Installation guide
Decommissioning
12
Decommissioning
Systems where VCM was installed contain private keys, sensitive credentials, and collection results.
Properly decommission such machines before disposing of them or using them for another purpose.
Erasing versus Deleting
For VCM decommissioning, full erasure involves more than deleting files.
After you transfer any sensitive data to retain, follow best practices to completely remove confidential
data. Always run a secure erasing or disk scrubbing utility such as Windows secure delete (SDelete).
Confidential Data to Remove
VCM systems contain confidential data or credentials from managed machines. Depending on the role of
the system, any of the following items might be present:
n
Collected data
n
File uploads
n
Private keys for Enterprise, Collector, Agent, or IIS HTTPS certificates
n
Managed machine login credentials
n
Proxy machine credentials
n
Alternative source credentials used for VCM Patching
n
Secure communication session caches
n
Network Authority account passwords
n
Collector and Agent install kits
n
VCM license files
Proper decommissioning requires the full erasure of these values from the respective machines. See
"Erasing versus Deleting" on page 53.
Distinct Collector and Agent Keys
VCM associates a unique machine identity with the private keys used by Transport Layer Security (TLS).
Do not copy these keys.
VMware, Inc.
53