Activity tracking events for VMware Solutions

IBM Cloud® services, such as IBM Cloud® for VMware Solutions, generate activity tracking events.

Activity tracking events report on activities that change the state of a service in IBM Cloud. You can use the events to investigate abnormal activity and critical actions and to comply with regulatory audit requirements.

You can use IBM Cloud Activity Tracker Event Routing, a platform service to route auditing events in your account to destinations of your choice by configuring targets and routes that define where activity tracking events are sent. For more information, see About IBM Cloud Activity Tracker Event Routing.

You can use IBM Cloud Logs to visualize and alert on events that are generated in your account and routed by IBM Cloud Activity Tracker Event Routing to an IBM Cloud Logs instance.

As of 28 March 2024, the IBM Cloud Activity Tracker service is deprecated and will no longer be supported as of 30 March 2025. Customers will need to migrate to IBM Cloud Logs before 30 March 2025. During the migration period, customers can use IBM Cloud Activity Tracker along with IBM Cloud Logs. Activity tracking events are the same for both services. For information about migrating from IBM Cloud Activity Tracker to IBM Cloud Logs and running the services in parallel, see migration planning.

Locations where activity tracking events are generated

IBM Cloud for VMware Solutions generates activity tracking events in the regions that are indicated in the following table.

Regions where activity tracking events are generated in Americas locations
Dallas (`us-south`)	Washington (`us-east`)	Toronto (`ca-tor`)	Sao Paulo (`br-sao`)
Yes	Yes	Yes	No

Regions where activity tracking events are generated in Asia Pacific locations
Tokyo (`jp-tok`)	Sydney (`au-syd`)	Osaka (`jp-osa`)	Chennai (`in-che`)
Yes	No	No	No

Regions where activity tracking events are generated in Europe locations
Frankfurt (`eu-de`)	London (`eu-gb`)	Madrid (`eu-es`)
Yes	No	No

Locations where activity tracking events are sent to IBM Cloud Activity Tracker hosted event search

VMware Solutions sends activity tracking events to IBM Cloud Activity Tracker hosted event search in the regions that are indicated in the following table.

Regions where activity tracking events are sent in Americas locations
Dallas (`us-south`)	Washington (`us-east`)	Toronto (`ca-tor`)	Sao Paulo (`br-sao`)
Yes	Yes	Yes	No

Regions where activity tracking events are sent in Asia Pacific locations
Tokyo (`jp-tok`)	Sydney (`au-syd`)	Osaka (`jp-osa`)	Chennai (`in-che`)
Yes	No	No	No

Regions where activity tracking events are sent in Europe locations
Frankfurt (`eu-de`)	London (`eu-gb`)	Madrid (`eu-es`)
Yes	No	No

Viewing activity tracking events for VMware Solutions

VCF for Classic and VMware Shared events are global events. The KMIP for VMware events are location-based events that are automatically forwarded to the Activity Tracker service instance that is available in the same location as the KMIP for VMware instance. For more information, see Monitoring global and location-based events.

Launching IBM Cloud Logs from the VMware Solutions console

Activity Tracker can have only one instance per location. To view events, you must access the web UI of the Activity Tracker service in the same location where your service instance is available. For more information, see Navigating to the UI.

Launching IBM Cloud Logs from the Observability page

For information on launching the IBM Cloud Logs UI, see Launching the UI through the IBM Cloud UI.

Events for VCF for Classic instance management

When you manage user accounts, instances, clusters, and services in VMware Solutions, an event is generated.

The following table provides the actions that generate and send management events to Activity Tracker.

Description of actions that generate management events
Action	Description
`vmware-solutions.account-apikey.update`	The infrastructure API key for an account is updated.
`vmware-solutions.account-notification.update`	The notification setting for an account is updated.
`vmware-solutions.instance-secure-data.wipe`	The instance-secure data is wiped.
`vmware-solutions.instance-bss-account.migrate`	An instance is migrated to a BSS account.
`vmware-solutions.vcs.create`	A VMware Cloud Foundation for Classic instance is created.
`vmware-solutions.vcs.delete`	A VCF for Classic instance is deleted.
`vmware-solutions.vcs-host.add`	A host is added to a VCF for Classic instance.
`vmware-solutions.vcs-host.remove`	A host is removed from a VCF for Classic instance.
`vmware-solutions.vcs.update`	A VCF for Classic instance is updated.
`vmware-solutions.vcs-cluster.create`	A cluster is created for a VCF for Classic instance.
`vmware-solutions.vcs-cluster.delete`	A cluster is deleted for a VCF for Classic instance.
`vmware-solutions.vcs-nsx-license.update`	The VMware NSX® license is updated for a VCF for Classic instance.
`vmware-solutions.vcs-nfs-storage.add`	NFS storage is added to a VCF for Classic instance.
`vmware-solutions.vcs-nfs-storage.remove`	NFS storage is removed from a VCF for Classic instance.
`vmware-solutions.vcs-plan.update`	A VCF for Classic instance's plan is updated.
`vmware-solutions.vss.create`	A VMware Cloud Foundation for Classic - Flexible instance is created.
`vmware-solutions.vss.update`	A VCF for Classic - Flexible instance is updated.
`vmware-solutions.vss-template.remove`	A VCF for Classic - Flexible template is removed.
`vmware-solutions.service.create`	A service is created.
`vmware-solutions.service.delete`	A service is deleted.

Events for KMIP for VMware

When you manage keys for the KMIP™ for VMware® service, an event is generated.

The following table provides the actions that generate and send events for KMIP for VMware. The initiator completes these actions from vCenter Server and they do not include the initiator's IP address. The requests for these actions run from within the IBM Cloud private network.

The initiator ID is derived from the TLS (Transport Layer Security) certificate of the vCenter Server that is used to authenticate the connection to the KMIP server. The initiator ID is in the format CertificateID-<value>, where the value matches the fingerprint of the corresponding TLS certificate. Using the fingerprint, you can identify the vCenter Server that triggered the action.

Description of actions that generate events for the KMIP for VMware service
Action	Description
`vmware-solutions.kmip-key.create`	A KMIP key is created.
`vmware-solutions.kmip-key.read`	A KMIP key is retrieved.
`vmware-solutions.kmip-key-attributes.retrieve`	A KMIP key's attributes are retrieved.
`vmware-solutions.kmip-key.activate`	A KMIP key is activated.
`vmware-solutions.kmip-key.revoke`	A KMIP key is revoked.
`vmware-solutions.kmip-key.destroy`	A KMIP key is destroyed.

Events for VMware Shared

As of 28 March 2024, VMware Shared is not available for new deployments. Support for existing instances is extended until 28 February 2025. All customer and management data, including the backups of workloads, will be deleted in March 2025. Migrate all your VMware Shared resources to IBM Cloud® for VMware Cloud Foundation as a Service by 28 February 2025. For more information, see End of Support for VMware Shared deployments.

When you use VMware Shared, an event is generated to track how users and applications interact with virtual data centers.

The following table lists the actions that generate and send an event to Activity Tracker.

Description of actions that generate VMware Shared events
Action	Description	Outcome
`vmware-solutions.vdc.create`	An event is generated when a virtual data center instance is created.	`pending` `success` `failure`
`vmware-solutions.vdc.delete`	An event is generated when a virtual data center instance is deleted.	`pending` `success` `failure`
`vmware-solutions.vdc.update`	An event is generated when capacity is added to a virtual data center instance. An event is generated when capacity is removed from a virtual data center instance.	`pending` `success` `failure`