RDP Session Recording is managed entirely through your Gateway's console under the "Remote Access" section in the Gateway settings. These sessions generate video recordings that can be uploaded to either AWS S3 or Azure Blob Storage for secure storage or can be saved locally.

Session Recording

SRA supports the recording of RDP sessions. You can choose to store RDP Session Recordings by clicking "Remote Access" -> "Session Recording" -> "RDP Recordings", clicking the slider to Enable, and then choosing the location to keep the recordings of those sessions.

RDP sessions provide video recordings that can be saved to AWS S3 buckets, Azure Blob storage, or locally. To work with session recording for RDP, provide the following settings to upload your recording to an S3 bucket or to an Azure Blob storage.

Storage Options

Here are the options for storing RDP recordings:

Local

Local session recordings will be stored inside the SRA server under /home/akeyless/recordings.

AWS S3

When storing RDP session recordings in AWS S3, the user can choose between two authentication methods:

Use Gateway Identity

With this option, the system uses the Gateway’s instance identity (such as an IAM Role) to authenticate with AWS. The user needs to provide the following details:

Region (required): The AWS region where the S3 bucket is located.
Bucket Name: The name of the S3 bucket where the recordings will be uploaded.
Bucket Prefix: A folder structure within the bucket to organize the recordings.

Provide Credentials

With this option, the user provides explicit AWS credentials for authentication. The following details are required:

AWS Access Key ID (required): The access key ID for AWS authentication.
AWS Secret Access Key (required): The corresponding secret access key for the provided access key ID.
Region (required): The AWS region where the S3 bucket is located.
Bucket Name: The name of the S3 bucket where the recordings will be stored.
Bucket Prefix: A folder structure within the bucket to organize the recordings.

Azure Blob Storage

For storing RDP session recordings in Azure Blob Storage, the user can also select between two options:

Use Gateway Identity

This option allows the system to use the Gateway’s identity (such as Managed Identity) for authentication with Azure. The user must provide the following details:

Storage Account Name (required) The name of the Azure Storage account where the recordings will be uploaded.
Storage Container Name (required): The container within the storage account where recordings will be saved.

Provide Credentials

With this option, the user provides explicit credentials for Azure authentication. The following details are required:

Azure Client ID (required): The client ID used for Azure authentication.
Azure Client Secret (required): The corresponding secret key for the provided client ID.
Azure Tenant ID (required): The tenant ID associated with the Azure account.
Storage Account Name: The name of the Azure Storage account where the recordings will be uploaded.
Storage Container Name: The container within the storage account where recordings will be saved.

This can also be done via the CLI:

akeyless gateway update remote-access-rdp-recording \
--rdp-session-recording true \
--rdp-session-storage aws \
--gateway-url https://<your-gateway-url>:8000 \
--aws-storage-region <your-region> \
--aws-storage-bucket-name <s3-bucket-name> \
--aws-storage-bucket-prefix <s3-bucket-prefix> \
--aws-storage-access-key-id <optional-explicit-key-id> \
--aws-storage-secret-access-key <optional-explicit-access-key>

akeyless gateway update remote-access-rdp-recording \
--rdp-session-recording true \
--rdp-session-storage azure \
--gateway-url https://<your-gateway-url>:8000 \
--azure-storage-account-name <your-storage-account-name> \
--azure-storage-container-name <your-storage-container-name> \
--azure-storage-client-id  <optional-client-id> \
--azure-storage-client-secret <optional-client-secret> \
--azure-storage-tenant-id <optional-tenant-id> \

akeyless gateway update remote-access-rdp-recording \
--rdp-session-recording true \
--rdp-session-storage local \