2.7

ManualsBrandsVMware ManualsComputer equipmentACE

Table Of Contents

ACE Management Server Administrator’s Manual

VMware, Inc. 35

Chapter 4 Configuration Options for ACE Management Server

Bydefault,duringACEManagementServerinstallation,thefollowingtwofilesarecreated:

 server.key–ThisRSA1024‐bitkeyistheprivatekey.

 server.crt–Thisself‐signedcertificateisvalidfor10yearsfromthedateandtimeatwhichtheserveris

installed.Itssignatureisverifiedbythepublickey,whichisembeddedinthecertificate.Thecertificate

fileisencodedinPEMformat.

WhenyourunanACEinstance,

theVMwarePlayerapplicationusesthecompletecertificationchainthatis

includedinitspackage,notonthehost,toverifyconnectionsmadetoACEManagementServer.Therefore,

theuseofself‐signedcertificatesisadequateformostsecurityneeds.Formoreinformationabouthow

VMwareACEusessecuritycertificates,see

“UsingSSLCertificatesandProtocol”onpage 16.

WhenyouclickUploadcertificates,asummarypagedisplaysthefilesandlocationsyouspecifyonthistab.

Notethelocationofanybackupfiles.Youmightneedtousethebackupifyoufindthatthenewfileisinvalid

whenyou

clickApply.See“RestoreaBackupCopyofanSSLCertificate”onpage 50.

AfteryouuploadcustomSSLcertificates,youmustupdateanyexistingACE‐enabledvirtualmachinestouse

anewcertificateandkeyfile.Todoso,useWorkstationtocreateanupdatepackage.Whenyoudeploythe

newpackage,ACEinstancesreceivethenewcertificatefileandcertificatechain.

Logging Events

Theservercollectslogentriesforeventsthatchangethedatabase.OntheLoggingtab,youcansetthelogging

levelsandsetanoptionforpurginglogentries.

ACEManagementServerusesthefollowingloggingcategories:

 ACEAdministration–Logseventsforinstancecreation,update,anddestruction.

 PackageAdministration–Logseventsforpackagecreation,update,instancecustomization,andpackage

removal.

 PolicyAdministration–Logseventsforpolicy‐setupdateandpublish,useraccesscontrolchanges,and

instancepasswordssetbyanACEadministrator.

 InstanceAdministration–LogsACEinstancelife‐cycleevents,suchascreation,copying,revocation,

reenablement,anddeletion.Alsologsinstancepasswordchangebyauseroranadministrator,changes

inexpirationforeachinstance,changesofinstanceguestorhostoperatingsysteminformation,and

settinginstancecustomfields.Thedebuglevel

canbeusedtologthemostubiquitoustrafficsuchas

policyupdaterequestsfromactiveinstances.Failedinstanceverificationsareloggedonlyatthedebug

level.

 Authentication–Logseventsforeveryauthenticationrequest,suchasadministrationorhelpdesk

authenticationattempts(atthenormallevel),instanceauthentication(attheinformationallevel),and

remoteLDAPpasswordchange.Setloggingforthiscategorytothelowestlevelthatispracticalforyou.

Thiscategorycangeneratealarge

volumeofentries.

Foreachcategory,youcanchooseoneofthefollowinglogginglevels:

 None–Nologentryismadeforthisevent.

 Critical–Anexampleofacriticallogeventisonethatremovesallpackages,instances,andpolicies

associatedwithanACE‐enabledvirtualmachine.

 Normal–Thislevelofdetailissufficienttoanswermostqueries.

 Informative–Entriesfornondestructiveeventsthathavelimitedeffect.

 Debug–Entriesforeveryclientaccessoftheserver.Itprovidesmorerecordsofcertaineventtypes,

creatingalargenumberloggingentriescomparedtootherloglevels.Itlogsallinformationaltransactions,

suchasinstancestatusandsoon.