This Proof-of-Concept Guide provides the steps to integrate Windows 365 Cloud PCs with Citrix Session Recording Service. The following is covered in this guide:
- Deploy Citrix Session Recording resources to Azure subscription
- Deploy Citrix Session Recording Agent to Windows 365 Cloud PCs
- Configure Citrix Session Recording policies
- Replay a recording with Citrix Session Recording Player
Requirements and Prerequisites
- Citrix Session Recording 2402 LTSR or later
- Microsoft Message Queuing on Windows 365 Cloud PCs
- Citrix Cloud Account: You'll need an active Citrix Cloud account with the necessary licenses.
- Windows 365 Enterprise Subscription: Ensure you have a Windows 365 Enterprise subscription to access Cloud PCs.
- Microsoft Intune entitlement: You need an active Microsoft Intune environment in your Entra ID directory.
- Azure Administrator accounts: You will require an Entra ID global administrator and Intune Global administrator privileges or someone with access to these accounts.
Deploy Session Recording resources
This section guides you through the procedure of creating and deploying Session Recording resources to an Azure subscription from within the Session Recording service through a host connection, including:
- Session Recording servers
- Database
- Storage
- Load Balancer
Create and deploy a site through a host connection
- Select Configuration > Server Management from the left navigation of the Session Recording service.
- On the Add connection page, give the new host connection a name and a description (optional). Enter your Azure subscription ID and the following required information about your application registration:
- Click Save to test whether the host connection you specify is available.
Note:
If the host connection you specify is available, you’re taken back to the Host Connection page and prompted that the host connection is added successfully.
- On the Server Management page, click Create site. The Create site page appears.
- Select Create and deploy a site through a host connection. The main steps are listed in the left navigation.
- Site Information - Enter a Site name and description, select a Host Connection that connects to your Azure subscription, and specify a Region.
- After completing the site information, click Next to continue.
- About your deployment—Provide information about your recording needs to get recommendations for VM and storage configurations. You can skip this step by clicking “I’m good, skip this step” or “Next.”
- Network - Select the Virtual network and Subnet your Session Recording resource will connect to.
- After completing the Network information, click Next to continue.
-
Virtual Machines - Create virtual machines (VMs) as your Session Recording servers. Enter the following required information about your Session Recording servers:
- Session Recording server version to install – 2402 LTSR
- Image – Windows Server 2022 Datacenter: Azure Edition x64 Gen2
- Size – Standard_D4s_v3-4vcpus, 16 GiB memory
- Number of VMs - 2
Specify an administrator account for the virtual machines.
- After completing the Virtual machine information, click Next to continue.
- Domain and certificate—Join the Session Recording servers in the same domain as your VDAs and specify a certificate for them. Only .pfx certificate files are accepted.
- After completing the Domain and certificate information, click Next to continue.
-
Storage - Configure a storage account and file shares to store your recording files.
- Performance: Standard: Recommended for most scenarios (general-purpose v2 account)
- Redundancy: Locally redundant storage (LRS)
- File shares: 1 file share
- After completing the Storage information, click Next to continue.
-
Databases - Create 2 SQL databases for recording and logging data.
- Service tier: General Purpose
- Compute tier: Provisioned
- Hardware configuration: Standard-series (Gen5)
- vCores: 2
- Data max size (GiB): 32
Specify a database administrator account.
- After completing the Database information, click Next to continue.
- Load balancer—Create a load balancer to distribute workload among the Session Recording servers. In the Restrict access of the load balancer to only the following addresses field, enter the IP addresses or rangers of your VDAs and separate them by a comma.
- After completing the Load balancer information, click Next to continue.
- Tags – Optionally, tags can be applied to Azure Resources.
- After completing the Tags information, click Next to continue.
- Secure Client - Create a secure client to onboard the Session Recording server to the Session Recording service. Select Create client.
- After completing the Secure Client information, click Next to continue.
- Summary – Review the summary of the resources that will be created in the Azure subscription. Click Start deployment to continue.
- The Citrix Session Recording deployment will begin. You can select the Close dialog and check the status later if necessary.
- When a site deployment is complete, you can expand the site and view and manage the resources.
Deploy Citrix Session Recording Agent with Intune
Upload Citrix Session Recording Agent to Intune
- Sign in to the Microsoft Intune Admin Center: https://intune.microsoft.com/
- Select Apps > All apps > Select Add
- On the Select app type pane, under the Other app types, Select Line-of-business app.
- Click Select.
- On the Line-of-business app dialog, Click Select.
- On the Add App pane, click Select app package file.
- On the App package file pane, Select the browse button. Select the Citrix Session Recording Agent file (SessionRecordingAgentx64.msi), and Select OK.
Configure Citrix Session Recording Agent App Information
-
Provide the following information on the App Information tab, and Select Next.
- Name: Citrix Session Recording Agent
- Description: Citrix Session Recording Agent
- Publisher: Citrix
- App install context: Device
- Command-line arguments: SessionRecordingAgentx64.msi /q SESSIONRECORDINGSERVERNAME=yourservername SESSIONRECORDINGBROKERPROTOCOL=HTTPS SESSIONRECORDINGBROKERPORT=443 SESSIONRECORDINGAUTHENTICATION="Citrix Cloud" SESSIONRECORDINGRPC="Websocket"
-
- Category: Computer Management
- Show this as a featured app in the Company Portal: No
Note:
When using the command-line argument to install the Citrix Session Recording agent, the following switches are used:
- /q specifies quiet mode.
- yourservername is the NetBIOS name or FQDN of the machine hosting the Session Recording server. If not specified, this value defaults to localhost.
- yourbrokerprotocol is the HTTP or HTTPS that the Session Recording agent uses to communicate with the Session Recording Broker. If not specified, this value defaults to HTTPS.
- yourbrokerport is the port number the Session Recording agent uses to communicate with the Session Recording Broker. If not specified, this value defaults to zero, which directs the Session Recording Agent to use the default port number for your selected protocol: 80 for HTTP or 443 for HTTPS.
- SESSIONRECORDINGAUTHENTICATION is the authentication type between the Session Recording agent and the Session Recording server. This parameter is required only when you want to enable Azure AD support. Add this parameter and set it to Citrix Cloud to enable Azure AD support.
- SESSIONRECORDINGRPC is the communication method between the Session Recording agent and the Session Recording server. This parameter is required only when you want to enable Azure AD support. Add this parameter and set it to Websocket to enable Azure AD support.
- SESSIONRECORDINGIDP specifies the identity type. This parameter is required only when you want to enable Azure AD support. Add this parameter and set it to IDP to enable Azure AD support.
- On the Assignments tab, Select Add Group under the Required section.
- Select an Entra ID group for the Citrix Session Recording Agent assignment. Click Select.
- Review the assignments and select Next.
- On the Review + Create tab, Select Create
The Citrix Session Recording agent will be deployed to the Windows 365 Cloud PCs, and the device status will be updated to reflect this in Microsoft Intune Admin Center.
Deploy Session Recording Policies
Citrix Session Recording lets you view and configure session recording, event detention, and event response policies for a specific site. Each policy you create or activate applies to all Session Recording servers of a site.
- On the left navigation menu, Select Policies.
- On the Recording policy pane, Select Add policy.
- On the Add recording policy dialog, specify a Name and Description, then Select Add Rule.
- On the Add rule dialog, specify a rule Name and Description. Select Delivery groups and VDA machines, then click Configure.
- On the Select delivery groups or VDA machines dialog, Select Add new.
- On the Add search query dialog, enter CTX- in the keyword of the machine or delivery group name field. Select Add search query.
- On the Select delivery groups or VDA machines, Select the delivery groups or VDA you want and click the Save button to finish the configuration.
- In the Add rule dialog, under Recording action, Select Enable session recording with notification. Click Save.
- On the Add recording policy dialog, add additional rules for the policy, otherwise select Save.
- After the new policy is created, find it on the Recording policy tab.
- Select the toggle to activate the Default Windows 365 Policy.
For more information on Citrix Session Record policies, see:
- Configure Session Recording Policies
- Configure Event Detection Policies
- Configure Event Response Policies
Connect to Windows 365 Cloud PC
Launch a Windows 365 Cloud PC connection to a delivery group or machine name you added to the Session Recording Policy. A prompt notifies the user that the session is recorded. Quickly open an application, then log off the session.
Playback Session Recording
- Log into Citrix Cloud and go to Session Recording Service Console. Select Recordings, then All Recordings.
- Click the Play button on your new recording to play back your session.
Summary
This POC guide walked you through setting up Citrix Session Recording in Microsoft Azure and deploying the Citrix Session Recording agent with Microsoft Intune to Windows 365 Cloud PCs. To learn more about Citrix Session Recording Service, visit the following:
- Product Documentation: Citrix Session Recording Service
- Product Documentation: Third-party SIEM integration
There are no comments to display.
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now