the Delivery Controller of the Site.

For each rule you create, you specify a recording action and rule criteria. The recording action applies to sessions that meet the rule criteria.

For each rule, choose one recording action:

  • Do not record. (Choose Disable session recording in the Rules wizard.) This recording action specifies that sessions meeting the rule criteria are not recorded.
  • Record with notification. (Choose Enable session recording with notification in the Rules wizard.) This recording action specifies that sessions meeting the rule criteria are recorded. A pop-up window appears to notify recording occurrence.
  • Record without notification. (Choose Enable session recording without notification in the Rules wizard.) This recording action specifies that sessions meeting the rule criteria are recorded. Users are unaware that they are being recorded.

For each rule, choose at least one of the following items to create the rule criteria:

  • Users or Groups. Creates a list of users or groups to which the action of the rule applies. Session Recording allows you to use Active Directory groups and white list users.
  • Published Applications or Desktop. Creates a list of published applications or desktops to which the action of the rule applies. In the Rules wizard, choose the Citrix Virtual Apps and Desktops Site or Sites on which the applications or desktops are available.
  • Delivery Groups or Machines. Creates a list of Delivery Groups or machines to which the action of the rule applies. In the Rules wizard, choose the location of the Delivery Groups or machines.
  • IP Address or IP Range. Creates a list of IP addresses or ranges of IP addresses to which the action of the rule applies. On the Select IP Address and IP Range screen, add a valid IP address or IP range for which recording is enabled or disabled. The IP addresses mentioned here are the IP addresses of the Citrix Workspace apps.

Note:

The Session Recording Policy Console supports configuring multiple criteria within a single rule. When a rule applies, both the “AND” and the “OR” logical operators are used to compute the final action. Generally speaking, the “OR” operator is used between items within a criterion, and the “AND” operator is used between separate criteria. If the result is true, the Session Recording policy engine takes the rule’s action. Otherwise, it goes to the next rule and repeats the process.

When you create more than one rule in a recording policy, some sessions might match the criteria for more than one rule. In these cases, the rule with the highest priority is applied to the sessions.

The recording action of a rule determines its priority:

  • Rules with the Do not record action have the highest priority
  • Rules with the Record with notification action have the next highest priority
  • Rules with the Record without notification action have the lowest priority

Some sessions might not meet any rule criteria in a recording policy. For these sessions, the action of the policy fallback rule applies. The action of the fallback rule is always Do not record. You cannot modify or delete the fallback rule.

To create a custom recording policy:

  1. Log on as an authorized Policy Administrator to the server where the Session Recording Policy Console is installed.
  2. Start the Session Recording Policy Console and select Recording Policies in the left pane. From the menu bar, choose Add New Policy.
  3. Right-click the New policy and select Add Rule.
  4. Select a recording option - In the Rules wizard, select Disable session recording, Enable Session Recording with notification (or without notification), and then click Next.
  5. Select the rule criteria - You can choose one or more rule criteria:
    Users or Groups
    Published Applications or Desktop
    Delivery Groups or Machines
    IP Address or IP Range 
  6. Edit the rule criteria - To edit, click the underlined values. The values are underlined based on the criteria you chose in the previous step.

    Note:

    If you choose the Published Applications or Desktop underlined value, the Site Address is the IP address, a URL, or a machine name if the Controller is on a local network. The Name of Application list shows the display name.

    When choosing Published Applications or Desktop or Delivery Groups or Machines, specify the Delivery Controller for your Session Recording Policy Console to communicate with.

    The Session Recording Policy Console is the only channel to communicate with Delivery Controllers from the Citrix Cloud and on-premises environments.

    Select rule criteria

    For example, when choosing Delivery Groups or Machines, click the corresponding hyperlink in Step 3 of the preceding screenshot and click Add to add queries to the Controller.

    Create query to controller

    For a description of use cases that cover the on-premises and the Citrix Cloud Delivery Controllers, see the following table:

    Use CaseAction Required
    On-Premises Delivery Controller1. Install Broker_PowerShellSnapIn_x64.msi. 2. Clear the Citrix Cloud Controller check box.
    Citrix Cloud Delivery Controller1. Install the Citrix Virtual Apps and Desktops Remote PowerShell SDK. 2. Validate the Citrix Cloud account credentials. 3. Select the Citrix Cloud Controller check box.
    Switch from an on-premises Delivery Controller to a Citrix Cloud Delivery Controller1. Uninstall Broker_PowerShellSnapIn_x64.msi and restart the machine. 2. Install the Citrix Virtual Apps and Desktops Remote PowerShell SDK. 3. Validate the Citrix Cloud account credentials. 4. Select the Citrix Cloud Controller check box.
    Switch from a Citrix Cloud Delivery Controller to an on-premises Delivery Controller1. Uninstall the Citrix Virtual Apps and Desktops Remote PowerShell SDK and restart the machine. 2. Install Broker_PowerShellSnapIn_x64.msi. 3. Clear the Citrix Cloud Controller check box.

    Validating the Citrix Cloud credentials

    To query Delivery Controllers hosted in the Citrix Cloud, manually validate your Citrix Cloud credentials on the machine where the Session Recording Policy Console is installed. Failure to comply can cause an error and your Session Recording Policy Console might not work as expected.

    To do the manual validation:

    1. Log on to the Citrix Cloud console and locate Identity and Access Management > API Access. Create an API access Secure Client for obtaining an authentication profile that can bypass the Citrix Cloud authentication prompts. Download your Secure Client, rename, and save it in a safe location. The file name is defaulted to secureclient.csv.

      Validate Citrix Cloud credentials

    2. Open a PowerShell session and run the following command to have the authentication profile (obtained in the preceding step) take effect.

      asnp citrix.*
      Set-XDCredentials -CustomerId “citrixdemo” -SecureClientFile “c:\temp\secureclient.csv” -ProfileType CloudAPI –StoreAs “default”
      
      <!--NeedCopy-->
      

如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。

扫码二维码加入Web技术交流群

发布评论

需要 登录 才能够评论, 你可以免费 注册 一个本站的账号。
列表为空,暂无数据

词条统计

浏览:14 次

字数:12869

最后编辑:6 年前

编辑次数:0 次

    我们使用 Cookies 和其他技术来定制您的体验包括您的登录状态等。通过阅读我们的 隐私政策 了解更多相关信息。 单击 接受 或继续使用网站,即表示您同意使用 Cookies 和您的相关数据。
    原文