Smart Auditor 1.3 Installation and Configuration_1118

8/12/2019 Smart Auditor 1.3 Installation and Configuration_1118

1/22

WHITE PAPER | XenApp 6

www.citrix.com

Smart Auditor 1.3 Installation

and Configuration

XenApp6


2/22

2

Table of ContentsSmart Auditor Overview........................................... ................................................ ........................................ ...........3

Components ......................................... ............................................... ........................................ ...........................3

Communication ............................................ ................................................ ....................................... ...................3

Deployment Notes ........................................................... ...................................... ................................................ .3

Provisioning and Cloning ................................................................... ............................................... .......................3

Installation ....................................... ................................................ ......................................... .................................4

System Requirements ................................. ............................................... ................................................ .............4

SmartAuditor Database ........................................... ................................................ ......................................... ...4

SmartAuditor Server ......................................... ................................................ ........................................ ...........4

SmartAuditor Policy Console ......................... ....................................... ................................................ ................4

SmartAuditor Agent.......................................... ................................................ ........................................ ...........4

SmartAuditor Player ................................ ............................................... ............................................... ..............5

Installation Components ............................................. .................................................. ....................................... ...5

Database Installation ................................ .............................................. ............................................... ..............5

SmartAuditor Server Installation .............................................. ............................................... .............................7

SmartAuditor Agent.......................................... ................................................ ........................................ ......... 11

SmartAuditor Player ............................... ....................................... ............................................... ..................... 12

Configuration ............... ............................................... ........................................ ............................................... ...... 14

Appendix ASecuring with SSL/HTTPS ..................................................... ........................................... ...................... 15

Appendix BSmart Auditor Player Error .......................................... ............................................... ........................... 19

Appendix CCreating Policies...................................................................... ............................................... .............. 20


3/22

3

Smart Auditor OverviewThis guide is to assist in setting up a Smart Auditor 1.3 deployment with XenApp 6. It is assumed you have a running SQL

2008 Server and XenApp 6 server already running. Four servers and one workstation are used in this guide.

1. DC1.jc.lab Domain Controller and Certificate Authority

2. SQL.jc.lab 2008 SQL Server SP2

3. XA6.jc.lab XA6

4.

SA.jc.lab Smart Auditor Server5. W7.jc.lab Windows 7 Workstation running Online Plugin and Smart Auditor Player

All servers in this guide are running Windows Server 2008 R2.

Components

SmartAuditor AgentA component installed on each XenApp server to enable recording. Responsible for recording

session data

SmartAuditor ServerA server that hosts

o The brokerAn IIS hosted Web Application that handles the search queries and file download requests from

the SmartAuditor player, handles policy administration requests from the SmartAuditor Policy Console, and

evaluates recording policies

o The Storage ManagerA windows service that manages the recorded session files received from each

SmartAuditor-enabled computer running XenApp.

Communication

Communication between SmartAuditor components is achieved through IIS and Microsoft Message Queuing (MSMQ).

IIS provides the web services communication link between each SmartAuditor component. MSMQ provides a reliable

data transport mechanism for sending recorded session data from the SmartAuditor Agent to the SmartAuditor server.

Deployment Notes

Configure server certificates for SSL/HTTPSSQL server requires TCP/IP to be enabled and SQL Server Browser service to be running and Windows

Authentication.

It is recommended to disable session sharing when using SmartAuditor because session sharing for published

applications can conflict with active policies. SmartAuditor matches the active policy with the first published

application that a user opens.

Provisioning and Cloning

If you are planning to use provisioning services with XenApp you must prepare the server with the XenApp Server

Configuration Tool. This tool is included with the installation media, but there is an updated version of the tool that can

be downloaded fromhttp://support.citrix.com/article/ctx124981. This tool will prepare MSMQ to be unique for eachXenApp server so there are no problems with the Message Queuing service.

XenApp 5 can use the XenApp prep tool to configure the server for provisioning and cloning.

Note: Failure to do this step could result in recordings being lost.
http://support.citrix.com/article/ctx124981http://support.citrix.com/article/ctx124981http://support.citrix.com/article/ctx124981http://support.citrix.com/article/ctx124981


4/22

4

InstallationSmartAuditor supports multiple configurations. All administration components can be instal led on one server if desired

This guide wi ll use four servers and one workstation consisting of a SQL server, SmartAuditor Admin server, a XenApp 6

server and a Windows 7 workstation.

System Requirements

SmartAuditor Database

Supported Operating Systems:

Micros oft Windows Server 2008 R2

Micros oft Windows Server 2003 with Service Pack 2

Micros oft Windows 2000 with Service Pack 4

Requirements:

Micros oft SQL Server 2008 (Enterprise and Express )

Micros oft SQL Server 2005 (Enterprise and Express with Service Pack 2)

.NET Framework 3.5

SmartAuditor Server



Requirements:

.NET Framework Version 3.5

Micros oft Mess age Queuing (MSMQ), with Active Directory i ntegration dis abled, and MSMQ HTTP s upport enabled

SmartAuditor Policy Console



Microsoft Windows 7

Microsoft Windows Vista

Requirements:

Install the Micros oft IIS Management Console manual ly before instal ling the Smart Auditor Poli cy Console

Micros oft IIS Management Console

SmartAuditor AgentSupported Operating Systems

Windows Server 2008 R2 XenApp Server

Requirements:

XenApp 6 Pl atinum

.NET Framework 3.5


5/22

5

Micros oft Mess age Queuing (MSMQ), with Active Directory i ntegration dis abled, and MSMQ HTTP support enabled.

SmartAuditor Player

Supported Operating Systems

Microsoft Windows XP

Microsoft Windows Vista

Microsoft Windows 7

Installation Components

1. SmartAuditor AdministrationThe SmartAuditor administration components are the SmartAuditor Database,

SmartAuditor Server, and SmartAuditor Policy Console.

2. SmartAuditor Agent for Citrix XenAppThe SmartAuditor Agent must be installed on a server running XenApp

3. SmartAuditor PlayerThe SmartAuditor Player is installed on one or more workstations for users who view

session recordings.

Database Installation

In this case the database installation will be installed on a 2008 SQL Server SP2 running on Windows Server 2008 R2.

Launch the SmartAuditor Administration setup. On the Select Features screen deselect Citrix SmartAuditor Policy

Console and Citrix SmartAuditor Server. The only component needed is Citrix SmartAuditor Database.

On the Database Configuration screen you must enter the account that will access the database and the Database

Instance.


6/22

6

The accessing user account is the name of the SmartAuditor server. This should be in the format as shown in the

installer window domain\$. In this case, the SmartAuditor server will be SA$ and the database is the

hostname of the SQL Server. You could also enter localhost. If a named instance is used, the Database instance should

be in the format hostname\instance-name.

The installation will create the new SmartAuditor database and add the machine account as DB_OWNER.

Domain\machine$ of

Smart Auditor Broker

SQL Server Hostname


7/22


8/22

8

Application Development:

ASP.NET (more components will be automatical ly select, click add required roles to accept)

Security:

Windows Authentication

Management Tools:

IIS 6 Management Compatibi lity

o IIS 6 Metabase Compatibility

o IIS 6 WMI Compatibili ty

o IIS 6 Scripting Tools

o IIS 6 Management Consol e

Roles Application Server

Application server is needed to install the .NET Framework. Select .NET Framework 3.5.1

Features

MSMQ

In addition to the IIS role you must install the Message Queuing Feature. Using Server Manager you must add the MSMQ

Feature with the following options:


9/22

9

Message Queuing

Message Queuing Server

HTTP Support

You will once again be prompted for additional requirements, accept additional requirements to continue.

Once the prerequisites are installed you can launch the SmartAuditor installation. In this case you will deselect CitrixSmartAuditor Database from the installation wizard.


10/22

10

On the next screen the database instance is the name of your SQL server. If you are using a named instance you must

enter hostname\instance-name.

SQL Server Hostname


11/22

11

SmartAuditor Agent

The SmartAuditor Agent should be installed on XenApp servers that you wish to record sessions. You must first install

.NET Framework 3.5 and MSMQ on the XenApp Server. Use the Server Manager to add MSMQ. .NET Framework should

already be installed from the XenApp installation. The agent wil l be installed on XA6.

Launch the installation wizard and enter the host name of the Smart Auditor server.

Note: You must launch the agent install from the XA6 install wizard rather than browsing for the MSI file direct .

The default installation of SmartAuditor uses HTTPS/SSL to secure communications. At this point SSL is not configured.

To use HTTP, you must deselect SSL in the IIS Management Console.

Open the IIS Management Console and navigate to the SmartAuditorBroker site. Open the SSL settings and uncheck the

box for Require SSL

Later in this guide a Server Certificate will be created to secure traffic is SSL.


12/22

12

Open the SmartAuditor Agent properties from the Start Menu and click the Connections tab. Ve rify the SmartAuditor

Server name is correct and change the SmartAuditor Broker Protocol to HTTP.

SmartAuditor Player

The SmartAuditor Player can be installed on the SmartAuditor server or another workstation in the domain. In this case

the player will be installed on a Windows 7 workstation.

There are no special configurations to install the SmartAuditor player. Click through the wizard until the installation

completes. Once the installation is complete, configure the player to point to the SmartAuditor Server.

Launch the SmartAuditor Player. Select Tools > Options. On the connections tab, enter the hostname for the

SmartAuditor Server and the desired protocol. By default SmartAuditor is configured to use HTTPS/SSL to secure

communications. At this point there is no Certificate so you must select HTTP. The site should already be configured for

HTTP at this point. Later in the guide we will configure server certificates.

Click on the Binoculars to search for recorded and/or live sessions.


13/22

13

If you receive the following error it is because you did not grant access rights to view recordings:

Open the SmartAuditor Authorization Console on the SmartAuditor Server. Right click on the Player under Role

Assignments and add your Active Directory Account.

Once added you should see your users/groups populated.

Connect back to your SmartAuditor Player and click the binoculars again. You will now be able to view session

recordings.


14/22

14

ConfigurationTo start using SmartAuditor you have to configure a policy. SmartAuditor uses one active policy. Open the SmartAudito

Policy Console on the SmartAuditor Server. Enter the Hostname and Protocol for the SmartAuditor Server. At this point

we are stil l using HTTP for the protocol.

Right click the policy Record everyone with notification to active this policy.

Launch a published application to the XenApp server. You should receive the following notification:

You wil l now see a live session in the SmartAuditor Player.


15/22

15

Appendix A Securing with SSL/HTTPSIn most cases it wil l be desired to secure the IIS and MSMQ traffic for security reasons. This example will use IIS to

generate a server certificate that will be sent to the domain controller/certificate authority for signing.

Generate the Server Certificate Request

To generate the Server Certificate open the IIS Management Console on the Smart Auditor Server. Click the server name

in the left column.

Double click on Server Certificates.

Under Actions select Create Certificate Request

Use the wizard to create the signing request. The common name should be the FQDN of the Smart Auditor server.


16/22

16

Click next and use the defaults and then save the certrequest.txt to the local file system. Open the cert request with

notepad and copy the text.

Open your browser and point to your Certificate Authority. In this case it ishttp://dc1/certsrv.

1. Click Request a Certificate

2. Click Advanced Certificate Request

3. Click Submit a certificate request by using a base-64-encoded CMC or PKCS #10 file, or submit a renewal request

by using a base-64-encoded PKCS #7 file

4. Paste the certificate request data into the text field

5. Set Certificate Template to Web Server and submit

6. Download the certificate

Go back to the IIS Management Console and select Complete Certificate Request. Use the certificate that was just

downloaded to the local file system. Enter whatever you wish for the friendly name.

Now that the cert is installed, the binding must be created in the IIS Management Console. Click on the Default WebSite and then click on Bindings in the Actions column.

Click on Add and select https. Select the certificate that was just created by looking at the friendly name.
http://dc1/certsrvhttp://dc1/certsrvhttp://dc1/certsrv


17/22

17

There should now be two bindings present.

You can now re-enable the setting to require SSL on the Default Website or the Smart Auditor Website.

Launch the Smart Auditor Policy Console again and select HTTPS this time.


18/22

18

Go back to the XenApp server and open the Smart Auditor Agent properties. Change the Smart Auditor Broker protocol

and Message Queuing to HTTPS. Be sure to use the FQDN of the Smart Auditor Broker.

The service wil l restart after making the change.

The Smart Auditor Player should also be configured to use HTTPS at this point. Start a new session and open the Smart

Auditor Player to verify that the recordings are working.


19/22

19

Appendix B Smart Auditor Player ErrorIf you attempt to play a recording from the Smart Auditor Player and get the following error:

You must configure the Smart Auditor Player to accept new client versions. This can be done by editing the following

configuration file.

C:\Program Files\Citrix\Smart Auditor\Player\bin\SmartAudPlayer.exe.config.

There are settings for different client. In this case, just change the windows client to a higher version.

This will allow sessions recorded from the 12.1 plugin to be play ed. You can increase this value to whatever you like.


20/22

20

Appendix C Creating PoliciesYou may decide that the generic policy to record everything does not fit your organization or requirements well. Polices

can be configured based on users, servers, and applications.

To create a new recording policy, open the Smart Auditor Policy Console.

1. Right click on Recording Policies and select Add New Policy

2. Right click on New policy and click on Add New Rule

3.

Select Enable Session Recording with Notification and click Next

4. Check the box for Publ ished Applications and then click the hyperlink for Select Published Applications


21/22

21

5. Click on Farms and the click on Add Farms

6. Enter the server name of any XenApp 6 server, in this case (XA6)

7. Click on Connect. The farm should be enumerated

8. Click close and then you should see a list of published applications

9.

Add Notepad from the list of applications


22/22

22

10. Click OK and then click Finish

11. Right click on the policy and select Activate. You can also rename the policy if desired.

12. Test again by launching a published notepad

Note: A policy can contain many rules, but there can only be one active policy running at a time.

Documents

Smart Auditor 1.3 Installation and Configuration_1118