Q and A
Can I control what ObserveIT records?
Yes, within the Web Console it is possible to define what the Agent records. By using inclusion or exclusion, you can control many aspects of the recording policy, such as the users being recorded, the list of applications being recorded, and so on.
Can I export videos?
Yes, an entire session or part of a session can be exported to a standalone executable of the video sequence. This can be used for offline viewing or as evidence for user actions in case such information is required by an auditor.
What type of Metadata is captured with ObserveIT? A. In addition to capturing the screen image for each user action, ObserveIT extracts
information about the state of the operating system and the application being used, which allows ObserveIT to precisely identify what the user is doing in any given moment. This metadata is analyzed and encoded in a standardized format that is stored in the Database Server. Because this information is stored along with the metadata describing what is seen on the screen, you can perform very powerful searches across your entire enterprise.
Can I control what ObserveIT records?
A. Yes. The Agent recording settings are configured through policies, either at the server level, or on a group of servers. From within the ObserveIT Web Management console it is possible to define what the Agent is to capture. By using inclusion or exclusion, you can control many aspects of the recording policy: the users, applications, specific files, URLs and specific keystroke events.
What is the difference between an Administrator and a View‐Only Administrator options?
Administrators are Console Users that can log on to the Web Management console and view recordings, and also make changes to the ObserveIT configuration. View‐Only administrator are Console Users that can log on to the Web Management console and view recordings, but cannot make any changes to the ObserveIT configuration or permissions.
What is unique about the ObserveIT capturing mechanism? A. ObserveIT's patented technology has the ability to identify each type of user
interaction (dialog boxes, configuration tabs, confirmation prompts) including the result of that action, and index it as metadata for search and retrieval. In addition to the screen information, the captured metadata provides the context for each user action performed on the server
What types of reports are available in the ObserveIT Web Console? A. Within ObserveIT's Web Console you can view many types of reports. These reports are
be any screen element that the user interacts with: menus, application dialog, files and so on. The following are examples of some of the ObserveIT reports:
List users that have accessed selected servers by date and time
List users that have accessed selected resources such as files, applications,
configuration property pages, etc.
List resources (registry entries, applications, screens, files, etc.) that were accessed
on selected servers by date and time
List installed/uninstalled applications on selected servers
List installed/uninstalled application by selected users
ObserveIT has recorded activities performed by consultants and external vendors.
How can I use these videos for training and knowledge management?
A. When you identify that a portion of the captured user session correctly represents a best practices method, or otherwise demonstrates the correct process for repeated tasks, you can tag that recording and save it for training purposes. These recordings can be later accessed by using the ObserveIT Web Console without having to go through the search process again.
What types of alerting mechanism are available in ObserveIT? A. ObserveIT provides a mechanism for 3rd‐Party monitoring and management software to interact with the metadata that is stored within ObserveIT's database, and through this interaction you can configure your existing monitoring tools to generate an alert whenever a specified resource is accessed. This includes access to files, registry entries, application property pages or any other screen element. These alerts can be sent by email, pager, SNMP event, SMS, based upon the capabilities of your existing monitoring software.
What server‐side operating systems are supported by ObserveIT? A. All versions of Windows NT/2000/2003/2008 Server are currently supported, including
32‐bit and 64‐bit versions.
What client‐side operating systems are supported by ObserveIT?
A. The ObserveIT Agent can be installed on the following platforms:
Windows: NT/2000/2003/2008 and Windows XP/Vista/7, including 32‐bit and 64‐bit versions.
Unix:
Linux RedHat/CentOS versions 5.4 to 5.6, including 32‐bit and 64‐bit versions.
Solaris 10 updates U4 to U9 (SPARC and x86 processors)
What versions on SQL are supported by ObserveIT?
A. All SQL versions are currently supported, meaning SQL 2005/2008 and MSDE/SQL Server
2005 Express Edition.
What versions on IIS are supported by ObserveIT?
A. All IIS versions that are part of Windows 2000/2003/2008 Server are currently
supported, meaning IIS 5.0/6.0/7.0/7.5. and with the newest update, 8.0.
Can I integrate my software with ObserveIT?
A. Yes, there is a published set of APIs and an SDK that developers and administrators can
use to integrate functionality with 3rd party applications.
Can I integrate ObserveIT with other application servers?
Each of the server components can coexist with other applications using the same physical hardware platform. ObserveIT has specific configuration settings to allow integration with Active Directory, CA e‐Trust, Microsoft MOM, SCOM and other application software. What additional information does ObserveIT capture? A. In addition to the screen and underlying metadata, the date, time, IP address, and
user is stored in the database.
Does ObserveIT provide a mechanism for alerting in case the Agent has stopped
communicating with the Application server?
A. Yes, in case this happens during an active session. For example, if someone has managed to stop the agent, or in case the server went offline. You will need to configure SMTP and add an e‐mail address to the Web Console administrator and enable the "Alert" option. In addition, custom scripts can be created by experienced administrators to remotely poll a server's running processes and alert them in case the ObserveIT Agent has stopped.
Where are the ObserveIT videos stored?
A. Unlike other screen recording software, ObserveIT does not store the recordings in individual files. All the data captured by ObserveIT is stored within a Microsoft SQL Server database, on the Database Server. Because this information is stored along with the metadata describing what is seen on the screen, you can perform very powerful searches across your entire enterprise.
Note: Starting from 5.3.0 release, videos can also be stored on a file system.
Is my recorded data secure?
A. The data is digitally signed and encrypted when it is stored in the database. Access to the data is limited by permissions defined within the Web Console, and any access to this
data is audited by ObserveIT.
Is the ObserveIT for Servers communication secure?
A. The ObserveIT Agent to ObserveIT Application Server secure conversation implements OASIS standards for WS‐Secure conversation, which allows security contexts to be created and key material to be exchanged more efficiently. Binary data is serialized and is stamped with a token key and digitally signed. In order to prevent session hijacking, ObserveIT uses a 2‐minutes transaction Time‐To‐Live parameter.
In addition to the built‐in security mechanism, you can further secure the Agent to Server communication by configuring IIS on the Application server to require SSL, and the Agent to use HTTPS instead of HTTP. When using SSL, packet payloads are encrypted and
protected from packet analyzers and other sniffing tools. By using SSL you can protect the communication with means of a industry strength security protocol which is widely accepted and can easily traverse firewalls and other security devices.
How do I know that the ObserveIT Agent is working properly?
A. There is a health check process that polls the Agents, Application Server(s) and Database
Server to verify communication and functionality.
Is ObserveIT able to audit the use of a file share?
A. You can audit and search for any action performed by any user that is logged on to a user session on the monitored server. This means that if a user accesses the server via RDP/Citrix/VNC and so on, and the server is monitored, you'll be able to record all the
user's actions. However, if the user accesses the server via UNC (Uniform Naming
Convention, a PC format for specifying the location of resources on a local‐area network (LAN). ) over the network, you will not be able to record this access unless you also monitor the user's workstation.
Does ObserveIT record action in Active Directory Users and Computers such as
creating/modifying users, creating/modifying groups, etc? A. The answer is "it depends on how you did it". For example, if the administrator used RDP to connect to the DC and open ADUC and perform the actions, then yes, he or she would be recorded (given that there's an Agent installed on the DC). However, if they used
the local ADUC (Active Directory Users and Computers) MMC (
MMCMicrosoft Management Console
) snap‐in on their workstation, then no, they would not be recorded as no user session was created on the monitored DC. To solve this scenario, one would look into installing the Agent on each management workstation, and configuring the Server Policy to only record administrator‐based applications such as MMC, Regedit, Notepad, CMD, PowerShell and so on.