Moving Session Recordings¶
Section: Operations | Article 60
Audience: System Administrators
Last Updated: 2026-04-08
Overview¶
Session recordings are stored on the local drive of each RP-PAM node. Over time, you may need to move recordings to a different location:
- Disk space: original drive is filling up, need to move to a larger drive
- Dedicated storage: moving to a dedicated data drive for better performance
- HA shared storage: adding NFS/SMB/S3 shared storage for cross-node availability
- Infrastructure change: migrating to new hardware or storage array
RP-PAM includes a recording migration tool that safely moves files and updates the database in one operation.
How Recording Storage Works¶
RP-PAM stores recording paths in the database as relative paths (e.g., default/2026-04/session-abc.enc). Each node resolves this against its own configured StorageBasePath.
| Node | StorageBasePath | File on Disk |
|---|---|---|
| Server A | E:\RpPamRecordings |
E:\RpPamRecordings\default\2026-04\session-abc.enc |
| Server B | /mnt/data/recordings |
/mnt/data/recordings/default/2026-04/session-abc.enc |
This means different HA nodes can use different drive letters or mount points without conflict.
Changing the Recording Path¶
Step 1 — Prepare the New Location¶
Windows:
# Create the new directory
New-Item -ItemType Directory -Path "D:\RpPamRecordings" -Force
# Verify the RP-PAM service account has write access
icacls "D:\RpPamRecordings" /grant "NT SERVICE\RpPam:F"
Linux:
# Create the new directory
sudo mkdir -p /mnt/data/rppam/recordings
sudo chown rppam:rppam /mnt/data/rppam/recordings
Step 2 — Migrate Existing Recordings¶
Preview (dry run — no changes made):
Windows:
rppam-migrate recordings `
--from "C:\ProgramData\Ravenphyre\RP-PAM\Recordings" `
--to "D:\RpPamRecordings" `
--dry-run
Linux:
sudo /opt/rppam/tools/rppam-migrate recordings \
--from /var/lib/rppam/recordings \
--to /mnt/data/rppam/recordings \
--dry-run
The dry run reports:
Recording migration DRY RUN:
Scanned: 1,247 recordings
Would migrate: 1,245
Would skip: 2 (in-progress recordings)
Errors: 0
Execute the migration:
# Remove --dry-run to execute
rppam-migrate recordings `
--from "C:\ProgramData\Ravenphyre\RP-PAM\Recordings" `
--to "D:\RpPamRecordings"
Step 3 — Update the Configuration¶
Edit rppam.config and change the storage path:
Or on Linux:
Step 4 — Restart RP-PAM¶
Step 5 — Clean Up Old Files (Optional)¶
After verifying the new location works (create a test session, check recording appears in the new path):
rppam-migrate recordings `
--from "C:\ProgramData\Ravenphyre\RP-PAM\Recordings" `
--to "D:\RpPamRecordings" `
--delete-old
Adding Shared Storage for HA¶
If you are running an HA cluster and want recordings available across all nodes:
Step 1 — Set Up Shared Storage¶
NFS (Linux):
# Mount NFS share on all nodes
sudo mount -t nfs fileserver:/rppam-recordings /mnt/nfs/rppam-recordings
# Add to /etc/fstab for persistence
echo "fileserver:/rppam-recordings /mnt/nfs/rppam-recordings nfs defaults 0 0" | sudo tee -a /etc/fstab
SMB (Windows):
# Map network share on all nodes
New-PSDrive -Name R -PSProvider FileSystem -Root "\\fileserver\rppam-recordings" -Persist
Step 2 — Configure Shared Storage¶
Edit rppam.config on all nodes (the shared path must be identical):
{
"recordings": {
"storageBasePath": "D:\\RpPamRecordings",
"sharedStoragePath": "\\\\fileserver\\rppam-recordings"
}
}
Linux:
{
"recordings": {
"storageBasePath": "/var/lib/rppam/recordings",
"sharedStoragePath": "/mnt/nfs/rppam-recordings"
}
}
Step 3 — Populate Shared Storage¶
Copy existing local recordings to shared storage:
sudo /opt/rppam/tools/rppam-migrate recordings \
--from /var/lib/rppam/recordings \
--to /mnt/nfs/rppam-recordings \
--dry-run
# Then without --dry-run
Note: When populating shared storage, old files are NOT deleted. Local copies are kept as a performance cache. New recordings are written locally first, then async-copied to shared storage.
Safety Guarantees¶
| Safety Feature | How It Works |
|---|---|
| Dry run | Preview mode shows what would happen without touching anything |
| Checksum verification | After copying, SHA-256 hash is compared — mismatches are rejected |
| Skip in-progress | Recordings actively being written are skipped (retry after session ends) |
| Resumable | If interrupted, re-running skips already-migrated files |
| Old files preserved | Old files are only deleted with explicit --delete-old flag |
| Audit trail | Every move is logged for accountability |
S3 Shared Storage¶
For cloud or hybrid deployments:
{
"recordings": {
"sharedStoragePath": "s3://my-bucket/rppam-recordings/",
"s3Region": "us-east-1"
}
}
Ensure the RP-PAM service has AWS credentials configured (IAM role on EC2, or AWS CLI profile).
Troubleshooting¶
| Problem | Cause | Solution |
|---|---|---|
| "Access denied" during migration | Service account lacks write access to new path | Grant NTFS/POSIX permissions to the RP-PAM service account |
| "Checksum mismatch" error | File corrupted during copy | Re-run the migration — the tool will retry the failed file |
| In-progress recordings skipped | Active sessions are using those files | Wait for sessions to end, then re-run |
| Old path still referenced after migration | Forgot to update rppam.config |
Change storageBasePath in the config and restart |
| NFS mount not accessible | NFS server down or mount stale | Remount NFS: sudo mount -a |
Next Steps¶
- Backup and Restore — Backup includes recordings from the configured path
- HA Setup — Shared storage configuration for clusters
- Browser-Based Sessions — Where recordings come from
RP-PAM v1.0.0 — Copyright 2026 Ravenphyre. All rights reserved.