2.5
Table Of Contents
- ACE Management Server Administrator’s Manual
- Contents
- About This Book
- Introduction
- Planning an ACE Management Server Deployment
- Installing and Configuring ACE Management Server
- Configuration Options for ACE Management Server
- Prerequisites for Configuring the Server
- Starting ACE Management Server Configuration
- Viewing and Changing Licensing Information
- Using an External Database
- Creating Access Control
- Uploading Custom SSL Certificates
- Logging Events
- Applying Configuration Settings
- Load-Balancing Multiple ACE Management Server Instances
- Typical Setup Using Load-Balanced ACE Management Server Instances
- Install the Required Services for Load Balancing
- Use the Same SSL Certificate on All Servers
- Create New SSL Certificates and Keys for Each Server
- Installing and Configuring the Load Balancer
- Verify That ACE Instances Are Using the Load Balancer
- Managing ACE Instances
- Viewing ACE Instances That the Server Manages
- Search for an Instance
- Sort by Column Heading and Change Column Width
- Show, Hide, and Move Columns in the Instance View
- Create or Delete Custom Columns in the Instance View
- View Instance Details
- Reactivate, Deactivate, or Delete an ACE Instance
- Change a Copy Protection ID
- Reset the Authentication Password
- Add Information for Custom Columns
- Troubleshooting and Maintenance
- Appendix: Database Schema and Audit Event Log Data
- Glossary
- Index
VMware, Inc. 49
Chapter 4 Configuration Options for ACE Management Server
AfteryouuploadcustomSSLcertificates,youmustupdateanyexistingACE‐enabled
virtualmachinestouseanewcertificateandkeyfile.Todoso,useWorkstationto
createanupdatepackage.Whenyoudeploythenewpackage,ACEinstancesreceive
thenewcertificatefileandcertificatechain.
Logging Events
Theservercollectslogentriesforeventsthatchangethedatabase.OntheLoggingtab,
youcansetthelogginglevelsandsetanoptionforpurginglogentries.
ACEManagementServerusesthefollowingloggingcategories:
ACEAdministration–Logseventsforinstancecreation,update,anddestruction.
PackageAdministration–Logseventsforpackagecreation,update,instance
customization,andpackageremoval.
PolicyAdministration–Logseventsforpolicy‐setupdateandpublish,useraccess
controlchanges,andinstancepasswordssetbyanACEadministrator.
InstanceAdministration–LogsACEinstancelife‐cycleevents,suchascreation,
copying,revocation,reenablement,anddeletion.Alsologsinstancepassword
changebyauseroranadministrator,changesinexpirationforeachinstance,
changesofinstanceguestorhostoperatingsysteminformation,andsetting
instancecustomfields.Thedebuglevel
canbeusedtologthemostubiquitous
trafficsuchaspolicyupdaterequestsfromactiveinstances.Failedinstance
verificationsareloggedonlyatthedebuglevel.
Authentication–Logseventsforeveryauthenticationrequest,suchas
administrationorhelpdeskauthenticationattempts(atthenormallevel),instance
authentication(attheinformationallevel),andremoteLDAPpasswordchange.
Setloggingforthiscategorytothelowestlevelthatispracticalforyou.This
categorycangeneratealarge
volumeofentries.
Foreachcategory,youcanchooseoneofthefollowinglogginglevels:
None–Nologentryismadeforthisevent.
Critical–Anexampleofacriticallogeventisonethatremovesallpackages,
instances,andpoliciesassociatedwithanACE‐enabledvirtualmachine.
Normal–Thislevelofdetailissufficienttoanswermostqueries.
Informative–Entriesfornondestructiveeventsthathavelimitedeffect.
Debug–Entriesforeveryclientaccessoftheserver.Itprovidesmorerecordsof
certaineventtypes,creatingalargenumberloggingentriescomparedtootherlog
levels.Itlogsallinformationaltransactions,suchasinstancestatusandsoon.