Data Governance
This article provides information regarding the collection, storage, and retention of logs by Citrix Hypervisor.
Citrix Hypervisor is a server virtualization platform that enables the customer to create and manage a deployment of virtual machines. XenCenter is the management UI for Citrix Hypervisor. Citrix Hypervisor and XenCenter can collect and store customer data as part of providing the following capabilities:
-
Server status reports - A server status report can be generated on-demand and uploaded to Citrix Insight Services or provided to Citrix Support. The server status report contains information that can aid in diagnosing issues in the customer’s environment.
-
Automatic updates for the Management Agent - The Management Agent runs within VMs hosted on a Citrix Hypervisor server or pool. If the server or pool is licensed, the Management Agent can check for and apply updates to itself and to the I/O drivers in the VM. As part of checking for updates, the automatic update feature makes a web request to Cloud Software Group that can identify the VM where the Management Agent runs.
-
XenCenter check for updates - This feature determines whether any hotfixes, cumulative updates, or new releases are available for the Citrix Hypervisor servers and pools XenCenter manages. As part of checking for updates, this feature makes a web request to Citrix that includes telemetry. This telemetry is not user-specific and is used to estimate the total number of XenCenter instances worldwide.
-
XenCenter email alerts - XenCenter can be configured to send email notifications when alert thresholds are exceeded. To send these email alerts, XenCenter collects and stores the target email address.
Any information received by Cloud Software Group is treated in accordance with our Agreements.
Server status reports
During the course of operation a Citrix Hypervisor server collects and logs various information on the server where Citrix Hypervisor is installed. These logs can be collected as part of a server status report.
A server status report can be generated on-demand and uploaded to Citrix Insight Services or provided to Citrix Support. The server status report contains information that can aid in diagnosing issues in the customer’s environment.
Server status reports that are uploaded to Citrix Insight Services are stored in Amazon S3 environments located in the United States.
Citrix Hypervisor and XenCenter collect information from the following data sources:
- XenCenter
- Citrix Hypervisor servers and pools
- Hosted VMs
You can select which data items are included in the server status reports. You can also delete any server status reports that are uploaded to your MyCitrix account on Citrix Insight Services.
Citrix Insight Services does not implement an automatic data retention for server status reports uploaded by the customer. The customer determines the data retention policy. You can choose to delete any server status reports that are uploaded to your MyCitrix account on Citrix Insight Services.
Data collected
A server status report can contain the following log files:
| Log type | Contains PII? |
|---|---|
xapi-debug |
maybe |
xen-info |
maybe |
conntest |
no |
xha-liveset |
maybe |
high-availability |
maybe |
firstboot |
yes |
xenserver-databases |
yes |
multipath |
maybe |
disk-info |
maybe |
xenserver-logs |
maybe |
xenserver-install |
maybe |
process-list |
yes |
blobs |
no |
xapi |
yes |
host-crashdump-logs |
maybe |
xapi-subprocess |
no |
pam |
no |
control-slice |
maybe |
tapdisk-logs |
no |
kernel-info |
maybe |
xenserver-config |
maybe |
xenserver-domains |
no |
device-model |
yes |
hardware-info |
maybe |
xenopsd |
maybe |
loopback-devices |
maybe |
system-services |
no |
system-logs |
maybe |
network-status |
yes |
v6d |
maybe |
CVSM |
no |
message-switch |
maybe |
VM-snapshot-schedule |
no |
xcp-rrdd-plugins |
maybe |
yum |
if customized |
fcoe |
yes |
xapi-clusterd |
maybe |
network-config |
if customized |
boot-loader |
no |
Management Agent automatic updates
The Management Agent runs within VMs hosted on a Citrix Hypervisor server or pool. If the server or pool is licensed, the Management Agent can check for and apply updates to itself and to the I/O drivers in the VM. As part of checking for updates, the automatic update feature makes a web request to Cloud Software Group that can identify the VM where the Management Agent runs.
The web logs captured from the requests made by the Management Agent automatic updates feature are located in a Microsoft Azure Cloud environment located in the United States. These logs are then copied to a log management server in the United Kingdom.
The web requests made by the Management Agent automatic updates feature are made over HTTPS. Web log files are transmitted securely to the log management server.
You can select whether your VM uses the Management Agent automatic update feature. If you choose to use the Management Agent automatic update feature, you can also choose whether the web request includes the VM identifying information.
Web logs containing information from web requests made by the Management Agent automatic updates feature and the XenCenter check for updates feature can be retained indefinitely.
Data collected
The Management Agent automatic updates web requests can contain the following data points:
| Data collected | Description | What we use it for |
|---|---|---|
| IP address | The IP address of the VM where the Management Agent is installed | |
| VM UUID | A unique user ID for the VM where the Management Agent is installed |
XenCenter check for updates
This feature determines whether any hotfixes, cumulative updates, or new releases are available for the Citrix Hypervisor servers and pools XenCenter manages. As part of checking for updates, this feature makes a web request to Cloud Software Group that includes telemetry. This telemetry does not personally identify users and is used to estimate the total number of XenCenter instances worldwide.
The web logs captured from the requests made by the XenCenter check for updates feature are located in a Microsoft Azure Cloud environment located in the United States. These logs are then copied to a log management server in the United Kingdom.
The web requests made by the XenCenter check for updates feature are made over HTTPS. Web log files are transmitted securely to the log management server.
The XenCenter check for updates feature is enabled by default. You can choose to disable this feature.
Data collected
The check for updates feature web requests contain the following data points:
| Data collected | Description | What we use it for |
|---|---|---|
| IP address | The IP address of the XenCenter host machine | |
| XenCenter version | The version of XenCenter making the request |
XenCenter email alerts
XenCenter can be configured to send email notifications when alert thresholds are exceeded. To send these email alerts, XenCenter collects and stores the target email address.
The email address that XenCenter uses to send email alerts is stored on the machine where you installed XenCenter.
You can delete email alerts configured in XenCenter to remove the stored email information.
XenCenter retains the email information used to provide email alerts for the lifetime of the email notification. When you delete the configured email alert, the data is removed.
Data collected
To provide email alerts XenCenter stores the following data points:
| Data collected | Description | What we use it for |
|---|---|---|
| Email address | The email address for alerts | To send alert and notification emails to |
| SMTP server | The SMTP server to use | To route the email alerts to the recipient |