The VMware Horizon Recording feature allows administrators to record desktop and application sessions to monitor user behavior for Linux remote desktops and applications.
Administrators can observe a user's exact keystrokes, pointer and mouse activity, and other user behavior in a recorded desktop or application session. In addition to providing greater security and auditing for user behavior, recording also helps with troubleshooting and reproducing issues the user experiences during a session. Administrators can play back, store, and audit the recordings.
When a user logs in, Horizon Recording starts automatically, displaying the default message Your session is being recorded in accordance with security policies. The recording runs if the session is in a connected state. Recording stops when the user logs out or disconnects. If the user changes the screen resolution of the desktop or application session, Horizon Recording creates a new segment of the recording. Recording file sizes vary based on the duration of the connected session. Recordings are stored in MP4 format and can be downloaded to play in a local player or viewed in the Horizon Recording web console.
Components
- Horizon Recording Server: Collects information about the session and raw recording data for storage and playback.
- Horizon Recording Agent for Linux: Records a user session, registers the session with the Horizon Recording Server, and uploads recording data.
These components are available for VMware Horizon 8 2306 and later. Installation files are available on VMware Customer Connect.
Horizon Recording Web Console
After you install the Horizon Recording Server (see the next section of this article), you can access the Horizon Recording web console at https://<localservername>:9443.
- Dashboard includes a list of recent recordings, the server, database, and folder where recordings are stored, and recording information such as start time, duration, size, and state. You can lock, unlock, and delete recordings.
- Recordings includes a list of all recordings with information such as name, launched resource, location, start and end dates, start time, duration, size, and state. You can lock, unlock, and delete recordings.
- Audit Trial tracks all user actions in the user interface.
Install the Horizon Recording Server
Install the Horizon Recording Server component on a machine to collect information about the session and raw recording data for storage and playback.
- A database for session information storage and configuration
- A Windows NTFS folder for recording storage
- A web service for collecting recording data, administration, and playback
You can deploy the Horizon Recording Server as a standalone setup where the server is installed on a machine that leverages a local SQLite database stored in the installation directory as local.db and a local NTFS folder.
You can also deploy the Horizon Recording Server in a high availability environment using multiple servers behind a load balancer, leveraging Microsoft SQL or PostgreSQL databases, and a shared NTFS folder on all servers for storing recording data. Load balancers configured with L4 load distribution are supported.
| Resource | Minimum Value |
|---|---|
| CPU | 4 vCPU |
| Memory | 8 GB |
| Free Disk Space | 20 GB
Note: This depends on the type of applications the user runs in the session and also the frame change rate. You must monitor usage and add extra disk space as required.
|
To install the Horizon Recording Server, perform the following steps.
- Download the HorizonRecordingServer.exe file and copy it to a local folder on the server.
- Run the installer and follow the steps. Default credentials are shown below.
User name/Password: administrator/Recording123
The server is now available through the Horizon Recording web console: https://<localservername>:9443 - Manually secure the recordings folder permissions so that only the recording server's active directory accounts have access to the folder to add, modify, or delete recordings.
- To uninstall the Horizon Recording Server, use Add Remove Programs (appwiz.cpl) to remove the Horizon Recording server binaries and then delete the following components manually:
- The local database file (local.db) in installation directory
- The logs located in C:\programdata\VMware\Horizon Recording
- Local recordings located in installation directory\Recordings
- To reset the installation:
- Stop the Horizon Recording service.
- Delete the Recordings folder from the installation directory.
- Delete the servicesettings.json file and the local.db file from the installation directory.
- Start the Horizon Recording service.
The servicesettings.json and local.db files are recreated afresh.
Requirements for the Horizon Recording Agent for Linux
- RHEL 8.x/9.x
- Rocky Linux 8.x/9.x
- RHEL/CentOS 7.9
- Ubuntu 20.04/22.04
- Debian 10.x/11.x
- SLED/SLES 15 SP4
Install the Horizon Recording Agent component on all Linux machines where you want to record sessions.
| Resource | Minimum Value (Single-session desktops/applications) | Minimum Value (Multi-session desktops/applications - 50 sessions) |
|---|---|---|
| CPU | 2 vCPU | 40 vCPU |
| Memory | 2 GB | 48 GB |
| Free Disk Space | 5 GB
Note: This depends on the type of applications the user runs in the session and the frame change rate. You must monitor usage and add extra disk space as required.
|
50 GB
Note: This depends on the type of applications the user runs in the session and the frame change rate. You must monitor usage and add extra disk space as required.
|
- Horizon 8 2306 or later
- Port 9443 allowed in the firewall inbound rules on the Horizon Recording Server
The installer for the Horizon Recording Agent for Linux is available in two different formats:
- Tarball installer
- RPM installer
Run the Tarball Installer for Horizon Recording Agent
- Install Horizon Agent on the Linux machine. See Install Horizon Agent on a Linux Virtual Machine.
- Download the Horizon Recording Agent tarball package to a local directory on the agent machine.
- Unpack the tarball.
tar zxvf Horizon.Recording.Linux.Agent-x.x.x.x.tar.gz
- Navigate to the tarball directory and run the appropriate installation command based on the type of resource pool that you plan to create from the agent machine.
Pool Type Command Instant-clone or full-clone pool
(Append the
-tparameter)sudo ./install.sh -u https://<Horizon Recording Server IP>:9443 -n <username> -p <password> -t
Manual pool
(Do not append the
-tparameter)sudo ./install.sh -u https://<Horizon Recording Server IP>:9443 -n <username> -p <password>
Note: The-tparameter ensures that all clones created from the machine will have the Horizon Recording Agent installed and configured. For a description of all the required and optional parameters that you can include in the installation command, see Installer Parameters for the Horizon Recording Agent.
Run the RPM Installer for Horizon Recording Agent
- Install Horizon Agent on the Linux machine. See Install Horizon Agent on a Linux Virtual Machine.
- Download the Horizon Recording Agent RPM package to a local directory on the agent machine.
- Run the command to install the RPM package.
sudo rpm -ivh ./HorizonRecording.Linux.Agent-x.x.x.x.rpm
- Locate rpminstall.sh in the /usr/lib/vmware/horizonrecording/ directory. Continue the installation and configuration process by running the appropriate installation command based on the type of resource pool that you plan to create from the agent machine.
Pool Type Command Instant-clone or full-clone pool
(Append the
-tparameter)sudo /usr/lib/vmware/horizonrecording/rpminstall.sh -u https://<Horizon Recording Server IP>:9443 -n <username> -p <password> -t
Manual pool
(Do not append the
-tparameter)sudo /usr/lib/vmware/horizonrecording/rpminstall.sh -u https://<Horizon Recording Server IP>:9443 -n <username> -p <password>
Note: The-tparameter ensures that all clones created from the machine will have the Horizon Recording Agent installed and configured. For a description of all the required and optional parameters that you can include in the installation command, see Installer Parameters for the Horizon Recording Agent.
Installer Parameters for the Horizon Recording Agent
These installer parameters apply to each of the following installer scripts:
- install.sh from the tarball package
- rpminstall.sh from the RPM package
| Required Parameter | Description |
|---|---|
| --uri -u |
The session recording url, including https://. |
| --username -n |
The user name for authenticating to the server. |
| --password -p |
The password for authenticating to the server. |
| Optional Parameter | Description |
|---|---|
| --help -h |
Display the help for using the installer script. |
| --trusted-ssl-certificate -s |
The trusted SSL certificate thumbprint. Examples of supported formats: 59 2C E2 BD 6F 44 09 7F BF 8C 0F DA 66 6A 1C 3C 38 90 BE 24 C8:E1:BD:B3:6F:22:E9:EA:60:35:19:D7:E0:F5:42:15:33:85:67:16 |
| --template -t |
Ensures that all instant clones or full clones created from the machine will have the Horizon Recording Agent installed and configured. |
Repair the Horizon Recording Agent Connection
You can perform the steps described in this section if you face one of the following scenarios:
- The Horizon Recording Agent loses its trusted connection with the Horizon Recording Server.
- The Horizon Recording Agent requires registration with a new Horizon Recording Server.
The following procedure re-registers the trusted connection between the Horizon Recording Agent and the Horizon Recording Server.
- On the agent machine, stop the horizonrecording.service daemon.
systemctl stop horizonrecording.service
- Run the appropriate registration command based on the type of resource pool created from the agent machine.
Pool Type Command Instant-clone or full-clone pool
(Append the
-tparameter)sudo /usr/lib/vmware/horizonrecording/Horizon.Recording.xAgent.worker -register -url="https://<Horizon Recording Server IP>:9443" -username=<username> -password=<password> -thumbprint="<Horizon Recording Server Certificate Thumbprint>" -t
Manual pool
(Do not append the-tparameter)sudo /usr/lib/vmware/horizonrecording/Horizon.Recording.xAgent.worker -register -url="https://<Horizon Recording Server IP>:9443" -username=<username> -password=<password> -thumbprint="<Horizon Recording Server Certificate Thumbprint>"
Note: For a description of all the required and optional parameters that you can include in the registration command, see Installer Parameters for the Horizon Recording Agent.
Horizon Recording Agent Logs
The Horizon Recording Agent saves activity logs to the /var/log/vmware/horizonrecording directory.
You can increase the logging detail by changing the minimum log level to "Trace".
- Modify the /usr/lib/vmware/horizonrecording/Nlog.config file as follows:
<logger name="*" minlevel="Trace" writeTo="ServiceLogging" />
- To make the changes take effect, restart the horizonrecording.service daemon.
systemctl restart horizonrecording.service
Upgrade the Horizon Recording Server
- Confirm that there are no active recordings.
- Create a backup of the Recordings folder, the servicesettings.json file, and the local.db (if you are using SQLite for the database).
To upgrade the Horizon Recording Server, perform the following steps.
- Download the HorizonRecordingServer.exe file.
- Copy the HorizonRecordingServer.exe file to a local folder on the server.
- Run HorizonRecordingServer.exe.
- By default, the server is upgraded in the same C:\Program Files\VMware\Desktop Recording Server folder.
- If you change the upgrade location to a new folder, the configuration is not retained, and is treated as a fresh installation. As a result, you cannot access or play back the old recordings from the web console after the upgrade.
- If you do not change the default location, then all the configurations are retained, and you can access and play back the recordings from the web console after the upgrade.
- After the upgrade, the log location for the server changes to a new C:\ProgramData\VMware\Horizon Recording folder. The old logs are still available in C:\ProgramData\VMware\Horizon Desktop Recording.
Upgrade the Horizon Recording Agent
Before upgrading the Horizon Recording Agent, confirm that there are no active recordings on the agent.
To upgrade the Horizon Recording Agent, follow the procedure for your installer type.
To upgrade Horizon Recording Agent using the tarball installer
- Download and run the tarball installer for the new version of Horizon Recording Agent. For detailed instructions, see Run the Tarball Installer for Horizon Recording Agent.
- Restart the agent machine to apply the changes.
To upgrade Horizon Recording Agent using the RPM installer
- Download the RPM installer package for the new version of Horizon Recording Agent and save the installer to a local directory on the agent machine.
- Run the command to install the RPM package in upgrade mode.
sudo rpm -Uvh HorizonRecording.Linux.Agent-x.x.x.x.rpm
- Restart the agent machine to apply the changes.
Uninstall the Horizon Recording Agent
If you need to remove the Horizon Recording Agent from the agent machine, use the applicable uninstallation command.
- Tarball installer:
sudo /usr/lib/vmware/horizonrecording/uninstall.sh
- RPM installer:
sudo rpm -e HorizonRecording.Linux.Agent-x.x.x.x
