After you implement the Identity and Access Management for VMware Cloud Foundation validated solution, by using VMware or third-party components, collect log data in a central place from the components that are newly-added to or re-configured in your VMware Cloud Foundation system.
For validated logging solutions, see the VMware Validated Solutions landing page.
If your environment is running , you can gather logging information about the standalone Workspace ONE Access instance by using a log agent on the Workspace ONE Access appliance.
| Decision ID |
Design Decision |
Design Justification |
Design Implication |
|---|---|---|---|
| IAM-WSA-LOG-001 |
Install the vRealize Log Insight agent on the standalone Workspace ONE Access instance. |
The vRealize Log Insight agent is required to collect and transfer logs to the vRealize Log Insight instances. |
None. |
| IAM-WSA-LOG-002 |
Configure the vRealize Log Insight agent to transmit logs from the standalone Workspace ONE Access instance to the adjacent vRealize Log Insight in the VMware Cloud Foundation instance using the vRealize Log Insight ingestion API, |
Ensures the transmission of logs from the standalone Workspace ONE Access instance to be forwarded to the adjacent vRealize Log Insight using the Ingestion API. |
The configuration is unencrypted. To ensure that the transmission of logs between the standalone Workspace ONE Access is encrypted using TLS, you must update the configuration for Workspace ONE Access to send logs to vRealize Log Insight using the ingestion API, |
| IAM-WSA-LOG-003 |
Configure a dedicated Workspace ONE Access agent group and assign the standalone Workspace ONE Access instance FQDN. |
|
Adds minimal load to vRealize Log Insight. |
| IAM-WSA-LOG-004 |
Configure a dedicated Photon OS agent group and assign the standalone Workspace ONE Access instance FQDN. |
|
Adds minimal load to vRealize Log Insight. |
