We've unified Citrix solutions and our portfolio. Learn more .

CDA(Cloud Desktop Auditor)

Citrix Ready Product Image / Logo

CDA (Cloud Desk Auditor) is a self-developed cloud desktop security audit product of I-search technology.

Request Product Details

Compatible with

  • XenApp 6.0


  • Citrix Virtual Apps (XenApp)

Product Details

CDA uses agent in the virtualized the windows operating system deployed in the cloud desktop to capture all practical operation screen of users on virtual desktops or virtual applications on the cloud desktop platform and document it. Managers and operation and maintenance audit staff can quickly and easily search in the CDA system at any time and playback any action of the user. Either to click on an application or change the configuration of a system, it’s just as if placing a video camera above the head of the user on the virtualization platform; all user behaviors are under control.

CDA records not only simple operation screen, and more importantly, it will automatically make intelligent analysis to restore all user operation in the video to a text format and record it. On the basis, by using search engine technology, users can easily use keyword to search to locate and audit critical operations and high-risk operations like using Baidu and Google.


Graphics video combines with video to make behavior analysis
In the graphical operation, users can extract the text readable, making the search, behavioral risk classification and alarm analysis become feasible.

Use the search engine technology to achieve efficient audit
It can make accurate search using keywords and quickly locate any mouse or keyboard of users.

Support large data storage and dynamic analysis
It supports dynamic data analysis without pre-processing the supporting various types of data; it supports a single piece of data up to hundreds of megabytes and supports data processing and calculation up to several billions.

Comprehensive multi-platform support
It supports Citrix Xen Desktop and other mainstream cloud desktop systems and supports Windows XP, Windows Server 2003, win7, Windows server 2008, win8, Windows server 2012 and other Windows platforms.

Built-in comprehensive log analysis capability
It has built-in I-search ISA software, which can achieve event collection, analysis and alerting capabilities and combine cloud desktop systems and logs of windows to achieve a comprehensive audit and problem analysis.

Low resource consumption
It has efficient data storage function. Uninterrupted operation of video conversation each hour consumes 10 to 15M; agent on the virtual desktop occupies very low space; with operating behavior, it normally occupies 2% to 3% of CPU with about 10M of memory; without operation, the occupied CPU space can be negligible.

CDA session management

Session Management

  • After the session, click Index Now and the ended session will be displayed in the list of session search.
  • Click session + number to see the latest window information.
  • Click the View button in the action bar to view all of the session’s window information; the default display number is 25 pieces; you can click the arrow to see more.
  • Click See All the Action on the action bar to view the session’s all actions, including mouse, keyboard, windows and other operations.
  • It can playback session and playback video (play, pause, point, drag and drop); it supports switch of absolute time and relative time; support saw a mouse click
  • It’s able to search for content and reflects in the window title based on the searched content. 
  • It can search session according to the condition combination.
  • It can filter and export session data based on conditions.

Real-time monitoring

  • The monitor page allows to view active sessions and view the monitoring video.
  • It can view the session window and play an active session according to the window.
  • It allows searching for the appropriate activity sessions.

System Management

Agent Management

  • It allows to see the information of the agent installed, including the version number and server information
  • Agent information can be inquired.

Backup Management

  • Open the storage backup; CDA data in the last month data can be stored to the appropriate ftp server.
  • CDA data in the last week can be backed to the appropriate ftp server.
  • After the hard dispersed threshold is set, make daily test at 00:05:00; an alarm is generated when disk usage exceeds the threshold.
  • Audit the valid period of data; not remove CDA if the session never expires.
  • If the valid period of the audit data is selected to be three months; at 00:05:00 on the last day of each month, save the session in the previous three months; delete all the session file and CDA data three months before.

Agent Upgrade

  • When new version of the agent installation package is less than the version number in the agent list, prompt there exists a version larger than the agent and it will lead to some upgrade is unsuccessful; whether continue or not!. You can choose to continue to add or cancel.
  • In case of adding, the version number cannot be less than the current maximum version number.
  • Modify agent installation package
  • Delete agent installation package
  • When polling task detects the version number of the agent on the server is less than the current maximum version number, use the latest installation package to update server.

Search and reporting capability


  • You can view the CDA session’s window information. 
  • Click all the action; you can view all the information window of the session the window belongs to.
  • Click the playback; you can play back the fixed window session
  • CDA logs can be saved as a report; view new report in the report page. 
  • CDA logs can be saved as an alarm; view new alarm rules in the alarm rules page.


  • Default report, session trends and details report 
  • Default report, session start time report: session start segment: 0-8, 9 -12, 13 -18, 19 -24
  • Default report, session length ranking report: the session length segment: within one hour, 1-2 hours, 2-3 hours, more than three hours
  • Default report, resource usage TOP50
  • Default report, resource users log TOP50


Alarm Rules

  • New rules in search can be displayed in the alarm rules.
  • Modify alarm rules
  • After the alarm rules are closed, there will be no alarm.
  • Delete alarm rules
  • Search for alert rules