Feature request : record user's sessions

[mldmld68]

Hi,

For security reasons, one need to record the users's sessions.

It would be great if we could setup record sessions (.mp4 for Windows, text file for linux) on a GCS with the userID used to open the session as metadata or in the file name.

Combined with our Citrix platform, one can build a very effective bastion

Thanks for you consideration Regards MLD

[jpassing]

I see the value of session recording, but I think adding recording capabilities to IAP Desktop might not be too useful: If the client (i.e., IAP Desktop) does the recording, then it's difficult to prevent users from tampering with, or disabling the recording. To make sure that recordings are always enabled and complete, they'd have to be created server side -- either by IAP TCP Forwarding or by a bastion host. Would you agree with that, or is there a reason why you think the recording should be done client-side?

[mldmld68]

Yes, a user could disable the recording if iap-desktop runs on their local laptop But we could offer the service through (and only through) a Citrix infrastructure to provide the access to iap-desktop. iap-desktop would run on the Citrix servers and will be streamed to the user's laptop.

The Citrix server would have the TCP ports opened to access IAP and iap-desktop use an identity allowed to store records's files on a GCS

[jpassing]

If IAP Desktop runs in a Citrix environment, would it be possible to let Citrix do the session recording?

I agree that in a Citrix environment, client-side recording could be effective. But I'm not sure if adding such a feature is worthwhile if it's not going to be reliable in other circumstances.

If you are already in contact with somebody from our sales team, it would be great to follow up to explore alternative options. Feel free to point them to this issue.

[smartyr73]

In terms of Citrix session recording, this is something I already do with Citrix apps (So it is possible) and I've exactly the same use case in mind.