Privileged Session Recording
(Feature available only in the Premium and Enterprise Editions)

1. Overview

   1.1 How secure is session recording?

2. Steps to configure session recording

   2.1 Through the Resources tab

   2.2 Through the Admin tab

3. Viewing the recorded sessions
4. Splitting of session recordings
5. Session shadowing/real-time session monitoring

   5.1 Monitoring sessions in parallel

   5.2 Terminating a suspicious session

   5.3 Deleting selective session recordings

1. Overview

It is possible to record, playback, and archive privileged sessions launched from Password Manager Pro, to support forensic audits and allow enterprises to monitor all actions performed by the privileged accounts during privileged sessions. The session recording caters to the audit and compliance requirements of organizations that mandate proactive monitoring of activities, thereby enabling administrators to readily answer the ‘who,’ ‘what’ and ‘when’ questions of privileged access. You can use Password Manager Pro to record Windows RDP, SSH/Telnet, and SQL sessions launched from Password Manager Pro's interface.

1.1 How Secure is Session Recording?

Password Manager Pro employs first-in-class, browser-based remote login mechanism for the session recording process. From any HTML5-compatible browser, users can launch highly secure, reliable and completely emulated Windows RDP, SSH and Telnet sessions with a single click, without the need for an additional plug-in or agent software. Remote connections are tunneled through the Password Manager Pro server, requiring no direct connectivity between the user device and the remote host. In addition to superior reliability, the tunneled connectivity provides extreme security as passwords needed to establish remote sessions do not need to be available at the user’s browser. The session recording capability is an extension of the robust remote login mechanism of Password Manager Pro.

From version 6500, Password Manager Pro comes bundled with RDP, SSH and Telnet session gateways. This allows the users to launch remote terminal sessions from their browser that are tunneled through the Password Manager Pro server. The remote terminal sessions are emulated in the browser screen itself and hence there is no need for installing any plug-in or agent in any of the end-points. The only requirement is that the browsers should be HTML 5 compatible (For example IE 9 or above, Firefox 3.5 or above, Safari 4 or above, and Chrome).

2. Steps to Configure Session Recording

There are two ways to configure remote session recording:

2.1 Through the Resources tab

2.2 Through the Admin Tab

2.1 Through the Resources Tab

1. Navigate to the Resources tab and select the resources for which you want to configure session recording.
2. Go to Resource Actions >> Configure >> Session Recording.

   

3. In the pop-up form that opens, select the options Record RDP sessions and/or Record SSH, Telnet and SQL Sessions as required and click Save.

   

Note: The recordings will be stored by default in the path <PMP_Install_Directory\PMP\recorded_files>. This external location to store recordings can be changed at any time by navigating to Admin >> Configuration >> Session Recording.

2.2 Through the Admin Tab

1. Navigate to Admin >> Connections >> Session Configuration.
2. In the pop-up form that opens,
   1. Select the options Record RDP sessions and/or Record VNC sessions and/or Record SSH, Telnet and SQL sessions as required.
   2. Select the check-box - Show session recording status in the session tab if you wish to display the session recording status in the session window.
   3. Enter a valid path to store the recorded sessions under External Location for Recorded Sessions. You can also set a backup directory for storing the recordings, in which case the recorded files will be stored in both locations. Choose Date Format.
   4. To purge the records that are older than a specified number of days, enter the number under Purge recorded sessions that are more than -- days old. You can disable purging by leaving the text field empty or by entering 0 as the value.
   5. Select the check-box - Show the welcome message at the commencement of the session and enter the message that you want to display in the text field given below. This text field has a limit of 4000 characters and supports CSS in In-line styles. This way, you can enable and customize the welcome message as desired.
   6. Click Save to save the changes.
3. Now, the session recording feature becomes available as soon as an administrator adds a resource that supports one of these remote terminal session types (RDP, SSH, Telnet).

   

3. Viewing the Recorded Sessions

View the recorded sessions from the Audit tab in the Password Manager Pro interface by following the steps below. You can trace sessions using any detail such as the name of the resource, the user who launched the session, or the time at which the session was launched.

1. Navigate to the Audit >> Recorded Connections.
2. Click Play against the recorded session which you want to view. While viewing a recorded session, click the seek bar to skip a part of the recording and progress.

   

4. Splitting of Session Recordings

Starting from build 9902, Password Manager Pro has a provision to split session recording files from remote sessions into several smaller files and encrypt the parts individually. This option applies to session recording files that are larger than 10 MB in size. By default, Password Manager Pro encrypts all session recordings stored in your local storage. For recordings that are large in file size, there is a chance of encryption failure. To avoid encryption failure, session recordings can be split and stored as smaller parts—this way, each part is encrypted successfully and saved securely. Even though the split parts are stored individually, the recording will play as a single file during playback.

Password Manager Pro splits a large file into smaller parts that do not exceed 10 MB in size. For example, if your session recording is a 22 MB file, Password Manager Pro will split it into three files that are 10 MB, 10 MB, and 2 MB in size.

Follow the steps detailed in the General Settings document to enable session splitting. By default, this option is disabled in Password Manager Pro. If you don't enable this option, Password Manager Pro will save all session recordings as a single file.

Notes:

1. Session splitting works only for SSH and Telnet sessions.
2. This option will not work for RDP and VNC sessions as they are video-based, and Password Manager Pro does not encrypt video-based recordings. Password Manager Pro saves these session recordings as video files in the external storage. However, you cannot play these files outside the Password Manager Pro interface using standard media players.

5. Session Shadowing/Real-time Session Monitoring
(Feature available only in the Enterprise Edition)

Password Manager Pro lets administrators monitor the privileged sessions on highly sensitive IT resources. Shadowing allows admins to join active sessions, observe user activities parallelly, and terminate them in case of suspicious activities. Admins can also offer assistance to users while monitoring the users’ activities during troubleshooting sessions.

5.1 Monitoring Sessions in Parallel

1. Navigate to Audit >> Active Privileged Sessions.
2. Trace the session to be monitored through the name of the resource.
3. Click the Join button. You will be able to view the session in parallel.

5.2 Terminating a Suspicious Session

1. Navigate to Audit >> Active Privileged Sessions.
2. Trace the session to be monitored through the name of the resource.
3. Click the Terminate button. The remote session will be terminated and the user will lose connection with the remote resource.

   

5.3 Deleting Selective Session Recordings

1. Navigate to Audit >> Recorded Connections.
2. Choose the session you want to delete and then click the delete icon beside it under the Delete column.
3. You can either choose to delete the recording of the session or the chat logs of a particular session as shown below:

   

Note: In order to delete selective sessions from the Password Manager Pro database, there should be at least two active administrators, including yourself. This is to ensure that no important session is deleted without proper confirmation.



4. Once you have chosen to delete the chat log or the session recording, a dialog box will appear prompting you to confirm the action as shown below.

   

   

5. The other administrator(s) will be notified and a request for approval will be sent to them. They can either approve or reject this decision. Note that the deletion process requires the consent of just two administrators, i.e., if an administrator apart from you approves, then the deletion will take place, irrespective of the approval of the other administrators (if any).
6. Based on whether the session files are present in the system or in any external device, their deletion will take place as explained below:
   • Scenario 1: If the file is present in the system, Password Manager Pro will delete the recording once the request has been approved by another administrator. 
   • Scenario 2: If the recordings are present in an external device and not in Password Manager Pro during this process, Password Manager Pro will run a system scheduler to delete these files. In this case, the file(s) will be deleted only if the external device containing the session recordings is connected to the Password Manager Pro server when the scheduler runs. 

   Note: Once the deletion of a recording has been approved but the action hasn't been carried out yet as explained in scenario 2 above, Password Manager Pro will temporarily disable the video recording until deletion and it cannot be viewed by anyone including the administrators.