This is a guest blog post from Shane Kleinert, EUC Practice Co-Lead at Choice Solutions, and was co-authored by Leon Feng, Product Manager (Citrix Session Recording) at Citrix, and Charlotte Kummer, VP of Marketing at Automai.

In today’s fast-paced call-center environments, agents constantly juggle multiple tasks, switching among different systems and dealing with distractions from mobile devices and other platforms. Agents must context switch to keep up with efficiency requirements, and this pace can lead to neglect of critical tasks, such as pausing and resuming recording sessions while handling sensitive payment information. That can lead to major compliance risks.

This blog post is about a real-world customer challenge involving this exact scenario and the journey to developing and implementing an automated solution. Manual pause/resume in recordings is prone to human errors, and that’s why organizations have been searching for an automated approach to ensure consistent compliance.

I worked with colleagues from Citrix and Automai Corp. to create this much-needed solution that can benefit anyone using Citrix Session Recording. Automai is a Citrix Ready Partner and has made robotic automation solutions since 2005. It offers the only platform that serves up performance testing, functional testing, monitoring and RPA with a robotic engine. My company, Choice Solutions, is a Citrix Platinum Partner focused on end-user computing, and we provide design, implementation, and operational services for companies of all sizes. I’ve also been in the Citrix Technology Program (CTP) program for almost eight years, and one key benefit is direct access to product leadership and being able to provide product insights and help translate needs from the field directly into actual product features.

Let’s look at how we took insights from the field and developed an automated solution that met the needs of a customer and made Citrix Session Recording an even more powerful tool.


“Citrix is investing in our tech ecosystem to provide trusted solutions for our customers. This innovative solution from Citrix Technology Professional (CTP) Shane Kleinert describing why and how to configure the Automai Nanobot with Citrix Session Recording to provide efficiency and compliance for a customer is a great example. Citrix, a CTP from a platinum partner, and a Citrix Ready partner all collaborating to solve real business and IT challenges.”

— Chris Fleck VP Product, Tech Ecosystems and Verticals.


The Problem

A few years back, I was working on a Citrix call center deployment for a major customer. They had recently decided to deploy nearly 1,000 virtual desktops to support a rapidly expanding call center with reservations agents all over South America. Their call management system consisted of Calabrio Call Recording suite, which was deeply integrated with Cisco Call Manager.

A major feature of Calabrio Call Recording is the ability to record both screen and voice for all inbound and outbound calls for configured users. This use case focused on reservations agents who were taking credit card numbers, addresses, and other personal information over the phone and entering them in the system. As you can imagine, PCI compliance was a great concern, and recordings could not contain credit card numbers and other private information.

Calabrio has built-in technology that detects sensitive windows and will attempt to auto-pause the recordings when these windows are active. Per the customer’s Calabrio support team, it requires custom development via professional services from Calabrio to implement and tune. This is not a one-time implementation, and it required continuous support to maintain changes in the app. The additional upfront investment and potential ongoing operational costs were not budgeted, so they needed to find an alternate solution.

This left the customer with one option: have the agents manually pause and resume the recording while taking the calls. Like many organizations, they were not comfortable putting the responsibility of maintaining compliance integrity in the hands of their call center agents, who were already juggling a lot.

The Solution

This is where we needed to think outside the box. The customer already owned Automai Loader for load testing, so the team was familiar with the robotic process automation (RPA) engine. Could this be used to automate the pause/resume capabilities of Calabrio?

I called Sam Benihya, CTO of Automai, and posed that question along with a few architectural ideas. Due to the portability of the robotic engine, within a few days an in-guest bot was born using the core RPA engine. For a bit of context, Automai’s RPA bot traditionally runs outside virtual desktops or servers. It runs as if it were simulating an end user from the front end using image recognition, OCR, and various other detection techniques. We built a scenario using Automai’s Intelligent Session Recording (ISR) Nanobot Wizard to capture key Social Security number fields, along with the window and process of the reservations application. We built in logic to execute the Calabrio Pause command when the sensitive field was detected and the respective resume command when the field was no longer detected.

The Nanobot ran in each user’s session, reading the scenario and intelligently pausing and resuming as agents fielded calls. This worked perfectly for Calabrio and solved the customer’s compliance challenge. They deployed the ISR Nanobot across both virtual and physical endpoints and are still running the solution today.

We hear about success stories like this all the time and being at the forefront was both a fun and rewarding experience. Without an automated solution in place, the company’s PCI compliance requirements would not have been met, causing a complete halt to the project.

Now that we understood the core problem — a need for confidence in the pause/resume capabilities, driven entirely by automation — we wanted to bring this same pause/resume feature to Citrix Session Recording. When I first had the idea, Citrix Session Recording offered programmatic capabilities just for “Start” and “Stop” functionality. This worked for security incidents where users have malicious intent (if an event was triggered, Citrix Session Recording would kick off a recording and stop it). In this case, each start/stop was a new recording. In our call center use case, where a user inside a session enters multiple reservations consisting of credit card entries, we didn’t want the admin to have to look through multiple recordings to review a single session.

This required a new Citrix feature request, and we worked with Tie Liu, the Session Recording engineering team manager, to make the request. We needed the ability to pause the session, blank out the recording, and resume the recording all from within the Citrix session. The proposed solution ensured a single recording would be captured for the user.

Automai and I demonstrated the ISR Nanobot capabilities, and Tie thought it was an awesome solution and could be achieved with some development. In a short time, we had our first beta to test!

After performing functionality testing and providing updated feedback, this new pause/resume capability made it officially into the Citrix Session Recording release in December 2020! This is an incredible feature tucked away deep inside the documentation, and I hope this blog post can help to create awareness among all Citrix customers, admins, and consultants! It’s exciting to see Citrix continue to take field feedback and build it into the product.

Last April, Citrix announced entitlement updates where all DaaS customers, no matter what edition, they were using, would receive Session Recording and Workspace Environment Manager (WEM). This brings incredible value to what customers already have. (Check out my recent talk on Citrix Session Recording at the Citrix User Group Community Louisville XL event.)

Citrix has since brought Session Recording management capabilities into Citrix Cloud, which provides both a streamlined administrative and operational experience. Learn more in this Citrix blog post, which covers four ways IT admins can benefit from Citrix Session Recording service.

Now that you have the back story, let’s dive into the details of Citrix Session Recording and Automai so you can set up intelligent automated pause-and-resume capabilities in your environment!

Introducing Automai’s Purpose-Built Nanobot

Automai’s Intelligent Session Recording Nanobot is a purpose-built solution that you can use to help ensure compliance in end-user computing environments. The nanobot is designed to integrate with Citrix Session Recording and provides automated pause-and-resume session recording, which uses both image recognition and OCR capabilities to identify sensitive data fields and pause and resume recording sessions based on selected criteria. This eliminates the need for manual pause/resume operations performed by end users and ensures compliance with PCI regulations.

The nanobot also offers plug-and-play management with the ISR Nanobot Wizard. This eliminates the need for coding and allows for a simple wizard-driven approach to detect and capture sensitive fields. The nanobot’s sensitive data security compliance feature helps to ensure data security compliance by eliminating the capture and storing of sensitive data during session recording. This increases operational efficiency by eliminating risks and concerns regarding sensitive content in recordings, allowing QA and training access to recordings that would otherwise be unavailable.

While the above use case was focused on a call center, Automai’s Intelligent Session Recording Nanobot can be a valuable solution for any organization looking to ensure compliance and protect sensitive data in their Citrix environment, regardless of the use case or their industry.

The Automai solution is a full-blown robotic testing, monitoring, and business process automation tool that takes the bot’s intelligent engine and uses it for a single high-value purpose. In our case, this is to pause/resume recorded sessions. Let’s look deeper into the ISR Nanobot’s architecture.

Click image to view larger.

ISR Nanobot Wizard

The ISR Nanobot Wizard is a purpose-built wizard that drives the workflow for capturing sensitive fields that trigger the pause/resume functionality. The wizard creates a project with the captured fields and saves it to the provided SMB share. The nanobot reads the scenario from the share when the user logs in. If fields change, or new fields are added, the admin can update the existing ISR project, capture the updated fields/images, and re-save it to the SMB share.

File Share

A simple SMB file share is used to store the Nanobot Project. The ISR Nanobot Wizard writes out the scenario to the provided SMB share path. Users will just require “read” permissions to this share. It is best to assign a group to the share that includes users who require pause/resume capabilities.

Nanobot

The Nanobot is the core robotic engine built to run autonomously and for use in one scenario — pause/resume. The template script just needs updated images of “sensitive” fields such as Social Security numbers, credit cards, and patient information, as well as the “App” and “Reason” parameters for the pause/resume, which are variables within the scenario.

The ISR Nanobot in Action

The ISR Nanobot is licensed per concurrent connection. It comes with a 30-day trial start for 100 users so you can test/validate the platform. This next section will cover the installation of the ISR nanobot.

The installer supports Windows 10+ on the client OS side and Server 2016+ on server OS side. While the nanobot was built for running inside remote sessions, it can also run on local physical desktops. In fact, the customer mentioned at the start of this post has a portion of their reservations workstations running the ISR Nanobot.

To download the latest ISR Nanobot bits, fill out the ISR Nanobot trial form. The following two videos will walk you through installation and configuration and will show how it works with a medical patent workflow.

Now that we understand the ISR Nanobot Architecture, let’s dig into how to enable Pause and Resume functionality within Citrix Session Recording.

Citrix Side of Session Recording: Enabling Automated Pause and Resume

As noted in the custom event detection policy documentation (see the Sensitive Information Blocking section), the Session Recording agent provides the IuserApi COM interface that third-party apps can use to add app-specific event data into recorded sessions. Based on the event customization, Session Recording can block sensitive information and log the session-pause and session-resume events accordingly.

This capability requires a few steps inside the master image, or persistent virtual desktop/virtual app server, to support this new functionality. While all steps are in the documentation, to help socialize this awesome capability (Google, Bing, DuckDuckGo, do your thing!) I will outline the steps below. Keep in mind that this capability was introduced in Session Recording 2012, so if you aren’t on that release we recommend upgrading to get all the latest features.

In Session Recording Agent Properties, select the Allow third party applications to record custom data on this VDA machine check box and click Apply.

Next, we need to permit users to invoke the Session Recording Event API. By default, local admins have this permission. In most use cases, your users won’t be local admins.

Open the Windows DCOM configuration tool on the Session Recording agent by running dcomcnfg.exe from the run or cmd prompt.

Right-click Citrix Session Recording Agent and select Properties. Select Security → Under Launch and Activation Permissions and select Edit.

Add an AD Group, which represents the user population that will log on to this VDA. An alternative solution is configuring the nanobot to run in the user context and add a group that contains the users who will need pause/resume capabilities. Ensure this group has the Local Activation Allow rights.

Please note, DCOM configuration takes effect immediately. There’s no need to restart any services or the machine.

The next steps we’ll cover are related to issuing the pause and resume commands. These are ultimately driven by the SRUserEventHelperSnapin.dll module. How you execute these commands is up to the third-party integration tool. In my opinion, we don’t want users issuing their pause/resume capability manually, which means you need to run the PowerShell commands below programmatically.

PowerShell Commands

Here, we’ll look at how to run these commands manually. The focus of this blog post is to show the third-party integration using Automai’s ISR Nanobot PowerShell Action which calls both “Session-Pause.ps1” and “Session-Resume.ps1” scripts that contain the required PowerShell commands to effectively pause and resume the session. You can see this built-in action below.

The screenshot below taken from the documentation points out how to run these commands manually. The –APP parameter contains the app name that will be referenced in the recording, and –Reason will contain context around why the recording was paused/resumed. These parameters are tracked in the event. Both can be passed as variables. For example, when a SS# field or CC# field is detected, the respective field type can be passed to the pause event, ensuring context is provided with the event.

Bringing It All Together: The ISR Nanobot Workflow Demo

The following video shows a full demo walk-through of the ISR Nanobot working in action automatically pausing/resuming when the Social Security number field is detected in the demo Patient Medical Application.

Additional Compliance-Based Session Recording Features

To wrap up, we wanted to cover a few additional compliance-based Citrix Session Recording features. Here’s a summary of some of the recent, awesome compliance-specific updates from Citrix Session Recording 2203 LTSR – 2212:

  • Monitoring popup window events: When users open or close a confidential file or access a folder, a popup window might appear, showing a prompt or asking for a password. Session Recording can now monitor such popup window events while recording sessions. Attributes of a popup window event are recorded, including the process name and the prompt content.
  • Responses configurable for more event types: This enables more scenarios that can leverage the power and flexibility of the event-triggered session recording capability.
  • Pre-recording for virtual desktop session: This allows recording for a short time period of time so you can gain insight into what happened leading up to specific recorded events, without needing to record the entire session.
  • Support for additional event response actions: Admins get more control over recorded sessions by taking disconnect, logoff, and lock-session actions.
  • Restrict recording access to certain groups: Allows recordings to be flagged in such cases as “forensics,” where recordings can only be viewed by a select group.
  • Playback justification logging: When administrator logging and playback justification logging are enabled on your Session Recording servers, a dialog box appears each time a user plays a recording, asking for a justification for playback.
  • Lossy video codec: You can adjust compression options to reduce the size of recording files and to accelerate navigation of recorded sessions during playback.

You can learn more in the following Citrix product documentation:

Get Started Today!

I hope this blog post gave you valuable insights into an awesome collaborative Citrix Ready success story and a true solution that can help you solve your compliance needs when using Citrix Session Recording. If you’re interested in testing Automai Intelligent Session Recording Nanobot in your Citrix Session Recording environment, fill out this form to connect with Automai and get your 30-day trial license.

New to Citrix Session Recording? Choice Solutions has a Session Recording jump start to get you up and running quickly. Check it out today and get started!


Special thanks to James Kindon, Senior EUC Architect at Nutanix, and Scott Osborne, EUC Co-Lead at Choice Solutions, for reviewing this post.