2.5
Table Of Contents
- ACE Management Server Administrator’s Manual
- Contents
- About This Book
- Introduction
- Planning an ACE Management Server Deployment
- Installing and Configuring ACE Management Server
- Configuration Options for ACE Management Server
- Prerequisites for Configuring the Server
- Starting ACE Management Server Configuration
- Viewing and Changing Licensing Information
- Using an External Database
- Creating Access Control
- Uploading Custom SSL Certificates
- Logging Events
- Applying Configuration Settings
- Load-Balancing Multiple ACE Management Server Instances
- Typical Setup Using Load-Balanced ACE Management Server Instances
- Install the Required Services for Load Balancing
- Use the Same SSL Certificate on All Servers
- Create New SSL Certificates and Keys for Each Server
- Installing and Configuring the Load Balancer
- Verify That ACE Instances Are Using the Load Balancer
- Managing ACE Instances
- Viewing ACE Instances That the Server Manages
- Search for an Instance
- Sort by Column Heading and Change Column Width
- Show, Hide, and Move Columns in the Instance View
- Create or Delete Custom Columns in the Instance View
- View Instance Details
- Reactivate, Deactivate, or Delete an ACE Instance
- Change a Copy Protection ID
- Reset the Authentication Password
- Add Information for Custom Columns
- Troubleshooting and Maintenance
- Appendix: Database Schema and Audit Event Log Data
- Glossary
- Index
VMware, Inc. 83
Appendix: Database Schema and Audit Event Log Data
Ifimmutabledataisstoredpermanentlyelsewhereinthedatabase,itisnotduplicated
inthelogentry.Forexample,whenanewpolicyispublished,thecompletepolicytext
isnotincludedinthelogentry.Instead,itsversionnumberisreferenced,sothatthe
completedataoftheevent
canbereconstructedfromPolicyDb_RuntimePolicyand
PolicyDb_Accesstablesifnecessary.
TheeventtypecodeisassociatedwithalookuptablePolicyDb_EventType,which
containsatextmessagetemplateforeachtypeofevent,category,andloglevelofthe
event.Themessagecancontain%sparameterplaceholders,inwhichcase
theMessage
Parametersfieldinthelogentrycontainsatab‐delimitedlistofvaluesforthese
parameters.Forexample,aninstanceadministrationeventwithtype=4110hasthe
followingmessage:
4110 -> "Instance Set Guest Info requested, IP address = %s, MAC
address %s, configuration message \"%s\", machine name \"%s\",
configuration status %s"
Inthisexample,theMessageParametersfieldshows:
10.17.0.3 00:0C:29:1A:2B:3C OK ACETest 0
Theresultingparametersreplacethe%splaceholdersinthemessage
template.
ACEManagementServereventloggingcontainsanexperimentaltamperevidence
feature.Everyrecordintheeventlog(exceptthefirstone)musthaveauniquereference
tothepreviousevent,furtherenforcedbythedatabaseforeignkeyandunique
constraint.EachsuccessiverecordhasauniqueIDincrementedby1,
somissingrecords
areimmediatelyevident.Ifauserwithdirectaccesstothedatabasechanges,adds,or
removessomerecords,theusermustchangeeitherthepreviousev entpointerorother
dataintheremainingeventrecords.Datawithineveryrecordishashedtogetherwith
aserverkeyandis
storedintheeventSignaturefield.
Formoreinformationabouteventcategories,configuringlevelsofeventloggingfor
eachcategory,andpurgingoldeventstokeepthetablesizeincheck,see“Logging
Events”onpage 49.
N
OTEACEManagementServerdoesnotlogsensitivedatalikepasswordsor
encryptionkeys.