Privileged Session Recording

(Feature available only in Premium and Enterprise Editions)

Privileged sessions launched from Password Manager Pro can be recorded, archived and played back to support forensic audits and allow enterprises to monitor all actions performed by privileged accounts during privileged sessions. Session recording caters to the audit and compliance requirements of organizations that mandate proactive monitoring of activities, thereby enabling administrators to readily answer questions regarding the ‘who,’ ‘what’ and ‘when’ of privileged access. Password Manager Pro enables recording of Windows RDP, SSH / Telnet, and SQL sessions launched from the product.

How secure is session recording?

Password Manager Pro employs first-in-class, browser-based remote login mechanism for the session recording process. From any HTML5-compatible browser, users can launch highly secure, reliable and completely emulated Windows RDP, SSH and Telnet sessions with a single click, without the need for additional plug-in or agent software. Remote connections are tunneled through the Password Manager Pro server, requiring no direct connectivity between the user device and the remote host. In addition to superior reliability, the tunneled connectivity provides extreme security as passwords needed to establish remote sessions do not need to be available at the user’s browser. The session recording capability is an extension of the robust remote login mechanism of Password Manager Pro.

From version 6500, Password Manager Pro comes bundled with RDP, SSH and Telnet session gateways. This allows the users to launch remote terminal sessions from their browser that are tunneled through the Password Manager Pro server. The remote terminal sessions are emulated in the browser screen itself and hence there is no need for installing any plug-in or agent in any of the end-points. The only requirement is that the browsers should be HTML 5 compatible (For example IE 9 or above, FF 3.5 or above, Safari 4 or above, Chrome).

To enable session recording,

  • Navigate to Admin >> Configuration >> Session Recording.
  • In the pop-up form that opens up, select the text boxes "Record RDP sessions" and/or "Rexcord VNC sessions" and/or "Record SSH, Telnet and SQL sessions" as required.
  • Click "Save".
  • Once this is done, as soon as an administrator adds a resource that supports one of these remote terminal session types (RDP, SSH, Telnet), the session recording feature becomes available.

To view or play back the recorded sessions,

You can find the recorded sessions listed under Audit tab >> Recorded Sessions. You can trace the required session through the name of the resource, user who launched the session, time at which the session was launched etc. Just click "Play" at the end of each entry to view the recorded session. While viewing a recorded session, use the seek bar feature to skip any part of the recording and progress to any particular point by clicking on the seek bar. Detailed steps are given below:

  • Navigate to the "Audit" tab.
  • Select the "Recorded sessions" section from the list displayed on the left hand side of the Audits UI.
  • Click "Play" against the recorded session which you want to view.

Session Shadowing / Real-time Session Monitoring

(Feature available only in Enterprise Edition)

Password Manager Pro lets administrators closely monitor the privileged sessions on highly-sensitive IT resources. Shadowing allows admins to join active sessions, observe user activities parallelly, and terminate them in case of suspicious activities. Similarly, admins can also offer assistance to users while monitoring the users’ activities during troubleshooting sessions.

To monitor sessions in parallel,

  • Navigate to "Audit" tab.
  • Select the "Active Remote Sessions" section from the list displayed on the left hand side of the Audits UI.
  • Trace the session to be monitored through the name of the resource.
  • Click the "Join" button.You will be able to view the session in parallel.

To terminate a suspicious session,

  • Navigate to "Audit" tab.
  • Select the "Active Remote Sessions" section.
  • Trace the session to be monitored through the name of the resource.
  • Click the "Terminate" button. The session with the remote resource will be terminated. The user will lose connection with the remote resource.

Purging Recorded Sessions

If you do not need the session recordings that are older than a specified number of days, you can purge them.

  • Navigate to Admin >> Configuration >> Session Recording.
  • To purge the records that are older than a specified number of days, specify the number in the text-box against the field "Purge recorded sessions that are more than x days old".
  • Click "Save". The Session Recordings that are older than the number of days specified by you, will be purged.

©2014, ZOHO Corp. All Rights Reserved.

Top