James Thew - Fotolia
What is enhanced logging and how does it boost vSphere security?
Logs have been an integral piece of troubleshooting. New enhanced logs boosts vSphere security by providing much more detail about errors and changes.
Security has become a final crucial battleground for virtualization technology. The problem isn't keeping VMs and data protected from other instances; operational VMs have never been successfully breached through the hypervisor. Rather, security has advanced to embrace the dynamics of virtualization that take place when VMs start and move.
Additional clarity in management and reporting also benefits VM security, especially when hundreds or even thousands of VMs are running across the enterprise. VMware introduces and improves on several important vSphere security features in version 6.5. Let's look beyond VM Encryption and VM secure boot, and consider one of the lesser-known new vSphere security features: enhanced logging.
What is enhanced or actionable logging in vSphere 6.5?
Logs are a vital part of systems management and troubleshooting, alerting administrators to errors or changes that take place within the environment. The challenge with traditional logs is that they often only report the event, omitting salient details surrounding the event. For example, a log might report that the configuration of a certain virtual machine has changed. That's important, and can quickly draw the attention of an administrator.
The problem is that logs typically don't report corresponding details like what states or settings have changed, what the original states or settings were, and who made the change. An administrator must still examine the affected resource and identify any changes or errors manually, making troubleshooting more frustrating and time-consuming than necessary. Even then, there is rarely any means of identifying the offending individual who made the change, leaving security weak.
VMware introduced the idea of enhanced logging as a new vSphere security feature. It's aimed to address these traditional log file shortcomings. VMware now handles vCenter events through syslog data which adds actionable details to the log entry without the need for verbose content.
Undesirable or inappropriate changes can be identified and corrected faster and with less guesswork. For example, if the amount of memory provisioned to a VM is changed, enhanced logging can detail the original memory amount and the new memory amount instead of just noting that VM's configuration has changed.
How well do you know new vSphere 6.5 features and upgrades?
Take this quiz to test your knowledge on the new vSphere 6.5 features as well as all of the other changes that came with the VMware's latest release of its core virtualization product.
As another example, moving a VM from one vSwitch to another will create a log entry showing the original and final result of that change, allowing an administrator to quickly identify any potential causes and assess possible performance or security consequences.
Enhanced logging in vSphere 6.5 also works in conjunction with tools like VMware Log Insight or other third-party log managers such as log analytics tools. The presence of additional log details can help organizations set up more granular or comprehensive alerts in log management tools, allowing for more proactive and effective support.
Troubleshooting vSphere Replication issues
What are the requirements for Fault Tolerance logging?
VMware vRealize Log Insight offers more than just central logging
Dig Deeper on VMware ESXi, vSphere and vCenter
Related Q&A from Stephen J. Bigelow
What is data separation and why is it important in the cloud?
Some enterprises avoid the public cloud due to its multi-tenant nature and data security concerns. Learn what data separation is and how it can keep ... Continue Reading
NAS vs. object storage: What's best for unstructured data storage?
There are advantages and disadvantages to using NAS or object storage for unstructured data. Find out what to consider when it comes to scalability, ... Continue Reading
Do hypervisors limit vertical scalability?
Knowing hardware maximums and VM limits ensures you don't overload the system. Learn hypervisor scalability limits for Hyper-V, vSphere, ESXi and ... Continue Reading