Auditing events for VMware Solutions
Use the IBM Cloud® Activity Tracker service to track how users and applications interact with IBM Cloud for VMware® Solutions in IBM Cloud.
IBM Cloud Activity Tracker records user-initiated activities that change the state of a service in the IBM Cloud. You can use this service to investigate for abnormal activity and critical actions, and comply with regulatory audit requirements. In addition, you can be alerted on actions as they happen. The events that are collected comply with the Cloud Auditing Data Federation (CADF) standard. For more information, see Getting started with Activity Tracker.
Events for VMware Shared
When you use IBM Cloud for VMware Solutions Shared, an event is generated to track how users and applications interact with virtual data centers.
The following table lists the actions that generate and send an event to Activity Tracker.
Action | Description | Outcome |
---|---|---|
vmware-solutions.vdc.create |
An event is generated when a virtual data center instance is created. | pending success failure |
vmware-solutions.vdc.delete |
An event is generated when a virtual data center instance is deleted. | pending success failure |
vmware-solutions.vdc.update |
An event is generated when capacity is added to a virtual data center instance. An event is generated when capacity is removed from a virtual data center instance. |
pending success failure |
Events for vCenter Server instance management
When you manage user accounts, instances, clusters, and services in IBM Cloud for VMware Solutions, an event is generated.
The following table provides the actions that generate and send management events to Activity Tracker.
Action | Description |
---|---|
vmware-solutions.account-apikey.update |
The infrastructure API key for an account is updated. |
vmware-solutions.account-notification.update |
The notification setting for an account is updated. |
vmware-solutions.instance-secure-data.wipe |
The instance-secure data is wiped. |
vmware-solutions.instance-bss-account.migrate |
An instance is migrated to a BSS account. |
vmware-solutions.vcs.create |
A VMware vCenter Server® instance is created. |
vmware-solutions.vcs.delete |
A vCenter Server instance is deleted. |
vmware-solutions.vcs-host.add |
A host is added to a vCenter Server instance. |
vmware-solutions.vcs-host.remove |
A host is removed from a vCenter Server instance. |
vmware-solutions.vcs.update |
A vCenter Server instance is updated. |
vmware-solutions.vcs-cluster.create |
A cluster is created for a vCenter Server instance. |
vmware-solutions.vcs-cluster.delete |
A cluster is deleted for a vCenter Server instance. |
vmware-solutions.vcs-nsx-license.update |
The VMware NSX® license is updated for a vCenter Server instance. |
vmware-solutions.vcs-nfs-storage.add |
NFS storage is added to a vCenter Server instance. |
vmware-solutions.vcs-nfs-storage.remove |
NFS storage is removed from a vCenter Server instance. |
vmware-solutions.vcs-plan.update |
A vCenter Server instance's plan is updated. |
vmware-solutions.vss.create |
A vSphere instance is created. |
vmware-solutions.vss.update |
A vSphere instance is updated. |
vmware-solutions.vss-template.remove |
A vSphere template is removed. |
vmware-solutions.service.create |
A service is created. |
vmware-solutions.service.delete |
A service is deleted. |
Events for KMIP for VMware
When you manage keys for the KMIP™ for VMware® service, an event is generated.
The following table provides the actions that generate and send events for KMIP for VMware. The initiator completes these actions from vCenter Server and they do not include the initiator's IP address. The requests for these actions run from within the IBM Cloud private network.
The initiator ID is derived from the TLS (Transport Layer Security) certificate of the vCenter Server that is used to authenticate the connection to the KMIP server. The initiator ID is in the format CertificateID-<value>
,
where the value matches the fingerprint of the corresponding TLS certificate. Using the fingerprint, you can identify the vCenter Server that triggered the action.
Action | Description |
---|---|
vmware-solutions.kmip-key.create |
A KMIP key is created. |
vmware-solutions.kmip-key.read |
A KMIP key is retrieved. |
vmware-solutions.kmip-key-attributes.retrieve |
A KMIP key's attributes are retrieved. |
vmware-solutions.kmip-key.activate |
A KMIP key is activated. |
vmware-solutions.kmip-key.revoke |
A KMIP key is revoked. |
vmware-solutions.kmip-key.destroy |
A KMIP key is destroyed. |
Viewing events
VMware Shared and vCenter Server events are global events. The KMIP for VMware events are location-based events that are automatically forwarded to the IBM Cloud Activity Tracker service instance that is available in the same location as the KMIP for VMware instance. For more information, see Monitoring global and location-based events.
IBM Cloud Activity Tracker can have only one instance per location. To view events, you must access the web UI of the IBM Cloud Activity Tracker service in the same location where your service instance is available. For more information, see Navigating to the UI.