Blue Prism Product

Product_Community.jpg
Expand all | Collapse all

Securely using vSphere to monitor runtime activity

Jump to Best Answer
  • 1.  Securely using vSphere to monitor runtime activity

    Posted 08-15-2019 01:39
    Our process controllers use vSphere to hop into an existing session in production on a runtime bot so they can see what the bot is doing. They usually do this when weird things are happening just to get to the bottom of it.

    If we start to add processes which access secure sites (like banking sites) this presents a serious issue as the controller could potentially wait for the bot to log into the site and then take over the banking account for nefarious purposes.

    Are there better ways of achieving the aim here? I'm thinking there might be an app that shows what's happening on the screen without allowing the user to control the screen. Or alternately is there an app that can record the activity on the screen for audit purposes?

    Thanks!

    Rich

    ------------------------------
    Richard Lorenz
    CoE Manager
    Computershare
    Australia/Melbourne
    ------------------------------


  • 2.  RE: Securely using vSphere to monitor runtime activity

    Posted 08-15-2019 04:48

    Just to clarify you are wanting to be able have a view only console session with a running Runtime Resource (Robot)? 

    If so, I am not 100% sure it is achievable within vSphere. From what I remember once you grant the rights to allow someone to view the console that person has access to send keystrokes and mouse movements and the access is not granular enough to prevent that. It is worth have a look/play with some combination of permissions as it may be able to give you what you want.

    I do believe that with other remote connection tools it can be achieved e.g Real VNC: https://www.realvnc.com/en/connect/docs/faq/viewonly.html

    If you are limited to using vSphere and you cannot get a view only combination of permissions, I did come across this article that talks about Capturing Virtual Machine Screenshots in vSphere. It could be that an implementation of this may give you a form of view access you require albeit with images rather than a real time view: https://blogs.vmware.com/vsphere/2013/01/capturing-virtual-machine-screenshots-in-vsphere.html



    ------------------------------
    James Marsh
    Technical Consultant
    Blue Prism
    Europe/London
    ------------------------------



  • 3.  RE: Securely using vSphere to monitor runtime activity
    Best Answer

    Posted 08-18-2019 19:11

    Hi James

    >>Just to clarify you are wanting to be able have a view only console session with a running Runtime Resource (Robot)? 

    Yes, exactly.

     

    >>If so, I am not 100% sure it is achievable within vSphere. From what I remember once you grant the rights to allow someone to view the console that person has access to send keystrokes >>and mouse movements and the access is not granular enough to prevent that. It is worth have a look/play with some combination of permissions as it may be able to give you what you want.

    No, I have not been able to find a way to do it in vSphere either.

    >>I do believe that with other remote connection tools it can be achieved e.g Real VNC: www.realvnc.com/en/connect/docs/faq/viewonly.html

    Thanks!

    >>If you are limited to using vSphere and you cannot get a view only combination of permissions, I did come across this article that talks about Capturing Virtual Machine Screenshots in >>vSphere. It could be that an implementation of this may give you a form of view access you require albeit with images rather than a real time view: blogs.vmware.com/vsphere/2013/01/...

    That sounds helpful, I'll check it out

     

    Richard