Learn about the General Data Protection Regulation (GDPR) and where VMware Tanzu Application Service for VMs (TAS for VMs) might store personal data.

GDPR came into effect on May 25, 2018 and affects any company processing the data of EU citizens or residents, even if the company is not EU-based. The GDPR sets forth how companies can handle privacy issues, securely store data, and respond to security breaches.

Process personal data

The GDPR grants data subjects certain rights, such as the right to obtain a copy of their personal data, object to the processing of personal data, and the right to have their personal data erased. Organizations subject to GDPR need to ensure that they can address and respond to requests by data subjects if they are processing their personal data.

Article 4, Section 1 of the GDPR defines personal data as follows:

'personal data' is any information relating to an identified or identifiable natural person ('data subject'); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person;

For more information, see the GDPR text.

Personal data can be collected, stored, and processed in a TAS for VMs deployment. VMware has performed a review of TAS for VMs components and determined that personal data might reside in the areas discussed in the following sections.

Where personal data might reside

The following sections explain how different TAS for VMs components collect personal data.

User Account and Authentication (UAA)

UAA is an open-source Cloud Foundry component that provides identity management features and identity-based security for apps and APIs. For more information, see User Account and Authentication.

GDPR Workflow What personal data is collected? When is it collected? Where is it stored? How is it processed? Who has access to it?
Business Initiation User registers
  • Username
  • Email address
  • First name (optional)
  • Last name (optional)
  • User ID (UAA GUID, generated)
User registration submission UAA DB Stored in UAA DB
  • End user
  • UAA administrators
Just-in-time provisioning: create user on user login
  • Username
  • Email address
  • First name (optional)
  • Last name (optional)
  • User ID (UAA GUID, generated)
  • Additional attributes as defined by the organization 
User login  UAA DB Stored in UAA DB  UAA administrators
Admin user makes a creation API call
  • Username
  • Email address
  • First name (optional)
  • Last name (optional)
  • User ID (UAA GUID, generated)
  • Additional attributes as defined by the organization
Admin API call  UAA DB  Stored in UAA DB UAA administrators
Business Execution User self-updates profile
  • Email address
  • First name (optional)
  • Last name (optional)
User registration submission UAA DB Stored in UAA DB
  • End user
  • UAA administrators
Just-in-time provisioning: user update
  • Email address
  • First name (optional)
  • Last Name (optional)
  • Additional attributes as defined by the organization 
User login UAA DB Stored in UAA DB UAA administrators
User logs in
  • Current account cookie (generated)
  • Saved account cookie (generated)
User login User browser By UAA
  • End user
  • UAA login page 
Admin user makes an update API call
  • Email address
  • First name (optional)
  • Last name (optional)
  • Additional attributes as defined by the organization
 Admin API call UAA DB Stored in UAA DB UAA administrators
Delete User Flow Admin user makes a hard delete API call n/a n/a n/a Deleted from UAA DB UAA administrators
Admin user makes a deactivation API call n/a n/a n/a Soft delete (records still held in database but user cannot login)  UAA administrators
Reports/Logs Event or debug logs Any information When event happens UAA logs Depends on setup of Loggregator and log forwarding BOSH administrators

Cloud Foundry API

The Cloud Foundry API release contains several components, including the Cloud Controller. For more information, see the Cloud Foundry API release README.

GDPR Workflow What personal data is collected? When is it collected? Where is it stored? How is it processed? Who has access to it? How long is it kept?
Business initiation User makes a request for the first time User ID The first time a user makes a request to the API Cloud Controller database It is used to identify permissions for the user Operations Manager operator  As long as the user is part of the system
Business execution Troubleshooting API requests
  • User ID 
  • User agent
  • IP address
On each request
  • Local VM:
    component and logs 
  • Log aggregator used by Operations Manager operator
 n/a Operations Manager operator
  • Local VM:
    4 week maximum by default
  • Log aggregator as configured by Operations Manager operator
 
Audit trails Audit what changes a user makes
  • Name
  • User ID
  • Email address
On specific API requests that mutate the state of resources Audit Event table in the Cloud Controller DB  n/a
  • Operations Manager operator
  • You can view the resource that had an audited change
31 days
Audit what changes a user makes
  • IP Address
  • Email address
  • User ID
  • Username
On each request 
  • Local VM:
    CEF logs
  • Log aggregator used by Operations Manager operator
n/a  Operations Manager operator 
  • Local VM:
    4 week maximum by default
  • Log aggregator as configured by Operations Manager operator
Audit what user created a resource
  • Name
  • User ID
  • Email address
When API resources are created As part of the resource row in Cloud Controller DB n/a
  • Operations Manager operator
  • Users that can view the resource
As long as the resource exists

Routing

By default, the Gorouter logs include the X-Forwarded-For header, which might include the originating client IP. Under GDPR, client IP addresses can be considered personal data.

Deactivate client IP logging

In TAS for VMs v2.0 and later and Elastic Runtime v1.12, you can deactivate logging of client IP addresses in the Gorouter.

To deactivate logging of client IP addresses:

  1. Go to the Tanzu Operations Manager Installation Dashboard and click the TAS for VMs or Elastic Runtime tile.

  2. Click Networking.

  3. In Client IP Logging::

    • If the source IP address exposed by your load balancer is its own IP address, select Do not log X-Forwarded-For header.
    • If the source IP address exposed by your load balancer belongs to the downstream client, select Do not log source IP or X-Forwarded-For header.
  4. Click Save.

  5. Return to the Tanzu Operations Manager Installation Dashboard, click Review Pending Changes, and click Apply Changes to redeploy.

Diego

Diego is the container management system for TAS for VMs. For more information, see Diego Components and Architecture.

GDPR Workflow What personal data is collected? When is it collected? Where is it stored? How is it processed? Who has access to it? How can I delete it?
Business Execution Executing apps and tasks No personal data is collected explicitly, but personal data might be encoded in app file contents or runtime metadata such as environment variables or start commands. Runtime metadata is collected when Cloud Controller submits work specification to the Diego BBS API. File contents are collected when Diego schedules an app or a task on a Diego Cell. Runtime metadata is stored in the Diego BBS DB. App file contents are cached on Diego Cells. Runtime metadata is used to start processes inside app instance containers and to configure their environment. App file contents are presented as part of the app instance container filesystem. Platform operators and other developers with access to the Cloud Controller space containing that app can view the data.
  • To delete the runtime metadata stored in the Diego BBS DB, stop the app or cancel the task that includes that data.
  • To delete the app file contents stored in the running app and task containers, stop the app or cancel the task to destroy the containers. To get rid of the app file contents stored in the download cache on the Diego Cells, recreate the Diego Cell VMs.
Reports/Logs SSH proxy logs TAS for VMs user access. UAA user name and ID When the user authenticates for SSH access to an app. The data is stored in a log file collocated with the SSH proxy instance handling the authentication request. This log file can also have its contents forwarded to a remote syslog destination. No processing of the local log file is done automatically. If the log file contents are forwarded to a log aggregation service, they might be parsed and processed arbitrarily. Only platform operators have access to the local log file. Platform operators or auditors have access to these log contents in a downstream log aggregation service. To delete the log lines containing the user ID:
  1. Run bosh recreate on the VMs hosting the SSH proxy processes to remove all the logs on ephemeral disk.
  2. bosh ssh into the VMs hosting the SSH proxy processes and remove specific log lines containing user IDs.
  3. Scrub corresponding log lines from any log aggregation service.

Notifications Service

The Notifications Service allows you to configure components of TAS for VMs to send emails to end users. For more information, see Getting Started with the Notifications Service.

GDPR Workflow What personal data is collected? When is it collected? Where is it stored? How is it processed? Who has access to it?
Business Execution Sending email to UAA users User ID First email sent The receipts table in the Notifications database Stored in the Notifications database Notifications operator making a database query
UAA user unsubscribes globally User ID When the UAA user unsubscribes The global_unsubscribes table in the Notifications database Stored in the Notifications database Notifications operator making a database query
UAA user unsubscribes from a specific kind of email User ID When the UAA user unsubscribes The unsubscribes table in the Notifications database Stored in the Notifications database Notifications operator making a database query
UAA user unsubscribes from a campaign in the v2 API User ID When the UAA user unsubscribes The unsubscribes table in the Notifications database Stored in the Notifications database Notifications operator making a database query
Reports/Logs UAA user unsubscribes User email address When the UAA user unsubscribes Log output Loggregator Loggregator Firehose users
check-circle-line exclamation-circle-line close-line
Scroll to top icon