Diagnóstico Social

6.1 vSphere Host Setup Standardization

Host profiles can be used to automatically configure network, storage, security and other features. This feature, along with vSphere Auto Deploy, simplifies and automates the installation of ESXi hosts, and is used to standardize all host configurations.

VM Monitoring is enabled on a cluster level within HA and uses the VMware Tools heartbeat to verify that a virtual machine is alive. If a virtual machine fails, causing VMware Tools heartbeat to not be updated, VM Monitoring tests to see if any storage or networking I/O has occurred over the last 120 seconds and, if not, the virtual machine is restarted.

VMware recommends enabling both VMware HA and VM Monitoring on the management cluster and the vCloud resources clusters.

6.2 VMware vCloud Director Logging

Logging is one of the key components in any infrastructure. It provides audit trails for user logins and logouts among other important functions. Logging records various events happening in the servers, and helps diagnose problems, detect unauthorized access, and so on. In some cases, regular log analyses can proactively stave off problems that may turn out to be critical to the business.

Each vCloud Director cell logs audit messages to the database where they are retained for 90 days by default. If log retention is needed for longer than 90 days or centralized logging is required, an external syslog server can be configured and used as a duplicate destination for the events that are logged. Individual components can also be configured to redirect syslog messages to tenant-designated syslog servers.

In vCloud Director, there are two options for logging. The logs can be stored either locally to the server or in a centralized (syslog) location. During the initial installation, the administrator can choose which option to use.

During the initial installation, if a syslog server address is not entered, the logs are stored locally. The syslog server listens on port 514 using the UDP protocol.

If local storage was chosen during the installation, the administrator can later change it using the following procedure:

1. Log in to the vCloud Director cell using a vCenter virtual machine console, or using SSH if it is enabled.

2. Change directory to /opt/vmware/vcloud-director/etc as follows:

3. Make a backup of

cd /opt/vmware/vcloud-director/etc log4j.properties as follows:

4. Modify the following line by appending the string in bold: cp log4.properties {,.original}

log4j.rootLogger=ERROR, vcloud.system.debug, vcloud.system.info, vcloud.system.syslog

5. Edit log4j.properties

log4j.appender.vcloud.system.syslog=org.apache.log4j.net.SyslogAppender

with your preferred editor and add the following lines:

log4j.appender.vcloud.system.syslog.syslogHost=remoteSyslogHost.example.com:<PORT> # For default listening port of 514, <PORT>can be left blank

log4j.appender.vcloud.system.syslog.facility=LOCAL1log4j.appender.vcloud.system.sys log.layout=com.vmware.vcloud.logging.CustomPatternLayout

log4j.appender.vcloud.system.syslog.layout.ConversionPattern=%d{ISO8601} | %-8.8p | %-25.50t | %-30.50c{1} | %m | %x%n

log4j.appender.vcloud.system.syslog.threshold=INFO

6. Save the file and restart the vCloud Director cell.

To enable centralized logging in all of the vCloud Director cells, repeat this procedure for each cell. Servicevmware-vcd restart

6.3 vShield Edge Logging

Remote logging of firewall events to a central syslog host provides a way to greatly increase security and network forensic capabilities. In addition to vCloud Director logs, vShield Edge devices deployed within a vCloud director environment will inherit the default syslog for networks which can be set to the same remote syslog system used by vCloud Director. To specify the remote syslog server for networks in vCloud Director:

1. Log in to the vCloud Director UI as the system administrator.

2. From the Administration Tab, under System Settings, Select General.

3. Under “Default syslog server settings for networks specify up to two syslog servers. a. Syslog server 1

b. Syslog server 2 4. Click Apply.

Any new Routed Organization deployed will inherit the syslog server settings specified above. This will provide a location to send firewall logs for specific Firewall Rules when configured by the Organization or System Administrator. For existing Routed Organization networks you can update the syslog settings for a particular network by completing the following:

1. From the Organization Administration tab under Cloud Resources, select Networks. 2. Right click the network and select Synchronize syslog server settings.

6.4 vSphere Host Logging

Remote logging to a central host provides a way to greatly increase administration capabilities. Gathering log files on a central server facilitates monitoring of all hosts with a single tool and enables aggregate analysis and the ability to search for evidence of coordinated attacks on multiple hosts.

Within each ESXi host, syslog behavior is managed by leveraging esxcli

For this initial implementation, all NewCo management and resource hosts will be configured to send log files to two central syslog servers residing in the management cluster. Requirements for this configuration are.

. These settings determine the central logging host that will receive the syslog messages. The hostname must be resolvable using DNS.

• Syslog.Local.DatastorePath

•

– A location on a local or remote datastore and path where logs are saved.

Syslog.Remote.Hostname

•

– A remote server's DNS name or IP address where logs are sent using the syslog protocol. The DNS name for syslog is mgmt-syslog.example.com

Syslog.Remote.Port

• #Configure NewCo syslog servers.

– A remote server's UDP port where logs are sent using the syslog protocol. Default is port 514.

esxcli system syslog config set --default-rotate 20 --loghost udp://mgmt- syslog1.example.com:514,udp://mgmt-syslog2.example.com:1514

• #Configure ESXi logs to send to syslog

esxcli system syslog config logger set --id=hostd --rotate=20 --size=2048 esxcli system syslog config logger set --id=vmkernel --rotate=20 --size=2048 esxcli system syslog config logger set --id=fdm --rotate=20

6.5 vCloud Monitoring

Monitor the following items through VMware vCloud Director. As of VMware vCloud Director 1.5 this must be done with custom queries to VMware vCloud Director using the Admin API to get the consumption data on the different components. Some of the components in VMware vCloud Director can also be monitored by aggregating the Syslog-generated logs from the different VMware vCloud Director cells that would be found on the centralized log server.

Table 36. VMware vCloud Director Monitoring Items Scope Item

System • Leases

• Quotas • Limits

vSphere Resources • CPU

• Memory

• Network IP address pool • Storage free space Virtual Machines/vApps Not in scope

In addition to the vCloud Director, UI monitoring can be accomplished through a JMX interface.

6.5.1 vCloud Director

As of VMware vCloud Director 1.0, monitoring is performed using custom queries to VMware vCloud Director using the Admin API to capture the summary consumption data on organization virtual datacenter, through MBeans, and through standard Linux and JMX monitoring services running on the vCloud Director guest. Some of the components in VMware vCloud Director can also be monitored by aggregating the Syslog-generated logs from the different VMware vCloud Director cells that would be found on the centralized log server.

6.5.2 vCenter Server

Multiple vCenter Servers are present within a vCloud instance to manage the virtual resources within the management and resource groups. Use of vCenter alerts and health of vpxd service provides advance notice when vCenter Servers are resource constrained or have suffered a fault.