2.6
Table Of Contents
- ACE Management Server Administrator’s Manual
- Contents
- About This Book
- Introduction
- Planning an ACE Management Server Deployment
- Installing and Configuring ACE Management Server
- Configuration Options for ACE Management Server
- Prerequisites for Configuring the Server
- Starting ACE Management Server Configuration
- Viewing and Changing Licensing Information
- Using an External Database
- Creating Access Control
- Uploading Custom SSL Certificates
- Logging Events
- Applying Configuration Settings
- Load-Balancing Multiple ACE Management Server Instances
- Typical Setup Using Load-Balanced ACE Management Server Instances
- Install the Required Services for Load Balancing
- Use the Same SSL Certificate on All Servers
- Create New SSL Certificates and Keys for Each Server
- Installing and Configuring the Load Balancer
- Verify That ACE Instances Are Using the Load Balancer
- Managing ACE Instances
- Viewing ACE Instances That the Server Manages
- Search for an Instance
- Sort by Column Heading and Change Column Width
- Show, Hide, and Move Columns in the Instance View
- Create or Delete Custom Columns in the Instance View
- View Instance Details
- Reactivate, Deactivate, or Delete an ACE Instance
- Change a Copy Protection ID
- Reset the Authentication Password
- Add Information for Custom Columns
- Troubleshooting and Maintenance
- Appendix: Database Schema and Audit Event Log Data
- Glossary
- Index
ACE Management Server Administrator’s Manual
60 VMware, Inc.
ACE,package,andinstanceUIDsandpolicyversionprovidecoordinatesofthelogeventinthespaceofACE
Serverobjects.Theyhelplinktheeventwiththestateofthesystem.Byusingdatabasequerytools,youcan
findallACEadministrationeventsthataffectedaparticularACEinstancefrom
itscreationuntilitsdeletion.
Notallcoordinatesarepresentforallevents.Forexample,ifapackageexpirationdateupdateislogged,the
instanceUIDfieldisnotset,becauseallinstanceswithinthepackageareaffected.
Ifimmutabledataisstoredpermanentlyelsewhereinthedatabase,itis
notduplicatedinthelogentry.For
example,whenanewpolicyispublished,thecompletepolicytextisnotincludedinthelogentry.Instead,its
versionnumberisreferenced,sothatthecompletedataoftheeventcanbereconstructedfromPolicyDb_
RuntimePolicyandPolicyDb_Accesstablesifnecessary.
The
eventtypecodeisassociatedwithalookuptablePolicyDb_EventType,whichcontainsatextmessage
templateforeachtypeofevent,category,andlogleveloftheevent.Themessagecancontain%sparameter
placeholders,inwhichcasetheMessageParametersfieldinthelogentrycontainsatab‐delimited
listof
valuesfortheseparameters.Forexample,aninstanceadministrationeventwithtype=4110hasthefollowing
message:
4110 -> "Instance Set Guest Info requested, IP address = %s, MAC address %s, configuration
message \"%s\", machine name \"%s\", configuration status %s"
Inthisexample,theMessageParametersfieldshows:
10.17.0.3 00:0C:29:1A:2B:3C OK ACETest 0
Theresultingparametersreplacethe%splaceholdersinthemessagetemplate.
Loginusername
AffectedACEUID(FK)
AffectedpackageUID(FK)
AffectedinstanceUID(FK)
AffectedPolicySetVersion
Eventcategory Auth,AceAdmin,PkgAdmin,PolicyAdmin,
InstAdmin
Eventtypecode(FK) ReferencesPolicyDb_EventTypetable
SessionID Debug
IncomingIPaddress Reservedforfutureuse
ServerIPAddress Reservedforfutureuse
Operationturnaroundtime Timespentinserver
inms
Operationhandlername(debug)
Returncodetext Success,failure,specificerror
Messageparameters Tab‐separatedlist
PreviouseventUUIDtoprevent
unauthorizedrecorddeletionorinsertion
Logintegrity
Eventrecordhashwithaserverkeytoreveal
modificationoftherecord
Logintegrity
NOTEACEManagementServerdoesnotlogsensitivedatalikepasswordsorencryptionkeys.
Table A-1. Log Entry Data (Continued)
Data Description