SmartAuditor Guide PDF

Citrix Presentation Server 4.
5
with Feature Pack 1
Citrix SmartAuditor for Presentation Server 4.5

Copyright and Trademark Notice
Use of the product documented in this guide is subject to your prior acceptance of the End User License Agreement. A printable copy of
the End User License Agreement is included on your product CD-ROM.
Information in this document is subject to change without notice. Companies, names, and data used in examples herein are fictitious
unless otherwise noted. No part of this document may be reproduced or transmitted in any form or by any means, electronic or
mechanical, for any purpose, without the express written permission of Citrix Systems, Inc.
2003-2007 Citrix Systems, Inc. All rights reserved.
Citrix, ICA (Independent Computing Architecture), and Program Neighborhood are registered trademarks, and SpeedScreen is a
trademark of Citrix Systems, Inc. in the United States and other countries.
Trademark Acknowledgements
Adobe, Acrobat, and PostScript are trademarks or registered trademarks of Adobe Systems Incorporated in the U.S. and/or other
countries.
Microsoft, MS-DOS, Windows, Windows Media, Windows Server, Windows NT, Win32, Outlook, ActiveX, Active Directory, and
DirectShow are either registered trademarks or trademarks of Microsoft Corporation in the United States and/or other countries.
All other trademarks and registered trademarks are the property of their respective owners.
Document Code: September 18, 2007 (tj)
Contents
1 Welcome. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5
Introducing SmartAuditor. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .5
Benefits . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .5
Example Usage Scenarios. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .6
Getting More Information and Help. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .7
Accessing Product Documentation. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .7
Document Conventions. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .8
Getting Service and Support . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .8
Citrix Developer Network. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .9
Education and Training . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .9
2 Installing SmartAuditor . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11
A Brief Overview of the SmartAuditor Components. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .11
Planning Your Deployment . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .13
Important Deployment Notes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .14
Suggested Deployment Scenarios. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .15
Deployment 1: Single Server. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .16
Deployment 2: Server Farm Deployment. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .17
Security Recommendations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .17
Hardware and Software Requirements. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .18
Hardware Requirements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .18
Software Requirements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .19
Operating Systems. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .19
Additional Required Software . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .20
Installing SmartAuditor. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .21
Pre-Installation Checklist. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .21
Installing SmartAuditor Using Autorun . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .22
Performing a Silent Installation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .25
Uninstalling SmartAuditor . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .25
2 SmartAuditor Administrators Guide
3 Configuring SmartAuditor . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 27
Setting Up Your SmartAuditor Environment. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .27
The Configuration Steps. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .27
4 Specifying SmartAuditor Server Connection Settings. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 29
The SmartAuditor Agent Properties Dialog Box. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .29
Disabling/Enabling Recording on a Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .29
Specifying SmartAuditor Connection Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .30
Inserting Data into Recorded Sessions. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .30
Enabling Event Recording. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .31
5 Configuring SmartAuditor Server Properties . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 33
The SmartAuditor Server Properties Dialog Box. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .33
Creating New Notification Messages. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .33
Enabling Live Session Playback. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .34
Enabling Playback Protection. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .35
Specifying Where Recordings Are Stored . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .35
Restoring Archived Files for Playback. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .36
Specifying File Sizes for Recordings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .37
6 Specifying Access Rights for SmartAuditor . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 39
Assigning Permissions to Users . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .39
7 Configuring SmartAuditor Policies. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 41
The SmartAuditor Policy Console . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .41
Connecting to the SmartAuditor Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .41
Determining which Sessions Are Recorded. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .42
Default Policies . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .42
Activating a Policy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .43
Creating New Policies. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .44
Modifying and Deleting Policies . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .44
8 Viewing Recordings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 47
The SmartAuditor Player . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .47
Accessing Recorded Session Files . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .48
Opening a Recording. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .49
Playing a Recorded Session . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .51
Changing the Speed of the Play Back. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .52
Contents 3
Searching for Recorded Sessions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .53
Using Quick Search. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .53
Using Advanced Search. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .54
Displaying or Hiding Window Elements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .54
Manipulating the Playback Display . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .55
Inserting Markers into Recordings. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .56
Navigating within Session Recordings. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .58
Creating Favorites. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .59
Downloading Recordings Quickly. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .59
9 Troubleshooting SmartAuditor . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 61
Component Connection Problems . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .61
The SmartAuditor Server Cannot Connect to the SmartAuditor Database. . . . . . . . . . . . . .61
The SmartAuditor Agent Cannot Connect. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .62
Problems with the SmartAuditor Policy Console. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .64
Sessions are not Recording. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .64
Troubleshooting MSMQ. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .65
SmartAuditor Player Issues. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .66
Searching for Recordings in the Player Fails. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .66
Unable to View Live Session Playback . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .67
Using HTTP for Your Communication Protocol . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .68
10 Reference: Managing Your Database Records . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 71
Using the ICLDB Utility. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .71
Quick Reference Chart . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .71
1
Welcome
The purpose of this guide is to help you install and operate the SmartAuditor
components available in the Platinum Edition of Citrix Presentation Server.
Introducing SmartAuditor
SmartAuditor allows you to record any users session, over any type of
connection, from any computer running Presentation Server. Recorded sessions
are cataloged and archived for retrieval and playback.
Available only in the Citrix Presentation Server Platinum Edition, SmartAuditor
uses flexible policies to automatically trigger recordings of Presentation Server
sessions. This enables IT to monitor and examine user activity of applications
such as financial operations and healthcare patient information systems
demonstrating internal control, thus ensuring regulatory compliance and
successful security audits. Similarly, SmartAuditor also aids in technical support
by speeding problem identification and time-to-resolution.
Benefits
Enhanced auditing for regulatory compliance. SmartAuditor allows
organizations to record on-screen user activity for applications that deal with
sensitive information. This is especially critical in regulated industries such as
healthcare and finance, where compliance with personal information security
rules is paramount. Trading applications and patient information systems are two
prime examples.
Powerful activity monitoring. SmartAuditor captures and archives screen
updates, including mouse-clicks and the visible output of keystrokes in digitally
signed video recordings to provide a record of activity for specific users,
applications, and servers. Organizations that use SmartAuditor have a better
chance of proving criminal intent, where it exists, by using video evidence
combined with traditional text-based eDiscovery tools.
Note: SmartAuditor does not record actual keystroke information but it does
record the visible output of keystrokes as they appear on screen. For example, if a
user types a password for which asterisks appear for each character, SmartAuditor
records the visible asterisks, not the actual keystroke data. The same is true for all
keystroke data. The characters are recorded as video data, not in an actual
searchable text log.
Faster problem resolution. When users call with a problem that is hard to
reproduce, help desk support staff can enable recording of user sessions. When
the issue recurs, SmartAuditor provides a time-stamped visual record of the error,
which can then be used for faster troubleshooting.
Example Usage Scenarios
The following scenarios provide an insight into the benefits that a Presentation
Server customer may derive from using SmartAuditor.
Monitoring acceptable use of resources. Ray, the IT Manager in a local firm,
needs to know whether or not employees are following the acceptable use
policies and other business controls he instituted to regulate access to resources
published using Presentation Server. Until now he had no way of measuring
acceptable usage and had to trust that users of mission-critical applications were
not misusing their privileges. He now uses SmartAuditor to record user sessions
and has his surveillance officer review recorded sessions to establish cases of
misuse.
Monitoring specific users or groups. J ohn, a surveillance officer at a
stockbroking firm, needs to monitor a group of stockbrokers to observe
particularly sensitive, high-value transactions. He uses SmartAuditor to record
sessions for this group of stockbrokers.
Investigating suspected violations. Lisa is J ohns colleague at the stockbroking
firm. She is a compliance officer who is tasked to investigate suspected
compliance violations. She uses SmartAuditor to record all Presentation Server
sessions for a particular employee.
Monitoring access scenarios. Marcus, the IT Manager at an insurance company,
needs to monitor access to specific applications. He uses SmartAuditor to record
all sessions that involve use of a particular published application.
1 Welcome 7
Technical support and troubleshooting applications.Victor, a Support
Engineer at a leading software vendor based in the United States, is often called
on to resolve application issues at remote customer sites in Asia. He uses
SmartAuditor to record user sessions and reviews recorded sessions to understand
the sequence of events that led the application to fail. His colleagues in the
development team are also able to deploy new versions of applications for
usability testing at focus groups. User sessions are recorded and the team can
understand usability issues that exist during a review of recorded sessions.
Training applications. J im is a professor in the Computer Science department of
a large university. He uses SmartAuditor to record students accessing a
collaborative development environment. Based on their interactions with the
environment, he can identify the areas in which they need to improve and can
provide appropriate feedback.
Getting More Information and Help
This section describes how to get more information about Citrix Presentation
Server and the support that is available.
Accessing Product Documentation
The documentation for Citrix Presentation Server includes online documentation,
known issues information, and application Help, as follows:
Use Welcome to Citrix Presentation Server (Read_Me_First.html) to access
the complete set of online guides on the Web. Alternatively, to access the
documentation at any time, go to http://support.citrix.com and click Product
Documentation.
Online documentation is provided as Adobe Portable Document Format
(PDF) files. To view, search, and print the PDF documentation, you need
Adobe Reader (supported versions include 5.0.5 with Search, or Version 6
or 7).
Known issues information is included in the product readme, also available
on the Web. Use Welcome to Citrix Presentation Server
(Read_Me_First.html) to access the product readme.
You can find the licensing publications documents on the Citrix Knowledge
Center Licensing Information page, http://support.citrix.com/licensing/
under the "Top Licensing Resources" title. The set includes: The Getting
Started with Citrix Licensing Guide, the Licensing for Windows readme,
and 13 white papers that cover more specific licensing tasks not covered in
the Getting Started Guide with Citrix Licensing Guide.
Online Help is available for some tasks. You can access online Help by
pressing F1.
To provide feedback about the documentation, go to http://www.citrix.com and
click Support >Knowledge Center >Product Documentation. To access the
feedback form, click the Submit Documentation Feedback link.
Document Conventions
Citrix Presentation Server documentation uses the following typographic
conventions for menus, commands, keyboard keys, and items in the product
interface:
Getting Service and Support
Citrix provides technical support primarily through the Citrix Solutions Advisors
Program. Contact your supplier for first-line support or check for your nearest
Solutions Advisor at http://www.citrix.com/site/partners.
In addition to the Citrix Solutions Advisors Program, Citrix offers a variety of
self-service, Web-based technical support tools from its Knowledge Center at
http://support.citrix.com/. Knowledge Center features include:
Convention Meaning
Boldface Commands, names of interface items such as text boxes, option
buttons, and user input.
Italics Placeholders for information or parameters that you provide. For
example, filename in a procedure means you type the actual name of a
file. Italics are also used for new terms and titles of books.
%SystemRoot% The Windows system directory, which can be WTSRV, WINNT,
WINDOWS, or any other name you specify when you install
Windows.
Monospace Text displayed in a text file.
{ braces } A series of items, one of which is required in command statements.
For example, { yes | no } means you must type yes or no. Do not type
the braces themselves.
[ brackets ] Optional items in command statements. For example, [/ping] means
that you can type /ping with the command. Do not type the brackets
themselves.
| (vertical bar) A separator between items in braces or brackets in command
statements. For example, { /hold | /release | delete } means you type /
hold or /release or /delete.
... (ellipsis) You can repeat the previous item or items in command statements.
For example, /route:devicename[,...] means you can type additional
devicenames separated by commas.
1 Welcome 9
A knowledge base containing thousands of technical solutions to support
your Citrix environment.
An online product documentation library.
Interactive support forums for every Citrix product.
Access to the latest hotfixes and service packs.
Security bulletins.
Online problem reporting and tracking (for customers with valid support
contracts).
Citrix Live Remote Assistance. Using Citrix remote assistance product,
GoToAssist, a member of our support team can view your desktop and
share control of your mouse and keyboard to get you on your way to a
solution.
Another source of support, Citrix Preferred Support Services, provides a range of
options that allow you to customize the level and type of support for your
organizations Citrix products.
Citrix Developer Network
The Citrix Developer Network (CDN) is at http://support.citrix.com/developers.
This open-enrollment membership program provides access to developer toolkits,
technical information, and test programs for software and hardware vendors,
system integrators, ICA licensees, and corporate IT developers who incorporate
Citrix computing solutions into their products.
Many of the operations that you can perform using the Citrix Presentation Server
user interface can be customized using the Citrix Software Development Kits
(SDKs). You can download these SDKs from http://support.citrix.com/
developers.
Education and Training
Citrix offers a variety of instructor-led training and Web-based training solutions.
Instructor-led courses are offered through Citrix Authorized Learning Centers
(CALCs). CALCs provide high-quality classroom learning using professional
courseware developed by Citrix. Many of these courses lead to certification.
Web-based training courses are available through CALCs, resellers, and from the
Citrix Web site.
Information about programs and courseware for Citrix training and certification is
available from http://www.citrix.com/edu/.
2
Installing SmartAuditor
After you perform the following steps, you can begin recording and reviewing
Citrix Presentation Server sessions.
Become familiar with the SmartAuditor components
Select the deployment scenario for your environment
Verify the hardware and software requirements
Install SmartAuditor
Configure the SmartAuditor components
Set up authorizations for SmartAuditor users
Set up recording policies
A Brief Overview of the SmartAuditor Components
Five components comprise the SmartAuditor feature of Presentation Server.
These components are illustrated in the following graphic:
Illustration of the SmartAuditor components and their relationship with each other
These components include:
SmartAuditor Agent. Component installed on each Presentation Server to
enable recording. It is responsible for recording session data.
SmartAuditor Server. Server that hosts:
The Broker. An IIS 6.0+hosted Web application that handles the
search queries and file download requests from the player, policy
administration requests from the SmartAuditor Policy Console, and
evaluates recording polices for each Citrix Presentation Server
session.
The Storage Manager. A Windows service that manages the recorded
session files received from each SmartAuditor-enabled computer
running Citrix Presentation Server.
SmartAuditor Policy Console. A Microsoft Management Console snap-in
that allows you to specify which sessions are recorded. Each time a new
2 Installing SmartAuditor 13
session recording begins or a rollover occurs, a policy query occurs to
verify that the session should be recorded. You can find more information
about rollovers in Specifying File Sizes for Recordings on page 37.
SmartAuditor Database. A SQL Server database schema used by the
Storage Manager for storing recorded session file metadata and servicing
search requests.
SmartAuditor Player. A user interface that reviewers access from their
workstation to play back recorded Citrix Presentation Server sessions.
Related topics:
Specifying File Sizes for Recordings on page 37
The SmartAuditor Server Properties Dialog Box on page 33
The SmartAuditor Agent Properties Dialog Box on page 29
The SmartAuditor Policy Console on page 41
The SmartAuditor Player on page 47
In the SmartAuditor installation Autorun, these components are grouped as
follows, allowing their installation on different servers and workstations:
SmartAuditor Administration. The first in a sequence of installation
steps includes the SmartAuditor Database, SmartAuditor Server, and the
SmartAuditor Policy Console. Check boxes precede each component. If
you do not want to install all the components on the same server, clear the
check box of the component you do not want to install.
SmartAuditor Agent for Citrix Presentation Server. The second step
installs the SmartAuditor Agent.
SmartAuditor Player. The remaining step installs the SmartAuditor
Player.
For each step, prerequisites are listed and a check mark precedes each fulfilled
prerequisite. If a check mark is missing, exit the installation and ensure that you
install the software indicated before launching the installation again.
Planning Your Deployment
Depending upon your environment, you can deploy the SmartAuditor
components in different deployment scenarios.
A SmartAuditor deployment does not have to be limited to a single farm. With
the exception of the SmartAuditor Agent, all components are independent of the
server farm. For example, you can configure multiple farms to use a single
SmartAuditor Server.
Alternatively, if you have a large farm with many agents and plan to record many
graphically intense applications (for example, AutoCAD applications), or you
have a lot of sessions to record, a SmartAuditor Server can experience a high
performance demand. To alleviate performance issues, you can install multiple
SmartAuditor Servers on different computers and point the SmartAuditor Agents
to the different computers. Keep in mind that an agent can point to only one
server at a time.
After you choose which deployment is best for your environment, verify that you
have the hardware and software requirements needed for the installation and that
you installed the prerequisite software.
Important Deployment Notes
Read the following notes very carefully. Following them will help ensure that
your SmartAuditor deployment is successful:
To enable SmartAuditor components to communicate with each other,
ensure you install SmartAuditor Servers in the same domain or across
trusted domains. The system cannot be installed into a workgroup.
For a Windows 2003 Server 64-bit environment, do not install the
SmartAuditor Server on the same 64-bit server as the Citrix Web Interface.
The Web Interface uses the 32-bit IIS mode that is not compatible with the
64-bit mode that SmartAuditor uses. If you attempt to install SmartAuditor
in this scenario, an error message appears and the installation fails.
This release does not support the clustering of two or more SmartAuditor
Servers in a deployment.
Due to its intense graphical nature and memory usage when playing back
large recordings, Citrix does not recommend installing the SmartAuditor
Player as a published application.
The SmartAuditor installation is configured for SSL/HTTPS
communication. Ensure that you install a certificate on the SmartAuditor
Server and that the root CA is trusted on the SmartAuditor components.
If you install the SmartAuditor Database on a standalone server running
SQL Server 2005 Express Edition, ensure that you perform the following
actions in the SQL Server Configuration Manager: enable the TCP/IP
protocol and start the SQL Server Browser service. These settings are
disabled by default; however, they must be enabled for the SmartAuditor
Server to communicate with the database. After you enable the TCP/IP
connections for the SQL service, restart the service. See the Microsoft
documentation for information about enabling these settings.
Citrix recommends disabling session sharing when using SmartAuditor
because session sharing for published applications can conflict with
activated policies. SmartAuditor matches the activated policy with the first
published application that a user opens. After the user opens the first
application (and keeps that application running), any subsequent
applications opened during the same session continue to follow the policy
that is in force for the first application. For example, if a policy states that
only Outlook should be recorded, the recording commences when the user
opens Outlook. However, if the user opens a published Notepad
application second (while Outlook is running), Notepad will also be
recorded. Conversely, if a policy states that Notepad should not be
recorded, but the user launches it after Outlook (which has a policy to be
recorded), Notepad will be recorded as well. See Sessions are not
Recording on page 64 for this procedure.
Suggested Deployment Scenarios
Described in brief below are the two suggested configurations for a SmartAuditor
deployment:
A single-server deployment
A server-farm deployment
Deployment 1: Single Server
This deployment scenario assumes that all of the SmartAuditor components (except the
SmartAuditor Player) are installed on a computer running Citrix Presentation Server. The
SmartAuditor Player is installed on a separate workstation.
Note: For this deployment scenario, ensure that you install SQL Server 2005
locally.
Deployment 2: Server Farm Deployment
This deployment scenario is used for recording sessions for one or more farms. For each
farm, install the SmartAuditor Agent on each computer running Presentation Server to be
monitored. Install the remaining components on separate servers.
Security Recommendations
SmartAuditor is designed to be deployed within a secure network and accessed
by administrators, and as such, is secure. Out-of-the-box deployment is designed
to be simple and security features such as digital signing and encryption can be
configured optionally. Following are some best practice recommendations that
you may want to consider:
Isolate servers running SmartAuditor components on a separate subnet or
domain.
Protect the recorded session data from users accessing other servers by
installing a firewall between the SmartAuditor Server and other servers.
Ensure servers running SmartAuditor components are physically secure. If
possible, lock these computers in a secure room to which only authorized
personnel can gain direct access.
Use the SmartAuditor Authorization Console to strictly limit who is
authorized to making recording policy changes and download recorded
session files.
Install digital certificates, use the SmartAuditor file signing feature, and set
up SSL communications in IIS.
Use playback protection. Playback protection is a SmartAuditor feature
that encrypts recorded files before they are downloaded to the
SmartAuditor Player. By default, this option is enabled and is in the
SmartAuditor Server Properties.
Related topics:
Enabling Playback Protection on page 35
Assigning Permissions to Users on page 39
Hardware and Software Requirements
Ensure the workstation and servers on which you plan to install SmartAuditor
components meet the minimum requirements described below:
Hardware Requirements
All of the SmartAuditor components (except the SmartAuditor Player) do not
require any additional hardware above what is necessary to run your Windows
operating system. See the Microsoft Web site for hardware requirements.
The remaining component, the SmartAuditor Player, is used to view recorded
session files. Because the player can handle large files that are viewed on screen,
for optimal results, Citrix recommends that you install the player on a workstation
with:
A resolution of 1024 x 768
Color depth of at least 32-bit
RAM of at least 1GB (adding additional RAM can improve performance on
large files, especially when navigating in the player and performing a seek
action)
Related topics:
Navigating within Session Recordings on page 58
Software Requirements
This section details which operating systems are supported for each SmartAuditor
component as well as the prerequisite software you require.
Operating Systems
While this release is offered in English only, SmartAuditor is supported on the
German, Russian, French, Spanish, J apanese, Chinese, Korean operating systems.
The SmartAuditor components are supported on the following platforms:
* Citrix recommends that you install the SmartAuditor Player on a workstation
with either Windows XP or Windows Vista. Windows 2003 Server is supported
and the player can coexist with Citrix Presentation Server and Terminal Services;
however, this deployment is not recommended due to the graphical nature and
memory usage of the application.
Installation Step Windows
Vista
Windows
2003 Server
Windows
XP
Windows
2000 with
SP4
SmartAuditor Administration:
SmartAuditor Database No Yes No Yes
SmartAuditor Server No Yes No No
SmartAuditor Policy Console Yes Yes Yes No
SmartAuditor Agent No Yes No No
SmartAuditor Player* Yes Yes Yes No
Additional Required Software
In addition to a supported platform, ensure that you have this additional software
installed:
Note: SmartAuditor does not support ThinWire 1.0 clients.
Software
.NET Framework Version 2.0
(Required for SmartAuditor Server, SmartAuditor Agent, SmartAuditor Policy,
and SmartAuditor Player)
Microsoft Message Queuing (MSMQ).
During MSMQ installation or after installation (Message Queuing from Control
Panel >Add or Remove Programs >Add/Remove Windows Components >
Application Server > Details > Message Queuing >Details) clear the check
box for Active Directory Integration. This feature is not required for
SmartAuditor. At the same time (if you plan to use HTTPS as the
communication protocol), ensure that the MSMQ HTTP Support check box is
selected.
(Required for the SmartAuditor Server and the Smart Auditor Agent.)
SSL installed with IIS.
(Required for the SmartAuditor Server.)
You have a SQL Server database (either Microsoft SQL Server or Express
Edition (2005 or later)).
Note: If you install the SmartAuditor Database on a standalone
server running SQL Server 2005 Express Edition, ensure that you
perform the following actions in the SQL Server Configuration
Manager: enable the TCP/IP protocol and start the SQL Server
Browser service. These settings are disabled by default; however, they
must be enabled for the SmartAuditor Server to communicate with the
database. After you enable the TCP/IP connections for the SQL
service, restart the service. See the Microsoft documentation for
information about enabling these settings.
Installing SmartAuditor
In the SmartAuditor installation Autorun, these components are grouped and
installed as follows:
SmartAuditor Administration. The first in a sequence of installation
steps includes the SmartAuditor Database, SmartAuditor Server, and the
SmartAuditor Policy Console. Check boxes allow you to install any or all
of the selected components at one time.
SmartAuditor Agent for Citrix Presentation Server. The second step
installs the SmartAuditor Agent.
SmartAuditor Player. The remaining step installs the SmartAuditor
Player.
Note:
You cannot use Autorun to install SmartAuditor from a network share. If you
want to install from a share, do one of the following:
Copy the installation files locally
Run the individual component .msi files
Perform a silent installation
Related topics:
Performing a Silent Installation on page 25
Pre-Installation Checklist
Before you start the installation, ensure that you have completed this list:
Step
If you are a new customer to Citrix Presentation Server, you installed and
licensed Presentation Server Version 4.5 with Feature Pack 1.
If you are a customer with a previous release of Citrix Presentation Server, you
upgraded to Presentation Server Version 4.5 with Feature Pack 1.
See the Upgrading Citrix Presentation Server 4.5 to Feature Pack 1 Guide
(CTX113701) in the Citrix Knowledge Center for additional details.
The computers running Presentation Server to have sessions recorded are set to
the Platinum edition (This setting is found in the Access Management Console).
See the Upgrading Citrix Presentation Server 4.5 to Feature Pack 1 Guide
(CTX113701) in the Citrix Knowledge Center for additional details.
Installing SmartAuditor Using Autorun
This section takes you through the process of installing SmartAuditor in the
sequence that is provided in the Autorun. Before you start the installation, ensure
that you read and complete the items in this Related Topics list:
Related topics:
Hardware and Software Requirements on page 18
Additional Required Software on page 20
Important Deployment Notes on page 14
Pre-Installation Checklist on page 21
To install SmartAuditor (Part 1: The SmartAuditor Administration
Components)
1. At the server where you want to install the SmartAuditor Administration
components (SmartAuditor Database, SmartAuditor Server, SmartAuditor
Policy Console), access the SmartAuditor installation program using either
of the following methods:
A. From the Presentation Server 4.5 Media Kit with Feature Pack 1,
insert the Components CD. The Autorun splash screen appears (if
Autorun does not launch, navigate to and double-click autorun.exe).
B. From the Citrix Web site, log on to your My Citrix account. Click
Download and then click Product Software. From Citrix
Presentation Server, select Citrix Presentation Server 4.5 with
You have a SQL Server database (either Microsoft SQL Server or Express
Edition (2005 or later)).
You read Planning Your Deployment on page 13 and satisfied the Hardware
and Software Requirements (including installing the additional required
software).
If you are planning to use the SSL protocol for communication between the
SmartAuditor components, you installed the proper certificates in your
environment.
You installed the SmartAuditor hotfix required for the SmartAuditor
components. See the Hotfixes, Rollups & Service Packs page (http://
support.citrix.com/hotfixes.jsp) in the Citrix Knowledge Center for Hotfix
PSE450R01W2K3011 for Citrix Presentation Server 4.5 on Windows 2003
Server or Hotfix PSE450R01W2K3X64006 for Citrix Presentation Server 4.5 on
Windows 2003 Server x64 Edition.
Step
Feature Pack 1 Components CD, Entire CD Image. You can also
request a physical Component CD, if needed.
2. Choose Platinum Edition components >SmartAuditor. The
SmartAuditor Installation wizard launches.
3. Choose SmartAuditor Administration.
4. Ensure that only the check boxes for the components that you want to
install are selected.
5. Click Determine SmartAuditor Administration Prerequisites to confirm
that you have the required software installed, then click Install Citrix
SmartAuditor Administration.
6. Follow the wizards instructions to complete the installation of the selected
components and click Finish to complete the installation when prompted,
followed by Back until you return to the main screen, or Exit to exit the
installation if you are not installing any other components on the same
device.
Note: If you are installing all the Administration components on the same
server, ensure that SQL Server 2005 is installed on the same server as well.
When you reach the Database Configuration screen, accept localhost in
the Accessing user account for computer or localhost field. Otherwise, if
you are installing the SmartAuditor Server and the SmartAuditor Database
on different servers, type the name of the SmartAuditor Server in the
following format: domain\machine-name$. Ensure that the dollar symbol
($) follows the name.
To install SmartAuditor (Part 2: The SmartAuditor Agent)
1. At each server where recording will occur, access the SmartAuditor
installation program using either of the following methods:
B. From the Citrix Web site, log on to your MyCitrix account. Click
SmartAuditor Installation wizard launches.
3. Choose SmartAuditor Agent for Presentation Server.
4. Verify that a check mark appears next to the required software, then click
Install Citrix SmartAuditor Agent.
component and click Finish to complete the installation when prompted,
device.
Note: If you are installing the SmartAuditor Agent on the same server as
the Administrative components, accept the default entry, localhost, when
you reach the SmartAuditor Agent Configuration screen displaying the
Enter the name of the SmartAuditor Server field.
Otherwise, if you installed the SmartAuditor Server on a different server,
type the name or the FQDN of the SmartAuditor Server.
To install SmartAuditor (Part 3: The SmartAuditor Player)
1. At the workstation where session recordings will be played back and
reviewed access the SmartAuditor installation program using either of the
following methods:
B. From the Citrix Web site, log on to your My Citrix account. Click
SmartAuditor Installation Wizard launches.
3. Choose SmartAuditor Player.
4. Verify that a check mark appears next to the required software, then click
Install Citrix SmartAuditor Player.
component and click Finish to complete the installation when prompted,
device.
Congratulations! You installed the SmartAuditor software. The next step in this
process is to configure the components for your environment so that you can
record and play back Presentation Server sessions.
Related topics:
The Configuration Steps on page 27
Performing a Silent Installation
The SmartAuditor Agent is installed on each server to have session recording
enabled. You can install the SmartAuditor Agent using a silent installation.
The following command line example installs the SmartAuditor Agent and
creates a log file to capture the install information.
msi exec / i Smar t Audi t or Agent . msi smartauditorservername=SASRV
smartauditorbrokerprotocol=HTTPS smartauditorbrokerport=444 / l *v
c: \ Smar t Audi t or I nst al l . l og / q
where:
smartauditorservername is the NetBIOS or fully qualified domain name (FQDN)
of the SmartAuditor Server; defaults to localhost if not specified.
smartauditorbrokerprotocol is the protocol (either HTTP or HTTPS) that the
agent uses to communicate with the broker; defaults to HTTPS if not specified.
smartauditorbrokerport is the port that the agent uses to communicate with the
broker; defaults to 0 if not specified. The default directs the agent to use the
default port number for the selected protocol, which is 80 for HTTP and 443 for
HTTPS.
/l*v is verbose mode logging followed by the location of the setup log.
/q specifies a silent installation.
Uninstalling SmartAuditor
To remove the SmartAuditor software from a server or workstation, use the Add/
Remove Programs option accessed in the Control Panel.
3
Configuring SmartAuditor
Setting Up Your SmartAuditor Environment
After you complete the installation of the SmartAuditor components, you need to
configure them to ensure that the SmartAuditor components communicate and
that they operate the way that you want them to.
The Configuration Steps
After you install the SmartAuditor components, you need to perform several steps
before you can record and view recordings. These steps include:
After you complete the configuration steps, SmartAuditor is ready to record
Citrix Presentation Server sessions.
Configuration Step
If you are using SSL communication, set up IIS (install certificates). See your
Microsoft documentation for information about setting up certificates.
The SmartAuditor installation, by default, is configured to use HTTPS. If you
are not using HTTPS, see Using HTTP for Your Communication Protocol on
page 68.
Set up message queuing (MSMQ) in HTTP or HTTPS mode. If you are using
HTTPS, you must install certificates.
Set up authorization for users to play back recordings. The SmartAuditor
installation does not permit anyone to play back recordings (including the
administrator). See Assigning Permissions to Users on page 39.
Activate a recording policy. The SmartAuditor installation activates the
Record no one policy. Until you activate an alternate policy, no Presentation
Server sessions are recorded. See Activating a Policy on page 43.
Note: There are additional settings that allow you to customize your
SmartAuditor environment (for example, you can change default settings such as
file locations, file size, notification messages, SmartAuditor Player settings, and
so on). These settings are in the various SmartAuditor user interfaces.
You use five main user interfaces (UIs) to configure the SmartAuditor
components. These UIs are:
The SmartAuditor Authorization Console is a Microsoft Management
Console snap-in that is used to determine who can modify recording
policies and play back recorded sessions.
The SmartAuditor Agent Properties dialog box allows you to enable
session recording, allows the insertion of event markers into a recording,
and configures SmartAuditor component connections (protocols, ports, and
Message Queuing). It is installed on each server running SmartAuditor
Agent.
The SmartAuditor Server Properties dialog box contains settings to
enable live session playback and playback protection. In addition, you can
create language-specific notification messages, select digital certificates for
the signing of session recording files, specify the location where recorded
and restored files are stored, and determine the maximum size of all
recorded files.
The SmartAuditor Policy Console is a Microsoft Management Console
snap-in that allows you to specify which sessions are recorded. Each time a
new session recording begins or a rollover occurs, a policy query occurs to
verify that the session should be recorded.
The SmartAuditor Player is a user interface that reviewers access from their
workstation to play back recorded server sessions.
The following chapters provide details about how to configure the settings
provided in each interface. Online help is available in each user interface. Press
F1 to access it.
4
Specifying SmartAuditor Server
Connection Settings
The SmartAuditor Agent Properties Dialog Box
The SmartAuditor Agent Properties dialog box allows you to enable session
recording, allows the insertion of event markers into a recording, and configures
SmartAuditor component connections (protocols, ports, and Message Queuing).
It is installed on each server running SmartAuditor Agent.
To access the SmartAuditor Agent Properties dialog box
1. Log on to the workstation where the SmartAuditor Agent Properties
dialog box is installed.
2. From the Start menu, choose Start >All Programs >Citrix >
SmartAuditor >SmartAuditor Agent Properties. The SmartAuditor
Agent Properties dialog box appears.
Disabling/Enabling Recording on a Server
You install the SmartAuditor Agent on each Citrix Presentation Server for which
you want to record sessions. Within each agent is a setting that enables recording
for its corresponding server. After a server is enabled, it checks for the
SmartAuditor policy that was activated, which determines which sessions are
recorded.
Note: When you install SmartAuditor, the active policy is Do not record (no
sessions are recorded--for any server). You must activate a different policy using
the SmartAuditor Policy Console before any recording will take place.
When you install SmartAuditor, this setting is selected. Citrix recommends that
you disable SmartAuditor on servers that will not be recorded because the server
experiences a small impact on performance, even if no recording takes place.

To disable/enable recording on a server
1. At each server for which you want to disable or reenable recording, in the
SmartAuditor Agent Properties dialog box, click the Recording tab.
2. Under Session recording, select or clear the Enable session recording for
this Presentation Server check box to determine whether or not sessions
can be recorded for this server.
Related topics:
Specifying SmartAuditor Connection Settings on page 30
Specifying SmartAuditor Connection Settings
SmartAuditor uses the properties defined in the SmartAuditor Agent Properties
dialog box (Connection tab) to access the SmartAuditor server.
To configure the SmartAuditor connection settings
1. In the SmartAuditor Agent Properties dialog box, click the Connections
tab.
2. In the SmartAuditor Server field, type the server name.
You can type either the server name or its internet protocol (IP) address.
3. In the SmartAuditor Storage Manager message queue section, select the
protocol that is used by the SmartAuditor Storage Manager to communicate
and modify the default port number, if necessary.
4. In the Message life field, accept the default of 7200 seconds (two hours) or
type a new value for the number of seconds each message will be retained
in the queue if there is a communication failure. After this period of time
elapses, the message is deleted and the file is playable only up until the
point the data is lost.
5. In the SmartAuditor Broker section, select the communication protocol
that is used by the SmartAuditor Broker to communicate, and modify the
default port number, if necessary.
6. Click OK.
Inserting Data into Recorded Sessions
Events are system-generated markers that are injected into the session data by a
third-party application. They are part of the recorded session file and cannot be
modified.
4 Specifying SmartAuditor Server Connection Settings 31
For example, an event might contain the following text: User opened a browser.
Each time a user opens a browser during a session that is being recorded, the text
is inserted into the recording at that point in the time line. When the reviewer is
viewing the recorded file using the SmartAuditor Player, the reviewer can quickly
search for and add up all the times that the user opened a browser by noting the
number of markers that appear in the Events and Bookmarks list in the
SmartAuditor Player.
Bookmarks, events, and annotations appear in two places in the SmartAuditor
Player:
In chronological order in the Events and Bookmarks list in the left pane of
the SmartAuditor Player as a text list.
Under the Player window controls, (annotations and bookmarks appear as
blue dots, events appear as yellow dots), identifying where the markers are
inserted in the recording. Moving the mouse pointer over a dot displays the
name of the marker.
The SmartAuditor installation includes an event recording COM application
(API) that allows you to inject text from third-party applications into a recording.
It can be used from many programming languages including Visual Basic, C++,
or C#. This API .dll is installed as part of the SmartAuditor installation. You can
find it at C:\Program Files\Citrix\SmartAuditor\Agent\Bin\Interop.UserApi.dll.
In addition, Citrix offers a SmartAuditor software development kit (SDK) that
allows you to extend events to develop your own custom rendering applications.
You can find the SDK in the Citrix Knowledge Center at
http://support.citrix.com/forums/cat.jspa?categoryID=10
Enabling Event Recording
To inject events into recordings on a server, you must:
Enable a setting on each server where you want to inject text. You must
enable each server separately; you cannot globally enable all servers in a
farm.
Write applications built on the Event Recording API that runs within each
users Presentation Server session (to inject the data into the recording).
To enable event recording on a server
1. At the server where you want events to be inserted, in the SmartAuditor
Agent Properties dialog box, click the Recording tab.
2. Under Custom event recording, select the Allow third party
applications to record custom data on this Presentation Server check
box.
3. Click OK.
5
Configuring SmartAuditor Server
Properties
The SmartAuditor Server Properties Dialog Box
The SmartAuditor Server Properties dialog box contains settings to enable live
session playback and playback protection. In addition, you can create language-
specific notification messages, select digital certificates, specify the location
where recorded and restored files are stored, and determine the maximum size of
all recorded files.
To access the SmartAuditor Server Properties dialog box
1. Log on to the workstation where the SmartAuditor Server Properties
dialog box is installed.
2. From the Start menu, choose Start > All Programs > Citrix >
SmartAuditor > SmartAuditor Server Properties. The SmartAuditor
Server Properties dialog box appears.
Creating New Notification Messages
If a policy has been activated that includes notification, after users type their
credentials, a pop-up window appears displaying a notification message. The
SmartAuditor installation includes the following message in English: Your
Presentation Server session is being recorded. If you do not agree to have
your session recorded, please log off.
The user selects OK to dismiss the window and continue the session.
You can create your own message in one or more languages of your choice;
however, you can have only one message for each language. The users see the
notification message in the language corresponding to what is configured in their
regional settings.
Note: Whether or not a user views a notification message is specified in the
policy that is in force. See the online help in the Policy Console for additional
information.
To create a new notification message
1. In the SmartAuditor Server Properties dialog box, click the
Notifications tab.
2. Click Add.
3. In the appearing window, choose the language for the message and type the
new message. You can create only one message for each language.
4. Click OK to accept the new message. The new message appears in the
Language-specific notification messages box.
5. Click OK to activate the new message.
Enabling Live Session Playback
Using the SmartAuditor Player, you can view a session after or while it is being
recorded. Viewing a session that is currently recording is similar to seeing actions
happening live; however, there is actually a one to two second delay as the data
propagates from the computer running Citrix Presentation Server.
By default, live session playback is enabled.
Live sessions have some limitations. The following functionality is not available
for this type of session:
You cannot view certificates because open files cannot be digitally signed.
Only when the recording is complete can the signature be authenticated and
the certificate be viewed.
Playback protection cannot be applied to live sessions.
You cannot cache live recording files.
To enable live session playback (if it is disabled)
1. In the SmartAuditor Server Properties dialog box, click the Playback
tab.
2. Select the Allow live session playback check box.
3. Click OK.
5 Configuring SmartAuditor Server Properties 35
Enabling Playback Protection
As a security precaution SmartAuditor automatically encrypts recorded files
before they are downloaded for viewing in the SmartAuditor Player. This
playback protection prevents them from being copied and viewed by anyone
other than the user who downloaded the file. The files cannot be played back on
another workstation or by another user. Encrypted files are identified with an .icle
extension (unencrypted files are identified with an .icl extension.) The files
remain encrypted while they reside in the cache on the workstation where the
SmartAuditor Player is installed until they are opened by an authorized user.
Note: Playback protection cannot be applied to live playback recordings
because live recordings are constantly changing the file. Citrix recommends that
you use HTTPS to protect the transfer of data.
By default, playback protection is enabled.
To enable playback protection (if the setting is disabled)
1. In the SmartAuditor Server Properties dialog box, click the Playback
tab.
2. Ensure that the Encrypt session recording files downloaded for playback
check box is selected.
3. Click OK.
Specifying Where Recordings Are Stored
Recordings are stored in the drive:\SessionRecordings directory by default. You
can change the directory where the recordings are stored, or add additional
directories to load balance across multiple volumes, or make use of additional
space.
If more than one directory appears in the list, the recordings are load-balanced
across the directories. You can add the same directory more than once to improve
load balancing across multiple directories. The load balancing cycles through the
directories.
To specify the location for recorded files
1. In the SmartAuditor Server Properties dialog box, click the Storage tab.
The current storage directory appears in the File storage directories list.
2. Click Add, type the path for the new storage directory or browse to locate
the directory, then click OK. If the directory does not exist, SmartAuditor
creates the new directory and assigns system and administrator user access
only. All subfolders inherit the same permissions.
Note: File storage directories can be specified to a local drive, SAN
volume, or to a fully-specified UNC network path. Network mapped drive
letters are not supported. Citrix recommends that only local drives or
attached SAN be used as writing recording data to a network drive has
significant security and performance implications.
Related topics:
Restoring Archived Files for Playback on page 36
Restoring Archived Files for Playback
Using the SmartAuditor Player, a reviewer can search for recorded session files
and play them back. The reviewer can choose to search only for files that are not
archived, or to include archived files in the search. After the search is complete,
the files matching the criteria appear in the Search Results list. The reviewer
selects the file and loads it for playback.
If you want to restore an archived file that can be played in the SmartAuditor
Player, you can restore it in its original location or in a restore directory that you
specify in the SmartAuditor Server Properties dialog box.
Unlike deleted files, the database records for archived files remain in the database
and can be included in a search. SmartAuditor associates the archived database
files with those in the specified restored location. Because deleted file records no
longer exist in the database, the SmartAuditor Player cannot find them in a
search; therefore, restoring them to this directory will not work.
To restore a file that was deleted, you must reimport the file using theicldb
import command.
Note: To insure that this directory contains only the files needed for playback,
periodically perform maintenance to clean it up.
To specify a restore directory for archived files
1. In the SmartAuditor Server Properties dialog box, click the Storage tab.
2. In the Restore directory for archived files field, type the directory for the
restored archive files.
5 Configuring SmartAuditor Server Properties 37
3. Click Apply.
Related topics:
Specifying Where Recordings Are Stored on page 35
Specifying File Sizes for Recordings
As recordings grow in size, the files can become cumbersome, take longer to
download, and react slower when you use the seek slider to navigate during
playback. To ensure that this does not happen, you can specify a threshold limit
for a file. When the recording reaches this limit, SmartAuditor closes the file and
opens a new one to continue recording. This action is called a rollover.
You can specify two thresholds for a rollover:
File size. When the file reaches the specified number of megabytes, the file
is closed and a new one is opened. By default, files roll over after reaching
50 megabytes; however, you can specify a limit from 10 megabytes to one
gigabyte.
Duration. When the session has recorded for the specified number of hours,
the file is closed and a new file is opened. By default, files roll over after
recording for 12 hours; however, you can specify a limit from one to 24
hours.
Specify both the file size and the duration by typing a number in both fields.
SmartAuditor checks both fields to determine which event occurs first to
determine when to rollover. For example, if you specify 17MB for the file size
and six hours for the duration and the recording reaches 17MB in three hours,
SmartAuditor reacts to the 17MB file size to close the file and open a new one.
Note: To prevent the creation of many small files, SmartAuditor will not
rollover until at least one hour elapses (this is the minimum number that you can
enter) regardless of the value specified for the file size. The exception to this rule
is if the file size surpasses one gigabyte.
To specify a maximum limit for a file
1. In the SmartAuditor Server Properties dialog box, click the Rollover tab.
2. Type a value in both of the fields and click Apply.
Related topics:
Restoring Archived Files for Playback on page 36
Specifying Where Recordings Are Stored on page 35
6
Specifying Access Rights for
SmartAuditor
The SmartAuditor Authorization Console is a Microsoft Management Console
snap-in that allows you to set policies that specify which users can:
Search for and view recordings using the SmartAuditor Player
Create, view, and change SmartAuditor policies using the SmartAuditor
Policy Console
Query SmartAuditor for policy evaluations
To access the Authorization Console
1. Log on to the server where the SmartAuditor Authorization Console is
installed.
2. From the Start menu choose Start >All Programs >Citrix >
SmartAuditor >SmartAuditor Authorization Console. The
SmartAuditor Authorization Console appears.
Assigning Permissions to Users
You need to assign permissions to SmartAuditor administrators and reviewers;
otherwise, they cannot view or change recording policies or review the files. The
permissions include the ability to:
Create and activate recording policies (determining which sessions are
recorded)
Run policy queries
Review recorded files using the SmartAuditor Player
Note: Only reviewers should have permission to view recorded files to ensure
the integrity of the system. Additionally, for security reasons, ensure that you
grant rights only to the users who need access to specific roles.
The SmartAuditor Authorization Console divides permissions into three roles:
Player. Rights assigned to reviewers. There is no default membership; you
must define all users for access.
PolicyQuery. Allows the servers hosting the SmartAuditor Agent to
request record policy evaluations. The default membership of this role is
authenticated users.
Policy Administrator. Rights assigned to administrators who can view,
create, edit, delete, and enable policies using the SmartAuditor
Authorization Console. The default membership of this role is local
administrators only.
SmartAuditor supports users and groups defined in Active Directory.
To assign rights
1. From the SmartAuditor Authorization Console, select one of the three
predefined policies.
2. From the Main menu, choose Action >Assign Windows Users and
Groups.
3. Add the users and groups and click OK when finished. Any changes made
to the console take effect during the update (that occurs once every minute).
7
Configuring SmartAuditor Policies
The SmartAuditor Policy Console
The SmartAuditor Policy Console is a Microsoft Management Console snap-in
that allows you to specify which sessions are recorded. Each time a new session
recording begins or a rollover occurs, a policy query occurs to verify that the
session should be recorded.
To access the SmartAuditor Policy Console
1. Log on to the server where the SmartAuditor Policy Console is installed.
SmartAuditor > SmartAuditor Policy Console. The SmartAuditor Policy
Console appears.
If you are prompted by a Connect to SmartAuditor Server pop-up window,
follow the instructions in the Connecting to the SmartAuditor Server section.
Note: You must have access rights to query and work with policies. This
includes Policy Administrator roles that are assigned using the SmartAuditor
Authorization Console.
Related topics:
Connecting to the SmartAuditor Server on page 41
Connecting to the SmartAuditor Server
If you installed the SmartAuditor Policy Console on a separate server, you need to
specify a SmartAuditor Server that it can connect to if you want to create or
modify a policy; otherwise, the SmartAuditor Policy Console reports errors when
it attempts to enumerate the policy documents list.
If you want to include rules for specific published applications or computers
running Citrix Presentation Server, you must configure a Presentation Server
host. This is because the Policy Console needs to connect to Presentation Server
to obtain information about published applications and servers in the farm.
To connect to the SmartAuditor Server
1. When prompted by a Connect to SmartAuditor Server pop-up window,
or after selecting Action > Connect to SmartAuditor Server, from within
the SmartAuditor Policy Console, type the name of the SmartAuditor
server.
2. Ensure that the protocol and port are correct.
3. Click OK.
Related topics:
Default Policies on page 42
Determining which Sessions Are Recorded
SmartAuditor follows policies that are created using the SmartAuditor Policy
Console. These policies contain rules that SmartAuditor uses to determine which
sessions are recorded on all servers that have session recording enabled.
Default Policies
Three policies are available for you to select when SmartAuditor is installed.
These standard policies include:
Do not record. If you choose this policy, no sessions are recorded. This is
the default policy; if you do not specify another policy, no sessions are
recorded.
Record everyone with notification. If you choose this policy, all sessions
are recorded. A pop-up window appears notifying the user that recording is
occurring.
Record everyone without notification. If you choose this policy, all
sessions are recorded. Users are unaware that they are being recorded.
7 Configuring SmartAuditor Policies 43
When you activate a policy, the previously activated policy remains in effect until
the users session ends; however, in some cases, the new policy takes effect when
the file rolls over. The following table details what happens when you apply a
new policy while a session is being recorded (and a rollover occurs):
Activating a Policy
Use the SmartAuditor Policy Console to activate a policy.
To activate a policy
1. In the SmartAuditor Policy Console, select the policy you want to activate.
2. From the menu bar, choose Action >Activate Policy. A check mark
indicates which policy is active.
Notes:
Only one policy is active at a time.
If you activate one of the standard policies that are installed with
SmartAuditor, the policy applies to all servers, all published applications,
and all users and groups that are defined for Presentation Server sessions
that have SmartAuditor enabled. If you want to specify specific users and
groups, published applications, and servers you want recorded, create a new
policy.
Related topics:
Creating New Policies on page 44
If the previous policy was: And the new policy is: After a rollover the policy will be:
Do not record Any other policy No change. The new policy takes
effect only when the user logs on to
a new session.
Record without notification Do not record Recording stops.
Record with
notification
Recording continues and a
notification message appears.
Record with notification Do not record Recording stops.
Record without
notification
Recording continues. No message
appears the next time a user logs on.
Creating New Policies
If you choose not to use the standard policies that are installed with SmartAuditor,
you can create your own policies that SmartAuditor will use to determine which
sessions are recorded. A wizard is available in the SmartAuditor Policy Console
that guides you through the process. When you create your own policy you can
limit recording to specific users and groups, published applications, and servers
from multiple farms.
To create a new policy
1. In the SmartAuditor Policy Console, select the Recording Policies folder in
the left pane.
2. From the menu bar, choose Action > Add New Policy. A policy called
New Policy appears in the left pane.
3. Select the new policy and choose Action >Rename from the menu bar.
4. Type a name for the policy you are about to create and press Enter or click
anywhere outside the new name.
5. With the policy selected, choose Action >Add New Rule from the menu
bar to launch the Rules wizard.
6. Follow the instructions to create the rules for this policy.
Related topics:
Modifying and Deleting Policies
The three system policies cannot be modified or deleted; however, you can
modify and delete any policies that you created.
To modify a policy
1. Select the policy you want to modify. The rules for the policy appear in the
right pane.
2. From the menu bar, choose Action >Add New Rule. If the policy is active,
a pop-up window appears requesting confirmation of the action.
Tip: You can also copy an existing policy by choosing Action >Copy
Policy, and modify and rename it.
3. Follow the instructions to create new rules for this policy.
7 Configuring SmartAuditor Policies 45
4. To delete a rule, select the rule, right-click, and choose Delete Rule.
Note: You cannot delete a fallback rule; this rule applies when no others
are defined. The default fallback rule is Do not record.
5. Click Yes when prompted by confirmation windows.
To delete a policy
1. In the left pane, select the policy you want to delete. If the policy is active,
you must activate another policy.
Note: You cannot delete a system policy or a policy that is active.
2. From the menu bar, choose Action >Delete Policy.
3. Select Yes to confirm the action.
Related topics:
8
Viewing Recordings
Recorded Presentation Server sessions are viewed using the SmartAuditor Player.
Note: You must have access rights to search for and view recorded session files.
See your SmartAuditor administrator if you are denied access.
The SmartAuditor Player
workstation to play back recorded Presentation Server sessions.
The SmartAuditor Player allows you to access functions using several different
methods. You can use the top menu options, tool bars, right-click menus, or
control keys. The following directions use the top menu options; however, as you
become comfortable using the SmartAuditor Player, you may prefer to use an
alternate method.
To launch the SmartAuditor Player
1. Log on to the workstation where the SmartAuditor Player is installed.
SmartAuditor > SmartAuditor Player. The SmartAuditor Player
launches.
The following graphic displays the interface and the main areas with which you
interact. You may find it helpful to refer to it when following procedures.
The SmartAuditor window with callouts indicating its major elements.
Accessing Recorded Session Files
If your administrator has not already set up your server connection within the
SmartAuditor Player, you need to specify the server where the SmartAuditor
recordings are located. After a connection is specified, the SmartAuditor Player
can search for and access the recordings.
If no server is defined, a pop-up window appears the first time you perform a
search for files. The window prompts you to configure a server connection.
Alternatively, you can configure the server connection using a menu bar option.
To specify the server where SmartAuditor recordings are located
1. In the SmartAuditor Player, choose Tools >Options >Connections.
2. Click Add and complete the information required in the Add Server
Connection pop-up window.
In the Hostname field, you can type either the server name or its Internet
protocol (IP) address.
8 Viewing Recordings 49
3. Click OK to return to the Options window.
If you access more than one server for recordings, you can repeat this
procedure to add multiple servers to the list. However, you can select only
one server at a time.
Opening a Recording
There are many ways to open a recorded session file. A few of these ways
include: browsing for the file, search for the file using the search tools, selecting a
file from your Favorites folder, or dragging and dropping a file from Windows
Explorer.
Recorded session file names begin with i_ and have a unique alphanumeric
identification name with the following extensions:
.icl for recordings without playback protection applied
.icle for recordings with playback protection applied
An example of a file name is: i_dc9fecaa-0946-4838-87cf-37a8632eebcd.icle.
The name comprises numbers, letters, and dashes. When you view the recordings
properties in the Now Playing pane (displayed by choosing View > Now Playing
from the SmartAuditor Player menu bar after a file loads), you notice that the file
name appears in the File ID field. The body of the file name appears without the
preceding i_ and extension.
Tip: Use this file ID to reference the file with other reviewers or administrators.
You can copy the ID by right-clicking the file ID and choosing Copy. Using the
standard Windows Paste command, you can paste the ID into another application
(for example, Outlook).
Recorded session files are located in a directory structure that incorporates the
date when the recording occurred. For example, if the session was recorded on
April 22, 2007, your file directory structure may be:
C:\SessionRecordings\2007\04\22\i_dc9fecaa-0946-4838-87cf-
37a8632eebcd.icle.
You can also open a file at the workstation where the player is installed. In this
case, the directory structure is localsettings\Application
Data\Citrix\SmartAuditor\Player\Cache.
Depending upon how long a users session lasted, you may need to open one or
several different files to view the entire session. Files have a size limit and when
the file reaches a specified size during a recording, SmartAuditor closes the file
and opens another. Only one file can be viewed at a time; if you open a second
file, SmartAuditor closes the current file before it opens the new one.
You can view recorded sessions while they are being recorded or after they are
saved. Viewing a session that is currently recording is similar to seeing actions
happening live; however, there is actually a one to two second delay as the data
propagates from the Citrix Presentation Server to your workstation.
Note: To take advantage of live session playback, your administrator must
enable an option in the SmartAuditor Server Properties dialog box.
To open a recording
1. In the SmartAuditor Player, do one of the following:
A. Perform a search for the recorded session file and select the file from
the Workspace pane.
B. From the menu bar, choose File > Open and browse for the file.
Session files use the .icl or .icle extension.
C. In the Workspace pane, double-click the Favorites folder and choose
the file from the Favorites pane (if you previously saved it as a
favorite).
D. Using Windows Explorer, navigate to the file and drag and drop the
file into the Player window.
E. Using Windows Explorer, navigate to and double-click the file.
2. If your administrator has not enabled digital signing of recording session
files, a pop-up window appears warning that the integrity of the file
contents cannot be verified. Click Yes if you are confident of the integrity
of the file. The file loads and commences the playback. While the file loads,
the slider increments adjust to the loading file.
3. Use the Player window controls to manipulate the file.
Tip: You can tell whether the file is currently recording or is complete by
looking at the Status field in the Now Playing pane. To display the pane,
from the menu bar, choose View >Now Playing.
Related topics:
Searching for Recorded Sessions on page 53
Playing a Recorded Session on page 51
Changing the Speed of the Play Back on page 52
Playing a Recorded Session
Use the SmartAuditor Player to view recorded sessions while they are being
recorded or after they are saved.
Note: To take advantage of live session playback, your administrator must
enable an option in the SmartAuditor Server Properties dialog box.
Controls available below the Player window allow you to:
Use the seek slider below the Player window to jump to a different position
within the recorded session. Additionally, you can use the following keyboard
keys to control the seek slider:
Play the selected session file.
Pause playback.
Stop playback. If you click Stop, then Play, the recording restarts at the
beginning of the file.
Halve the current playback speed down to a minimum of one-quarter normal
speed.
Double the current playback speed up to a maximum of 32 times normal speed.
Key: Seek Action:
Home Seek to the beginning
End Seek to the end
Right Arrow Seek forward five seconds
Left Arrow Seek backward five seconds
Move mouse wheel one
notch down
Seek forward 15 seconds
Move mouse wheel one
notch up
Seek backward 15 seconds
Ctrl + Right Arrow Seek forward 30 seconds
Note: If you find that the seek action is slow to respond, you can improve the
seek response time by adjusting a setting. From the SmartAuditor menu bar,
choose Tools > Options > Player and drag the slider to increase or decrease the
seek response time. A faster response time requires more memory.
Changing the Speed of the Play Back
In addition to playing back the recording at normal speed, you can specify a speed
or increase or decrease the speed. Increasing and decreasing the speed is
exponential. Each time you increase the speed, the playback speeds up or down
by multiples of the real-time play (one-quarter, one-half, 2, 4, 8, 16, and 32
times).
If you want to skip over spaces where the user did not perform an action (for
example, if the user leaves the workstation for lunch and nothing changes on the
screen), you can activate a setting called Fast Review Mode. This setting saves
time for playback viewing; however, it does not jump over animated sequences
such as animated mouse pointers, flashing cursors, or displayed clocks with
second hand movements.
To change the playback speed
1. In the SmartAuditor Player, start the playback.
2. From the menu bar, choose Play followed by one of the speed options. The
speed increases or decreases immediately and a number indicating the
increased or decreased speed appears below the Player window controls.
Text indicating the exponential rate appears briefly in green in the Player
window.
To skip over spaces where no action occurred
1. In the SmartAuditor Player, start the playback.
Ctrl + Left Arrow Seek backward 30 seconds
Page Down Seek forward one minute
Page Up Seek backward one minute
Ctrl + Move mouse wheel
one notch down
Seek forward 90 seconds
Ctrl + Move mouse wheel
one notch up
Seek backward 90 seconds
Ctrl + Page Down Seek forward six minutes
Ctrl + Page Up Seek backward six minutes
2. From the menu bar, choose Play >Fast Review Mode.
The option toggles on and off. Each time you choose it, its status appears
briefly in green in the Player window.
Searching for Recorded Sessions
From within the SmartAuditor Player, you can search for and retrieve recorded
sessions matching specific search criteria. You can perform two types of searches:
Use quick search to enter general criteria to display a recorded session
listing
Use advanced search to enter detailed search criteria to narrow your search
In addition to the search criteria that you enter, you can also set search parameters
that specify how many results appear and whether or not you want to include files
that are archived.
To configure how many results appear for a search
1. From the SmartAuditor Player menu bar, choose Tools > Options >
Search.
2. Type the number of results you want to display. A maximum of 500 results
can be displayed.
3. Click OK.
To include archived files in the search results
1. From the SmartAuditor Player menu bar, choose Tools > Options >
Search.
2. Select the Include archived files check box.
3. Click OK.
Using Quick Search
Use quick search to enter general criteria to perform a search.
To perform a quick search
1. In the SmartAuditor Player, type the criteria in the Search field. Move the
mouse pointer over the Search label to display a list of parameters to use as
a guideline.
Clicking the arrow to the right of the Search field displays the text for the
last 64 searches you performed.
2. Optionally, from the drop-down list, select the period or duration specifying
when the session was recorded.
3. Click the binocular icon to the right of the drop-down list to start the search.
The results appear below the search tools.
For example, to find sessions recorded for administrator in the past 24
hours, type Administrator in the field and select In last 24 hours from the
drop-down list.
4. Right-click an entry in the list and choose Properties to view session
metadata for the file.
Using Advanced Search
Use advanced search to enter detailed search criteria to narrow your search.
To perform a detailed search
1. In the SmartAuditor Player, click Advanced Search on the tool bar or
choose Tools > Advanced Search.
2. In the Advanced Search dialog box, type and select the criteria using the
tabs, fields, and drop-down lists to narrow your search. As you specify
search criteria in one or more tabs, the query you are building appears in the
yellow pane at the bottom of the window.
3. After you select the criteria, click Search. The results appear below the
search tools in the search results pane.
4. Right-click an entry in the search results pane and choose Properties to
view session metadata for the file. To view a recorded session, double-click
the file. The recorded session begins playing in the Player window.
Tip: If you perform the same searches frequently, you can save time for future
searches by saving your current search as a query file (*.ISQ). Query files reside
on your workstation and you can retrieve them whenever you want to perform an
identical search by opening the query from within the Advanced Search dialog
box.
Displaying or Hiding Window Elements
The SmartAuditor Player has many window elements that you can toggle on and
off. These elements include lists, panes, the Player window controls, and so on.
To view which elements you can toggle, from the menu bar, choose View.
To display or hide window elements
1. In the SmartAuditor Player, choose View from the menu bar.
2. Choose the elements that you want to display. Selecting an element causes
it to appear immediately. A check mark indicates that the element is
selected.
Related topics:
To display a red border around the session recording on page 56
Manipulating the Playback Display
Several options allow you to change how the recorded session appears in the
Player window. You can pan and scale the image, show the playback in full-
screen mode, display the Player window in a separate window, and display a red
border around the session recording to differentiate it from the Player window
background.
To display the Player window in full-screen format
2. Choose Player Full Screen.
3. To return to the original size, press ESC or F11.
To display the Player window in a separate window
2. Choose Player in Separate Window. A new window appears containing
the Player window. You can drag and resize the window.
3. To embed the Player window in the main window, choose View >Player
in Separate Window, or press F10.
To scale the session playback to fit the Player window
1. In the SmartAuditor Player, choose Play from the menu bar.
2. Choose Panning and Scaling > Scale to Fit.
Scale to Fit (Fast Rendering) shrinks the image while providing a
good quality image. Images are drawn quicker than when using the
High Quality option but the images and text are not as sharp. Use this
option if you are experiencing performance issues when using the
High Quality mode.
Scale to Fit (High Quality) shrinks the image while providing high
quality images and text. Using this option may cause the images to be
drawn more slowly than the Fast Rendering option.
To pan the image
1. In the SmartAuditor Player, choose Play from the menu bar.
2. Choose Panning and Scaling > Panning. The pointer changes to a hand
and a small representation of the screen appears in the top right of the
Player window.
3. Drag the image. The small representation indicates where you are in the
image.
4. To stop panning, choose one of the scaling options.
To display a red border around the session recording
1. In the SmartAuditor Player, choose Tools > Options > Player from the
menu bar.
2. Select the Show border around session recording check box.
Tip: Even if the Show border around session recording check box is
not selected, you can temporarily view the red border by clicking and
holding down the left mouse button while the pointer is in the Player
window.
Inserting Markers into Recordings
You can insert markers in the form of bookmarks and annotations into recorded
files to mark a particular spot in the recording. In addition, your administrator can
configure system-generated events to be inserted automatically into the recorded
file. After the markers are inserted, you can use them to quickly jump to the
marked places in the recording. Bookmarks and annotations are associated with a
particular session file but they are not stored in the same file; they are stored in a
separate file that is saved in the reviewers Workspace pane (using the reviewers
local profile). The format of the file name is identical to the recorded session file
with the exception of the file extension, which ends with a b (for example, i_<file
code>.iclb). Creating or modifying markers has no effect on the recorded session
file.
Differences between markers:
Bookmarks are generic markers with the generic text label of Bookmark.
Annotations are similar to bookmarks; however, you type a label to give
them a descriptive name. For example, you mark a spot on the file with an
annotation and create an annotation marker called copied files to network
share to flag the point in the session when the user copied some files to a
network share.
Events are system generated markers that are injected into the session data
by a third party application. Events are part of the recorded session file and
cannot be modified. The SmartAuditor installation includes an application
programming interface (API) that allows you to inject text from third party
applications into a recording. You cannot insert event markers using the
SmartAuditor Player--you must use a third party application.
Bookmarks, events, and annotations appear in two places in the SmartAuditor
Player:
In chronological order in the Events and Bookmarks list in the left pane of
the SmartAuditor Player as a text list.
Under the seek slider, (annotations and bookmarks appear as blue dots,
events appear as yellow dots), identifying where the markers are inserted in
the recording. Moving the pointer over a dot displays the name of the
marker. Additionally, a line appears underneath the associated text name in
the Events and Bookmarks list when the playing position reaches the
bookmark or event in the recording.
To insert a bookmark
1. In the SmartAuditor Player, move the seek slider to the position where you
want to insert the bookmark.
2. Move the mouse pointer into the Player window area and right-click to
display the menu.
3. Choose Add Bookmark. A blue dot representing the bookmark appears
below the slider and the word bookmark is added to the Events and
Bookmarks list.
To insert an annotation
1. In the SmartAuditor Player, move the seek slider to the position where you
want to insert the annotation.
2. Move the mouse pointer into the Player window area and right-click to
display the menu.
3. Choose Add Annotation, type a descriptive name of up to 128 characters
in the appearing window, and click OK. A blue dot representing the
annotation appears below the slider and the annotation is added to the
Events and Bookmarks list.
To delete a marker
In the SmartAuditor Player, do one of the following:
Right-click the marker in the Events and Bookmarks list, choose
Delete, and click OK to confirm the deletion
With the recorded session playing, right-click the corresponding dot
below the seek slider and choose Delete Bookmark
Related topics:
Navigating within Session Recordings on page 58
Navigating within Session Recordings
After you open a recorded session in the SmartAuditor Player, you can navigate
through the recording using several methods.
To navigate within a recording
In the SmartAuditor Player, do one of the following:
Use the Player window controls to stop, pause, and fast forward.
Drag the seek slider to move forward or backward.
Double-click an event, bookmark, or annotation in the Events and
Bookmarks list.
Click anywhere on the seek slider to move to the location.
Right-click a marker and choose Seek to Bookmark. The seek slider
jumps to the selected marker.
Note: You can configure how fast you jump to the marker by choosing
Tools > Options > Player and moving the seek slider.
Related topics:
Changing the Speed of the Play Back on page 52
Creating Favorites
The SmartAuditor Player provides you with a favorites capability to quickly
access recordings that you view frequently. These shortcut folders reference
recording files that are stored either on your workstation or on a network share.
They are saved as *.icf files on your workstation; however, you can import and
export these files to other workstations and share these folders with other
reviewers.
Note: Only reviewers with access rights to the SmartAuditor Player can
download the recording files associated with favorites folders. See your system
administrator for access rights.
To create a new favorites subfolder
1. In the SmartAuditor Player, select the Favorites folder in your Workspace
pane.
2. From the menu bar, choose File > Folder > New Folder. A new folder
appears under the Favorites folder.
3. Type the folder name, then press Enter or click anywhere to accept the new
name.
You can use the other options that appear in the File > Folder menu to
delete, rename, move, copy, import, and export the folders.
Downloading Recordings Quickly
Each time you open a recorded session file, SmartAuditor downloads the file
from the location where the recordings are stored. Depending upon the size of the
file and your network connection, it may take some time before the file is fully
downloaded. If you download the same files frequently, you may want to cache
the files on your workstation. When you cache the file, SmartAuditor saves the
file on your workstation and loads the file from the cache instead of the network.
This allows the file to download much quicker.
To ensure that your hard drive does not become full with recordings, you can
specify how much disk space should be used for the cache. When the recordings
fill the specified disk space, SmartAuditor deletes the oldest, least used
recordings to make room for new recordings. You can empty the cache at any
time to free up disk space.
To enable the caching of files
1. In the SmartAuditor Player, choose Tools > Options > Cache.
2. Select the Cache downloaded files on local machine check box.
3. If you want to limit the amount of disk space used for caching, select the
Limit amount of disk space to use check box and drag the slider or type
the amount of megabytes to be used to specify the amount.
4. Click OK.
To empty the cache
1. In the SmartAuditor Player, choose Tools > Options > Cache.
2. Click Purge Cache, then OK to confirm the action.
9
Troubleshooting SmartAuditor
This troubleshooting information contains solutions to issues you may encounter
during and after installing SmartAuditor components.
Component Connection Problems
During the setup of SmartAuditor, the components may not connect to other
components (for example, the SmartAuditor Agent to the SmartAuditor Server
(Broker or MSMQ), the SmartAuditor Player to the SmartAuditor Server
(Broker), or the SmartAuditor Policy Console to the SmartAuditor Server
(Broker)). All the components communicate with the SmartAuditor Server
(Broker). By default the Broker (an IIS component) is secured using the IIS
default Website certificate.
If one component cannot connect to the SmartAuditor Server, the other
components may also fail when attempting to connect. The SmartAuditor Agent
and SmartAuditor Server (Storage Manager and Broker) log connection errors in
the Applications event log in the Event Viewer of the computer running Citrix
Presentation Server, while the SmartAuditor Policy Console and SmartAuditor
Player both display connection error messages on screen when they fail to
connect.
Related topics:
Using HTTP for Your Communication Protocol on page 68
The SmartAuditor Server Cannot Connect to the
SmartAuditor Database
When the SmartAuditor Server cannot connect to the SmartAuditor Database,
you may see a message similar to the following:
Event Source: Citrix SmartAuditor Storage Manager Description:
Exception caught while establishing database connection. This error appears
in the Applications event log in the Event Viewer of the server hosting the
SmartAuditor Server.
Unable to connect to the SmartAuditor Server. Ensure that the
SmartAuditor Server is running. This error message appears when you launch
the SmartAuditor Policy Console.
Resolution:
SQL Server 2005 Express Edition is installed on a standalone server and
does not have the correct services or settings configured for SmartAuditor.
See the Important Deployment Notes on page 14 for information about
these settings.
During the SmartAuditor installation (Administration portion), incorrect
server and database information was given. Uninstall the SmartAuditor
Database and reinstall it, supplying the correct information. See To install
SmartAuditor (Part 1: The SmartAuditor Administration Components) on
page 22 for this procedure.
The SmartAuditor Database Server is down. From a command prompt, run
the ping command to verify that the server has connectivity.
Logon failed for user NT_AUTHORITY\ANONYMOUS LOGON. This
error message means that the services are logged on incorrectly as .\administrator.
Resolution: Restart the services as local system user and restart the SQL services.
The SmartAuditor Agent Cannot Connect
When the SmartAuditor Agent cannot connect, the Exception caught while
sending poll messages to SmartAuditor Broker event message is logged,
followed by the exception text. The exception text provides the reason why the
connection failed. These reasons include:
The remote name could not be resolved. This exception indicates that the
SmartAuditor Agent could not resolve the SmartAuditor Server name. Two
possible reasons include: an incorrectly typed server name or the DNS could not
resolve the server name.
Resolution: Open the SmartAuditor Agent Properties dialog box and after
choosing the Connections tab, verify that the SmartAuditor Server name is
correct. If the server name is correct, open a command prompt and run the ping
command for the server to see if the name can be resolved.
Related topics:
9 Troubleshooting SmartAuditor 63
The underlying connection was closed. A connection that was expected to be
kept alive was closed by the server. This exception means that the SmartAuditor
Server is down or unavailable to accept requests. This could be due to IIS being
offline or restarted, or the entire server may be offline.
Resolution: Verify that the SmartAuditor Server is started, IIS is running on the
server, and the server is connected to the network.
The underlying connection was closed. Could not establish a trust
relationship for the SSL/TLS secure channel. This exception means that the
SmartAuditor Server is using a certificate that is signed by a Certificate Authority
(CA) that the server on which the SmartAuditor Agent resides does not trust, or
have a CA certificate for. Alternatively, the certificate may have expired or been
revoked.
Resolution: Verify that the correct CA certificate is installed on the server hosting
the SmartAuditor Agent or use a CA that is trusted.
The remote server returned an error: (403) forbidden. This is a standard
HTTPS error displayed when you attempt to connect using HTTP (nonsecure
protocol). The SmartAuditor Server rejects the connection because it accepts only
secure connections.
Resolution: Open the SmartAuditor Agent Properties dialog box and after
choosing the Connections tab, change the SmartAuditor Broker protocol to
HTTPS.
Related topics:
The SmartAuditor Broker returned an unknown error while evaluating a
record policy query. Error code 5 (Access Denied). See the Event log on the
SmartAuditor Server for more details. This error occurs when sessions are
started and a request for a record policy evaluation is made. The error is a result
of the Authenticated Users group (this is the default member) being removed
from the Policy Query role of the SmartAuditor Authorization Console.
Resolution: Add the Authenticated Users group back into this role, or add each
server hosting each SmartAuditor Agent to the PolicyQuery role.
Related topics:
The underlying connection was closed. A connection that was expected to be
kept alive was closed by the server. This error means that the SmartAuditor
Server is down or unavailable to accept requests. This could be due to IIS being
offline or restarted, or the entire server may be offline.
Resolution: Verify that the SmartAuditor Server is started, IIS is running on the
server, and the server is connected to the network.
Error 1001. An exception occurred during the Commit phase of the
installation. This error occurs during the installation process. It means that the
SmartAuditorStoragemanager service failed to start.
Resolution: Apply an extended timeout of 300000 (five minutes) to the
ServicesPipeTimeout registry value, restart the server, and rerun the installation.
See the Microsoft knowledgebase article http://support.microsoft.com/kb/922918
for this procedure.
Problems with the SmartAuditor Policy Console
Because the issues and resolutions are similar to the issues that might occur with
the SmartAuditor Player, see SmartAuditor Player Issues on page 66 for
possible issues and resolutions.
Sessions are not Recording
If your Presentation Server sessions are not recording successfully, ensure that:
The Enable session recording for this Presentation Server check box in
the SmartAuditor Agent Properties dialog box on each server to be
recorded is selected. See Disabling/Enabling Recording on a Server on
page 29.
You activated a policy that allows recording in the SmartAuditor Policy
Console. See Activating a Policy on page 43.
MSMQ is connecting to MSMQ on the server hosting the SmartAuditor
Server. See Troubleshooting MSMQ on page 65.
Session sharing is disabled. For an explanation about why session sharing
interferes with recording, see Important Deployment Notes on page 14.
For instructions about how to disable session sharing, see article
CTX101644 in the Citrix Knowledge Center.
Troubleshooting MSMQ
If your users see the notification message but the reviewer cannot find the
recordings after performing a search in the SmartAuditor Player, there could be a
problem with MSMQ. Verify that the queue is connected to the SmartAuditor
Server (Storage Manager) and use Internet Explorer to test for connection errors
(if you are using HTTP or HTTPS as your MSMQ communication protocol).
To verify that the queue is connected
1. At the server hosting the SmartAuditor Agent, from the Start taskbar,
choose Start >Administrative Tools >Computer Management.
2. Expand Services and Applications >Message Queuing, then select
Outgoing Queues. The right pane lists the outgoing queues.
3. Verify that the queue to the SmartAuditor Server has a connected state.
A. If the state is waiting to connect, there are a number of messages in
the queue, and the protocol is HTTP or HTTPS (corresponding to the
protocol selected in the Connections tab in the SmartAuditor Agent
Properties dialog box), perform Step 4.
B. If state is connected and there are no messages in the queue, there
may be a problem with the server hosting the SmartAuditor Server.
Perform Steps 5 through 6.
4. If there are a number of messages in the queue, launch Internet Explorer
and type the following address:
A. For HTTPS: ht t ps: / / <ser ver name>/ msmq/ pr i vat e$/
Ci t r i xSmAudDat a where servername is the name of the server
hosting the SmartAuditor Server.
B. For HTTP: ht t p: / / <ser ver name>/ msmq/ pr i vat e$/
Ci t r i xSmAudDat a where servername is the name of the server
hosting the SmartAuditor Server.
If the page returns an error such as The server only accepts secure
connections, change the MSMQ protocol listed in the SmartAuditor
Agent Properties dialog box to HTTPS. Otherwise, if the page reports a
problem with the Web sites security certificate, there may be a problem
with a trust relationship for the SSL/TLS secure channel. In that case,
install the correct CA certificate,or use a CA that is trusted. This procedure
ends at this step (Step 4).
5. If there are no messages in the queue, at the server hosting the
SmartAuditor Server, from the Start taskbar, choose Start >
Administrative Tools >Computer Management.
6. Expand Services and Applications >Message Queuing, then select
Private Queues >citrixsmauddata. If there are a number of messages in
the queue (Number of Messages Column), verify that the SmartAuditor
StorageManager service is started. If it is not, restart the service.
SmartAuditor Player Issues
workstation to play back recorded Presentation Server sessions. Reviewers can
encounter the following issues while using the Player.
Searching for Recordings in the Player Fails
If you experience difficulties when searching for recordings using the
SmartAuditor Player, it may be for the following reasons and you may see the
following error messages:
Search for recorded session files failed. The remote server name could not be
resolved: <servername>. where <servername>is the name of the server to
which the SmartAuditor Player is attempting to connect. The player cannot
contact the SmartAuditor Server. Two possible reasons for this include, an
incorrectly typed server name, or the DNS cannot resolve the server name.
Resolution: From the Player menu bar, choose Tools >Options >Connections
and verify that the server name in the SmartAuditor Servers list is correct. If it
is correct, open a command prompt and run the ping command for the server to
see if the name can be resolved. When the SmartAuditor Server is down or offline
the search for recorded session files failed error is Unable to contact the remote
server.
Related topics:
Accessing Recorded Session Files on page 48
Unable to contact the remote server. This error occurs when the SmartAuditor
Server is down or offline.
Resolution: Verify that the SmartAuditor Server is connected by opening a
command prompt and running the ping command for the server.
Access denied error. An access denied error can occur if the reviewer was not
given permission to search for and download recorded session files.
Resolution: Grant the reviewer access in the Player role of the SmartAuditor
Authorization Console.
Note: Only reviewers should have permission to view recorded files to ensure
the integrity of the system. Additionally, for security reasons, ensure that you
grant rights only to the users who need access to specific roles.
Related topics:
Search for recorded session files failed. The underlying connection was
closed. Could not establish a trust relationship for the SSL/TLS secure
channel. This exception is caused by the SmartAuditor Server using a certificate
that is signed by a CA that the client device does not trust or have a CA certificate
for.
Resolution: Install the correct or trusted CA certificate on the Player workstation.
The remote server returned an error: (403) forbidden. This error is a standard
HTTPS error that occurs when you attempt to connect using HTTP (nonsecure
protocol). The server rejects the connection because, by default, it is configured
to accept only secure connections.
Resolution: From the Player menu bar, choose Tools >Options >Connections.
Select the server from the SmartAuditors Servers list, then click Modify.
Change the protocol from HTTP to HTTPS. Click OK twice to exit the Options
dialog box and perform the search again.
Unable to View Live Session Playback
If you experience difficulties when viewing recordings using the SmartAuditor
Player, it may be for the following reasons and you may see the following error
messages:
Download of recorded session file failed. Live session playback is not
permitted. The server has been configured to disallow this feature. This error
indicates that the server is configured to disallow the action.
Resolution: In the SmartAuditor Server Properties dialog box, choose the
Playback tab and select the Allow live session playback check box.
Related topics:
Enabling Live Session Playback on page 34
Using HTTP for Your Communication Protocol
For security reasons, Citrix does not recommend using HTTP as a
communication protocol. The SmartAuditor installation is configured to use
HTTPS. If you want to use HTTP instead of HTTPS, you must change several
settings.
To use HTTP as the communication protocol
1. Disable secure connections for the SmartAuditor Broker in IIS on the
SmartAuditor Server:
A. Log on to the server that hosts the SmartAuditor Server.
B. From the Windows taskbar, choose Start >Administrative Tools >
Internet Information Services (IIS) Manager.
C. In the left pane, expand the servername node (where servername is
the name of the server where you are disabling IIS) by choosing
servername >Web Sites >Default Web Site >
SmartAuditorBroker.
D. Right-click SmartAuditorBroker and choose Properties >
Directory Security.
E. In the Secure communications region, choose Edit and clear the
Require secure channel (SSL) check box.
F. Click OK to save the setting and exit the dialog boxes.
2. Change the protocol setting from HTTPS to HTTP in each SmartAuditor
Agent Properties dialog box:
A. Log on to each server where the SmartAuditor Agent is installed.
B. From the Start menu choose Start >All Programs >Citrix >
SmartAuditor >SmartAuditor Agent Properties. The
SmartAuditor Agent Properties dialog box appears.
C. Choose the Connections tab.
D. In the SmartAuditor Broker area, select HTTP from the Protocol
drop-down list and choose OK to accept the change. If you are
prompted to restart the service, choose Yes.
3. Change the protocol setting from HTTPS to HTTP in the SmartAuditor
Player settings:
A. Log on to the workstation where the SmartAuditor Player is installed.
B. From the Start menu, choose Start > All Programs > Citrix >
SmartAuditor > SmartAuditor Player. The SmartAuditor Player
launches.
C. Choose Tools > Options > Connections, select the server, and
choose Modify.
D. Select HTTP from the Protocol drop-down list and click OK twice
to accept the change and exit the dialog box.
4. Change the protocol setting from HTTPS to HTTP in the SmartAuditor
Policy Console:
A. Log on to the server where the SmartAuditor Policy Console is
installed.
B. From the Start menu, choose Start > All Programs > Citrix >
SmartAuditor > SmartAuditor Policy Console. The Connect to
SmartAuditor Server dialog box appears.
C. Choose HTTPS from the Protocol drop-down list and choose OK to
connect. If the connection is successful, this setting is remembered
the next time you launch the SmartAuditor Policy Console.
10
Reference: Managing Your Database
Records
Using the ICLDB Utility
The ICA Log database (ICLDB) utility is a database command-line utility used to
manipulate the session recording database records. This utility is installed during
the SmartAuditor installation in the drive:\Program
Files\Citrix\SmartAuditor\Server\Bin directory at the server hosting the
SmartAuditor Server software.
Quick Reference Chart
The following table lists the commands and options that are available for the
ICLDB utility. Type the commands using the following format:
icldb [version | locate | dormant | import | archive | remove | removeall]
command-options [/l] [/f] [/s] [/?]
Note: More extensive instructions are available in the help associated with the
utility. To access the help, from the command prompt, in the drive:\Program
Files\Citrix\SmartAuditor\Server\Bin directory, type icldb /?. To access help for
specific commands, type icldb <command> /?.
Command Description
archive Archives the session recording files older than the retention period
specified.
Use this command to archive files.
dormant Displays or counts the session recording files that are considered
dormant. Dormant files are session recordings that were not completed
due to data loss.
Use this command to verify if you suspect that you are losing data. You
can verify if the session recording files are becoming dormant for the
entire database, or only recordings made within the specified number
of days, hours, or minutes.
import Imports session recording files into the SmartAuditor database.
Use this command to rebuild the database if you lost database records.
Additionally, use this command to merge databases (if you have two
databases, you can import the files from one of the databases.)
locate Locates and displays the full path to a session recording file using the
file ID as the criteria.
Use this command when you are looking for the storage location of a
session recording file.
It is also one way to verify if the database is up-to-date with a specific
file.
remove Removes the references to session recording files from the database.
Use this command (with caution) to clean up the database. You need to
specify the retention period to be used as the criteria.
You can also remove the associated physical file.
removeall Removes all of the references to session recording files from the
SmartAuditor database and returns the database to its original state.
The actual physical files are not deleted; however you cannot search
for these files in the SmartAuditor Player.
Use this command (with caution) to clean up the database. Deleted
references can be reversed only by restoring from your backup.
version Displays the SmartAuditor Database schema version.
/l Logs the results and errors to the Windows event log.
/f Forces the command to run without prompts.
/s Suppresses the copyright message.
/? Displays help for the commands.
Command Description

SmartAuditor Guide PDF

Uploaded by

Document Information

Original Description:

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

SmartAuditor Guide PDF

Uploaded by

Copyright:

Available Formats

Citrix Presentation Server 4.

You might also like