For auditing purposes, you can monitor the events that VMware Cloud Director Availability generates by using a syslog server, by using email delivery for the notifications, and for Cloud Director sites, you can monitor the events also in VMware Cloud Director.

Event Notifications Delivery Channels

To aid with auditing and monitoring the cloud site, VMware Cloud Director Availability delivers information about significant events by using the following delivery channels, depending on the cloud site:
Cloud site Cloud Director sites vSphere DR and migration sites
Delivery channels
Syslog
As a provider, you can use the syslog protocol for delivering the event notifications to a preconfigured syslog server, for example, vRealize Log Insight for auditing.
Depending on the cloud site, to enter the syslog server IP address and its UDP port, see either:
Email
This event notification delivery channel is available for both provider and tenant users.
Either in VMware Cloud Director, as an OrgAdmin user, you can register a Simple Mail Transfer Protocol (SMTP) server for the events notifications. VMware Cloud Director Availability can use the SMTP configuration of VMware Cloud Director.
  • For information about configuring the email notifications as a tenant user, see Modify Your Email Settings in the VMware Cloud Director Tenant Guide.
Alternatively, since VMware Cloud Director Availability 4.6.1 as a provider or as a tenant you can Set custom SMTP settings and configure the email settings for the selected events notifications.
Email
As an Administrator user, configure an SMTP server and the email settings for the selected events notifications.
Cloud Director
For Cloud Director sites, this event notification delivery channel is available for both provider and tenant users. In VMware Cloud Director, as an OrgAdmin user, you can monitor VMware Cloud Director Availability events and also monitor events about user actions for replications owned by the same user. As a SysAdmin user, you can monitor all events, including the events that OrgAdmin users see, with additional event details.

VMware Cloud Director maintains an audit log, called Audit Trail, per organization, allowing tenants to export it and inspect the events themselves. For more information, see the Multitenant Logging with VMware Cloud Director blog post.

The Audit Trail receives all external events to VMware Cloud Director, including all VMware Cloud Director Availability events, and resides in a designated space, with its own retention rules, separate from the persistence of the conventional events.

All events that VMware Cloud Director Availability sends to VMware Cloud Director are marked as audit events.
N/A
Each of these delivery channels carries the same notification information, formatted according to the delivery method. To receive events notifications, you can use one or multiple delivery channels simultaneously.
Note: When sent by email, the events under the User Activities section are batched per tenant/activity type and aggregated in one message sent every 60 minutes or every 300 events, whichever comes first.

Audit Events

The ISO 27001 and PCI-DSS auditing requirements as logged by VMware Cloud Director Availability:
  • Logs any administrative, root, or elevated access to the system, for example, user X, successful login at timestamp from IP-address/FQDN.
  • Logs any unsuccessful login attempts for all users to the system, for example, user Y, failed login attempt at timestamp from IP-address/FQDN.
  • Logs any passive operations of all users, for example, running RPO compliance reports, system tasks review, data stores review, and system health review.
  • Logs any configuration changes, including creation, modification, and deletion, under the following sections:
  • Replications section activities:
    • Incoming Replications - logs any user-executed actions, for example, Migrate, Failover, and Test.
    • Recovery Plans - logs all recovery plan operations.
    • Start/Stop events for replication tasks
  • Configuration section activities on the pages:
    • Settings
    • Peer Sites
    • Policies
    • SLA Profiles
    • L2 Stretch
  • System section activities:
    • Datastores > Evacuate
    • Support Bundles
    • Backup Archives
    • Start/Stop events for System tasks
  • Reports page logs all report-related activities.
  • Session-related activities, such as:
    • Login
    • Logout
    • Login to peer site
    • Logout of peer site

Weekly Summary Report Subscription

VMware Cloud Director Availability 4.6 and later allows both providers and their tenants to subscribe for a weekly summary email that contains the numbers of active/new/deleted protections and migrations performed last week.

The subscribers remain informed about what is happening with their replications without logging in. Their weekly summary report:

  • Counts only incoming replications using the Classic data engine to the cloud site.
  • Counts the current state at the report runtime both for active protections and for migrations.
  • Counts the following numbers for the week:
    • Performed failovers
    • Performed test failovers
    • Performed migrates
    • New protections and new migrations
    • Deleted protections and migrations

For more information, see Subscribe for weekly summary email.