You may need to audit operations that are performed on cloud computers to meet security audit requirements of your enterprise. WUYING Workspace (Pro Edition) provides the screen recording audit feature. You can use this feature to record the operations that are performed by end users on cloud computers and view the screen recording files for auditing at any time.
Usage notes
Applicable scope
This feature applies only to cloud computers that meet the following conditions:
Use the Adaptive Streaming Protocol (ASP). For more information, see ASP.
Run Windows or Linux (Linux Ubuntu 20.04).
Use system images whose versions are V0.1.0 or later, or custom images that are created based on the system images.
Billing
This feature is a valued-added service provided by WUYING Workspace (Pro Edition) and is in public preview. You can use the feature free of charge during the public preview. After the public preview ends, you are charged for using the feature. An announcement that includes the billing rules will be released in advance. We recommend that you stay tuned to our latest updates and announcements.
Screen recording files are stored in an Object Storage Service (OSS) bucket that is automatically created for you. You are charged for using the bucket. For information about the billing of OSS, see Billing overview.
Precautions
Screen recording might capture private data of end users. Make sure that related permissions are obtained from the end users.
Prerequisites
Screen recording files are stored in OSS buckets in the region where cloud computers are created. If end users use virtual private network (VPN) software on cloud computers, make sure that *.aliyuncs.com
is added to the whitelist. This prevents failures of uploading screen recording files to the buckets.
Configure the screen recording audit feature
Log on to the WUYING Workspace (Pro Edition) console.
In the left-side navigation pane, choose
.In the upper-left corner of the top navigation bar, select a region.
On the Policies page, click Create Policy.
In the Create Policy panel, enter a name for the policy that you want to create.
Click the Screen Recording Audit tab, read the usage notes of this feature and select I have read and agree to the usage notes on the screen recording audit feature.
Turn on Audit Screen Recording, configure parameters, and then click Create. The following table describes the parameters.
Parameter
Description
Type
Select a screen recording type. Valid values:
Whole-process: A recording immediately starts when end users connect to cloud computers and ends when the end users disconnect from the cloud computers.
Interval-based: A recording starts and ends within a specific period of time when end users connect to cloud computers. If the end users disconnect from the cloud computers before the specified period of time for recording is reached, the recording ends.
Operation-triggered: A recording is triggered when the system detects specific operations in the following conditions. Valid values:
Command-triggered: The recording starts when end users enter commands by using input devices such as keyboards, mouses, or tablets.
File Upload/Download-triggered: The recording starts when end users download or upload files between cloud computers and local computers.
NoteAfter you specify operations that can trigger screen recording, the system starts screen recording when specified operations are met. When the system does not detect the specified operations, the recording ends 10 minutes later. If the system no longer detects the specified operations within the 10 minutes, the screen recording ends when the 10 minutes elapse. If the system detects the specified operations within the 10 minutes, the time of the recording is extended by another 10 minutes.
Session Lifecycle Listening: A recording starts when a session is created and ends when the session is closed. We recommend that you select this option for robotic process automation (RPA) scenarios.
NoteIf you select Whole-process, a recording ends when an end user disconnects from a cloud computer. If you select Session Lifecycle Listening, a recording ends when a session of a cloud computer is closed. To close the session, the end user must stop the cloud computer or the specified keep-active duration is reached after the end user disconnects from the cloud computer.
Sound
Specifies whether to record audio generated on cloud computers during screen recording. Valid values: Video and Sound and Screen.
Frame Rate
Valid values: 2 fps, 5 fps, 10 fps, and 15 fps.
Larger frame rates ensure smoother recording but require more storage space. You can specify a frame rate based on your business requirements and storage space.
File Length
The length of a recording file. Valid values: 10 minutes, 20 minutes, 30 minutes, and 60 minutes. The screen recording files are automatically split and uploaded to an OSS bucket based on the specified length. If the file size reaches 300 MB but the specified length is not reached, WUYING Workspace preferentially uploads the first 300 MB data.
Save To
The location to which a recording file is stored. By default, screen recording files of a cloud computer are stored in an OSS bucket that is in the same region as the cloud computer. You are charged for using OSS buckets to store the files. For information about the billing of OSS, see Billing overview.
ImportantIf end users use VPN software on cloud computers, make sure that
*.aliyuncs.com
is added to the whitelist to prevent failures of uploading screen recording files to the buckets.Retention Period
By default, screen recording files are retained in an OSS bucket for 15 days. Valid values: 1 to 180. Unit: day.
WarningThe system stores screen recording files in OSS buckets for a period of time. When the period of time elapses, the files are permanently deleted from the buckets and the Screen Recordings page in the WUYING Workspace (Pro Edition) console.
After you configure the policy, you can go to the Policies page to view it.
Enable screen recording for a cloud computer
To enable screen recording for a cloud computer, you need to only associate the policy in which the screen recording feature is enabled with a cloud computer. You can associate a policy with cloud computers when or after you create the cloud computers.
Modify the existing policy of a cloud computer
You can modify the existing policy of a cloud computer by enabling the screen recording audit feature in the policy. For more information, see the Configure the screen recording audit feature section in this topic. For more information about how to modify a policy, see Modify, clone, or delete a custom policy.
Replace the existing policy of a cloud computer
If you do not want to modify the policy of a cloud computer, you can create a new policy by following the steps in the Configure the screen recording audit feature section of this topic and replace the existing policy with the new policy.
In the left-side navigation pane, choose
.In the upper-left corner of the top navigation bar, select a region.
On the Cloud Computers page, find the cloud computer that you want to manage, click the ⋮ icon in the Actions column, and then click Change Policy.
In the Policy section of the Change Policy panel, clear the selection of the original policy in which the screen recording audit feature is disabled, select a new policy based on your business requirements, and then click OK.
In the message that appears, click OK.
Enable screen recording for a cloud computer pool
To enable screen recording for a cloud computer pool, you need to only associate the policy in which the screen recording feature is enabled with the pool. You can associate a policy with cloud computer pools when or after you create the pools.
Modify the existing policy of a cloud computer pool
You can modify the existing policy of a cloud computer pool by enabling the screen recording audit feature in the policy. For more information, see the Configure the screen recording audit feature section in this topic. For more information about how to modify a policy, see Modify, clone, or delete a custom policy.
Replace the existing policy of a cloud computer pool
If you do not want to modify the policy of a cloud computer pool, you can create a new policy by following the steps in the Configure the screen recording audit feature section of this topic and replace the existing policy with the new policy.
In the left-side navigation pane, choose
.In the upper-left corner of the top navigation bar, select a region.
On the Cloud Computer Pools page, find the cloud computer pool that you want to manage ad click the pool ID.
On the pool details page, click the Basic Information tab and click the icon to the right of the Policy Group Name parameter.
In the Policy section of the Change Policy panel, clear the selection of the original policy in which the screen recording audit feature is disabled, select a new policy based on your business requirements, and then click OK.
View or download a screen recording file
After the screen recording for a cloud computer ends, screen recording files are automatically stored in an OSS bucket. You can view or download the files in the WUYING Workspace (Pro Edition) console. For more information, see View or download a screen recording file.
Troubleshooting
I created a cloud computer and associated a policy with the cloud computer. In the policy, the screen recording audit feature is enabled. However, the system prompts that the image version of the cloud computer is outdated. What do I do?
To use the screen recording audit feature, the cloud computer must meet the following conditions:
Use the Adaptive Streaming Protocol (ASP). For more information, see ASP.
Run Windows or Linux (Linux Ubuntu 20.04).
Use system images whose versions are V0.1.0 or later, or custom images that are created based on the system images.
If the system prompts that the image version of the cloud computer is outdated, you must change the image of the cloud computer. For more information, see Change the image of a cloud computer or cloud computer pool.
Can WUYING Workspace automatically delete screen recording files that are stored in OSS buckets?
Screen recording files are stored in OSS buckets based on the period of time that you specified when you enabled the screen recording audit feature. WUYING Workspace automatically deletes the screen recordings when the retention period elapses.
If you delete a policy in which the screen recording audit feature is enabled, WUYING Workspace retains the screen recording files of all cloud computers with which the policy is associated until the retention period elapses. Then, the system deletes the screen recording files.