Appendix: Database Schema And Audit Event Log Data; Using Database Reporting Tools; Database Schema - VMware ACE Management Server Administrator's Manual

Appendix: Database Schema and Audit Event
Log Data
This appendix explains the format of the data stored in the database and the best ways to access this data. This
appendix includes the following topics:

"Using Database Reporting Tools" on page 55

"Database Schema" on page 55

"Querying the Audit Event Log Data" on page 59

Using Database Reporting Tools

You can use a third‐party database management or reporting tool with the VMware ACE Management Server
database. You can create custom reports of the system state by using a reporting tool. You can also use a
reporting tool to inspect the audit trail of the administrator or user actions stored in the Event table. For
example, you might find active instances with outdated ACE policy sets, or excessive failed authentication
attempts.
The RDBMS access control mechanism protects the data stored in the database. Do not allow the database user
account that your reporting tool uses to have a higher than necessary level of access to the data. Otherwise you
might compromise the security of your VMware ACE system.
For example, reporting tools typically do not need write access to the database. Instead, you can create a
separate read‐only account for the reporting tool. You might also want to disallow read access to database
fields that contain sensitive information, such as user passwords, instance customization data (which might
have the domain administrator login), or instance disk encryption keys. The embedded SQLite database does
not support authentication, so access can be protected only by file‐based security that provides read‐only
permissions or permissions to perform any operation.

Database Schema

Tables in the ACE Management Server database represent the major configuration objects of ACE
Management Server, including Ace, Package, Instance, Access Policy, Runtime Policy, and User Data, which
contains image customization settings and other data for each user. Administrator and user actions are audit
logged in the Event table in the database, while possible event types are listed in the EventType table.
Note the following about the database schema:

A few tables with internal system information and indexes are not listed.

Boolean values are stored as strings with TRUE or FALSE values.

Timestamps are stored as decimal 64‐bit number strings showing the number of microseconds from 12:00
a.m 01/01/1970.

Other dates and times are stored as decimal strings showing the number of seconds from 12:00 a.m
01/01/1970.
VMware, Inc. 55