Smart Auditor 1.3 Installation and Configuration_1118
-
Upload
phanikumar-murala -
Category
Documents
-
view
220 -
download
0
Transcript of Smart Auditor 1.3 Installation and Configuration_1118
-
8/12/2019 Smart Auditor 1.3 Installation and Configuration_1118
1/22
WHITE PAPER | XenApp 6
www.citrix.com
Smart Auditor 1.3 Installation
and Configuration
XenApp6
-
8/12/2019 Smart Auditor 1.3 Installation and Configuration_1118
2/22
2
Table of ContentsSmart Auditor Overview........................................... ................................................ ........................................ ...........3
Components ......................................... ............................................... ........................................ ...........................3
Communication ............................................ ................................................ ....................................... ...................3
Deployment Notes ........................................................... ...................................... ................................................ .3
Provisioning and Cloning ................................................................... ............................................... .......................3
Installation ....................................... ................................................ ......................................... .................................4
System Requirements ................................. ............................................... ................................................ .............4
SmartAuditor Database ........................................... ................................................ ......................................... ...4
SmartAuditor Server ......................................... ................................................ ........................................ ...........4
SmartAuditor Policy Console ......................... ....................................... ................................................ ................4
SmartAuditor Agent.......................................... ................................................ ........................................ ...........4
SmartAuditor Player ................................ ............................................... ............................................... ..............5
Installation Components ............................................. .................................................. ....................................... ...5
Database Installation ................................ .............................................. ............................................... ..............5
SmartAuditor Server Installation .............................................. ............................................... .............................7
SmartAuditor Agent.......................................... ................................................ ........................................ ......... 11
SmartAuditor Player ............................... ....................................... ............................................... ..................... 12
Configuration ............... ............................................... ........................................ ............................................... ...... 14
Appendix ASecuring with SSL/HTTPS ..................................................... ........................................... ...................... 15
Appendix BSmart Auditor Player Error .......................................... ............................................... ........................... 19
Appendix CCreating Policies...................................................................... ............................................... .............. 20
-
8/12/2019 Smart Auditor 1.3 Installation and Configuration_1118
3/22
3
Smart Auditor OverviewThis guide is to assist in setting up a Smart Auditor 1.3 deployment with XenApp 6. It is assumed you have a running SQL
2008 Server and XenApp 6 server already running. Four servers and one workstation are used in this guide.
1. DC1.jc.lab Domain Controller and Certificate Authority
2. SQL.jc.lab 2008 SQL Server SP2
3. XA6.jc.lab XA6
4.
SA.jc.lab Smart Auditor Server5. W7.jc.lab Windows 7 Workstation running Online Plugin and Smart Auditor Player
All servers in this guide are running Windows Server 2008 R2.
Components
SmartAuditor AgentA component installed on each XenApp server to enable recording. Responsible for recording
session data
SmartAuditor ServerA server that hosts
o The brokerAn IIS hosted Web Application that handles the search queries and file download requests from
the SmartAuditor player, handles policy administration requests from the SmartAuditor Policy Console, and
evaluates recording policies
o The Storage ManagerA windows service that manages the recorded session files received from each
SmartAuditor-enabled computer running XenApp.
Communication
Communication between SmartAuditor components is achieved through IIS and Microsoft Message Queuing (MSMQ).
IIS provides the web services communication link between each SmartAuditor component. MSMQ provides a reliable
data transport mechanism for sending recorded session data from the SmartAuditor Agent to the SmartAuditor server.
Deployment Notes
Configure server certificates for SSL/HTTPSSQL server requires TCP/IP to be enabled and SQL Server Browser service to be running and Windows
Authentication.
It is recommended to disable session sharing when using SmartAuditor because session sharing for published
applications can conflict with active policies. SmartAuditor matches the active policy with the first published
application that a user opens.
Provisioning and Cloning
If you are planning to use provisioning services with XenApp you must prepare the server with the XenApp Server
Configuration Tool. This tool is included with the installation media, but there is an updated version of the tool that can
be downloaded fromhttp://support.citrix.com/article/ctx124981. This tool will prepare MSMQ to be unique for eachXenApp server so there are no problems with the Message Queuing service.
XenApp 5 can use the XenApp prep tool to configure the server for provisioning and cloning.
Note: Failure to do this step could result in recordings being lost.
http://support.citrix.com/article/ctx124981http://support.citrix.com/article/ctx124981http://support.citrix.com/article/ctx124981http://support.citrix.com/article/ctx124981 -
8/12/2019 Smart Auditor 1.3 Installation and Configuration_1118
4/22
4
InstallationSmartAuditor supports multiple configurations. All administration components can be instal led on one server if desired
This guide wi ll use four servers and one workstation consisting of a SQL server, SmartAuditor Admin server, a XenApp 6
server and a Windows 7 workstation.
System Requirements
SmartAuditor Database
Supported Operating Systems:
Micros oft Windows Server 2008 R2
Micros oft Windows Server 2003 with Service Pack 2
Micros oft Windows 2000 with Service Pack 4
Requirements:
Micros oft SQL Server 2008 (Enterprise and Express )
Micros oft SQL Server 2005 (Enterprise and Express with Service Pack 2)
.NET Framework 3.5
SmartAuditor Server
Supported Operating Systems:
Micros oft Windows Server 2008 R2
Requirements:
.NET Framework Version 3.5
Micros oft Mess age Queuing (MSMQ), with Active Directory i ntegration dis abled, and MSMQ HTTP s upport enabled
SmartAuditor Policy Console
Supported Operating Systems:
Micros oft Windows Server 2008 R2
Microsoft Windows 7
Microsoft Windows Vista
Requirements:
Install the Micros oft IIS Management Console manual ly before instal ling the Smart Auditor Poli cy Console
Micros oft IIS Management Console
SmartAuditor AgentSupported Operating Systems
Windows Server 2008 R2 XenApp Server
Requirements:
XenApp 6 Pl atinum
.NET Framework 3.5
-
8/12/2019 Smart Auditor 1.3 Installation and Configuration_1118
5/22
5
Micros oft Mess age Queuing (MSMQ), with Active Directory i ntegration dis abled, and MSMQ HTTP support enabled.
SmartAuditor Player
Supported Operating Systems
Microsoft Windows XP
Microsoft Windows Vista
Microsoft Windows 7
Installation Components
1. SmartAuditor AdministrationThe SmartAuditor administration components are the SmartAuditor Database,
SmartAuditor Server, and SmartAuditor Policy Console.
2. SmartAuditor Agent for Citrix XenAppThe SmartAuditor Agent must be installed on a server running XenApp
3. SmartAuditor PlayerThe SmartAuditor Player is installed on one or more workstations for users who view
session recordings.
Database Installation
In this case the database installation will be installed on a 2008 SQL Server SP2 running on Windows Server 2008 R2.
Launch the SmartAuditor Administration setup. On the Select Features screen deselect Citrix SmartAuditor Policy
Console and Citrix SmartAuditor Server. The only component needed is Citrix SmartAuditor Database.
On the Database Configuration screen you must enter the account that will access the database and the Database
Instance.
-
8/12/2019 Smart Auditor 1.3 Installation and Configuration_1118
6/22
6
The accessing user account is the name of the SmartAuditor server. This should be in the format as shown in the
installer window domain\$. In this case, the SmartAuditor server will be SA$ and the database is the
hostname of the SQL Server. You could also enter localhost. If a named instance is used, the Database instance should
be in the format hostname\instance-name.
The installation will create the new SmartAuditor database and add the machine account as DB_OWNER.
Domain\machine$ of
Smart Auditor Broker
SQL Server Hostname
-
8/12/2019 Smart Auditor 1.3 Installation and Configuration_1118
7/22
-
8/12/2019 Smart Auditor 1.3 Installation and Configuration_1118
8/22
8
Application Development:
ASP.NET (more components will be automatical ly select, click add required roles to accept)
Security:
Windows Authentication
Management Tools:
IIS 6 Management Compatibi lity
o IIS 6 Metabase Compatibility
o IIS 6 WMI Compatibili ty
o IIS 6 Scripting Tools
o IIS 6 Management Consol e
Roles Application Server
Application server is needed to install the .NET Framework. Select .NET Framework 3.5.1
Features
MSMQ
In addition to the IIS role you must install the Message Queuing Feature. Using Server Manager you must add the MSMQ
Feature with the following options:
-
8/12/2019 Smart Auditor 1.3 Installation and Configuration_1118
9/22
9
Message Queuing
Message Queuing Server
HTTP Support
You will once again be prompted for additional requirements, accept additional requirements to continue.
Once the prerequisites are installed you can launch the SmartAuditor installation. In this case you will deselect CitrixSmartAuditor Database from the installation wizard.
-
8/12/2019 Smart Auditor 1.3 Installation and Configuration_1118
10/22
10
On the next screen the database instance is the name of your SQL server. If you are using a named instance you must
enter hostname\instance-name.
SQL Server Hostname
-
8/12/2019 Smart Auditor 1.3 Installation and Configuration_1118
11/22
11
SmartAuditor Agent
The SmartAuditor Agent should be installed on XenApp servers that you wish to record sessions. You must first install
.NET Framework 3.5 and MSMQ on the XenApp Server. Use the Server Manager to add MSMQ. .NET Framework should
already be installed from the XenApp installation. The agent wil l be installed on XA6.
Launch the installation wizard and enter the host name of the Smart Auditor server.
Note: You must launch the agent install from the XA6 install wizard rather than browsing for the MSI file direct .
The default installation of SmartAuditor uses HTTPS/SSL to secure communications. At this point SSL is not configured.
To use HTTP, you must deselect SSL in the IIS Management Console.
Open the IIS Management Console and navigate to the SmartAuditorBroker site. Open the SSL settings and uncheck the
box for Require SSL
Later in this guide a Server Certificate will be created to secure traffic is SSL.
-
8/12/2019 Smart Auditor 1.3 Installation and Configuration_1118
12/22
12
Open the SmartAuditor Agent properties from the Start Menu and click the Connections tab. Ve rify the SmartAuditor
Server name is correct and change the SmartAuditor Broker Protocol to HTTP.
SmartAuditor Player
The SmartAuditor Player can be installed on the SmartAuditor server or another workstation in the domain. In this case
the player will be installed on a Windows 7 workstation.
There are no special configurations to install the SmartAuditor player. Click through the wizard until the installation
completes. Once the installation is complete, configure the player to point to the SmartAuditor Server.
Launch the SmartAuditor Player. Select Tools > Options. On the connections tab, enter the hostname for the
SmartAuditor Server and the desired protocol. By default SmartAuditor is configured to use HTTPS/SSL to secure
communications. At this point there is no Certificate so you must select HTTP. The site should already be configured for
HTTP at this point. Later in the guide we will configure server certificates.
Click on the Binoculars to search for recorded and/or live sessions.
-
8/12/2019 Smart Auditor 1.3 Installation and Configuration_1118
13/22
13
If you receive the following error it is because you did not grant access rights to view recordings:
Open the SmartAuditor Authorization Console on the SmartAuditor Server. Right click on the Player under Role
Assignments and add your Active Directory Account.
Once added you should see your users/groups populated.
Connect back to your SmartAuditor Player and click the binoculars again. You will now be able to view session
recordings.
-
8/12/2019 Smart Auditor 1.3 Installation and Configuration_1118
14/22
14
ConfigurationTo start using SmartAuditor you have to configure a policy. SmartAuditor uses one active policy. Open the SmartAudito
Policy Console on the SmartAuditor Server. Enter the Hostname and Protocol for the SmartAuditor Server. At this point
we are stil l using HTTP for the protocol.
Right click the policy Record everyone with notification to active this policy.
Launch a published application to the XenApp server. You should receive the following notification:
You wil l now see a live session in the SmartAuditor Player.
-
8/12/2019 Smart Auditor 1.3 Installation and Configuration_1118
15/22
15
Appendix A Securing with SSL/HTTPSIn most cases it wil l be desired to secure the IIS and MSMQ traffic for security reasons. This example will use IIS to
generate a server certificate that will be sent to the domain controller/certificate authority for signing.
Generate the Server Certificate Request
To generate the Server Certificate open the IIS Management Console on the Smart Auditor Server. Click the server name
in the left column.
Double click on Server Certificates.
Under Actions select Create Certificate Request
Use the wizard to create the signing request. The common name should be the FQDN of the Smart Auditor server.
-
8/12/2019 Smart Auditor 1.3 Installation and Configuration_1118
16/22
16
Click next and use the defaults and then save the certrequest.txt to the local file system. Open the cert request with
notepad and copy the text.
Open your browser and point to your Certificate Authority. In this case it ishttp://dc1/certsrv.
1. Click Request a Certificate
2. Click Advanced Certificate Request
3. Click Submit a certificate request by using a base-64-encoded CMC or PKCS #10 file, or submit a renewal request
by using a base-64-encoded PKCS #7 file
4. Paste the certificate request data into the text field
5. Set Certificate Template to Web Server and submit
6. Download the certificate
Go back to the IIS Management Console and select Complete Certificate Request. Use the certificate that was just
downloaded to the local file system. Enter whatever you wish for the friendly name.
Now that the cert is installed, the binding must be created in the IIS Management Console. Click on the Default WebSite and then click on Bindings in the Actions column.
Click on Add and select https. Select the certificate that was just created by looking at the friendly name.
http://dc1/certsrvhttp://dc1/certsrvhttp://dc1/certsrv -
8/12/2019 Smart Auditor 1.3 Installation and Configuration_1118
17/22
17
There should now be two bindings present.
You can now re-enable the setting to require SSL on the Default Website or the Smart Auditor Website.
Launch the Smart Auditor Policy Console again and select HTTPS this time.
-
8/12/2019 Smart Auditor 1.3 Installation and Configuration_1118
18/22
18
Go back to the XenApp server and open the Smart Auditor Agent properties. Change the Smart Auditor Broker protocol
and Message Queuing to HTTPS. Be sure to use the FQDN of the Smart Auditor Broker.
The service wil l restart after making the change.
The Smart Auditor Player should also be configured to use HTTPS at this point. Start a new session and open the Smart
Auditor Player to verify that the recordings are working.
-
8/12/2019 Smart Auditor 1.3 Installation and Configuration_1118
19/22
19
Appendix B Smart Auditor Player ErrorIf you attempt to play a recording from the Smart Auditor Player and get the following error:
You must configure the Smart Auditor Player to accept new client versions. This can be done by editing the following
configuration file.
C:\Program Files\Citrix\Smart Auditor\Player\bin\SmartAudPlayer.exe.config.
There are settings for different client. In this case, just change the windows client to a higher version.
This will allow sessions recorded from the 12.1 plugin to be play ed. You can increase this value to whatever you like.
-
8/12/2019 Smart Auditor 1.3 Installation and Configuration_1118
20/22
20
Appendix C Creating PoliciesYou may decide that the generic policy to record everything does not fit your organization or requirements well. Polices
can be configured based on users, servers, and applications.
To create a new recording policy, open the Smart Auditor Policy Console.
1. Right click on Recording Policies and select Add New Policy
2. Right click on New policy and click on Add New Rule
3.
Select Enable Session Recording with Notification and click Next
4. Check the box for Publ ished Applications and then click the hyperlink for Select Published Applications
-
8/12/2019 Smart Auditor 1.3 Installation and Configuration_1118
21/22
21
5. Click on Farms and the click on Add Farms
6. Enter the server name of any XenApp 6 server, in this case (XA6)
7. Click on Connect. The farm should be enumerated
8. Click close and then you should see a list of published applications
9.
Add Notepad from the list of applications
-
8/12/2019 Smart Auditor 1.3 Installation and Configuration_1118
22/22
22
10. Click OK and then click Finish
11. Right click on the policy and select Activate. You can also rename the policy if desired.
12. Test again by launching a published notepad
Note: A policy can contain many rules, but there can only be one active policy running at a time.