Data Governance
This article provides information regarding the collection, storage, and retention of logs by XenServer.
XenServer is a server virtualization platform that enables the customer to create and manage a deployment of virtual machines. XenCenter is the management UI for XenServer. XenServer and XenCenter can collect and store customer data as part of providing the following capabilities:
-
Telemetry - The telemetry functionality transmits basic licensing information about a XenServer pool. XenServer collects this basic licensing data as necessary for its legitimate interests, including license compliance.
-
Server status reports - A server status report can be generated on-demand and uploaded to Citrix Insight Services or provided to Support. The server status report contains information that can aid in diagnosing issues in the your environment.
-
Automatic updates for the Management Agent - The Management Agent runs within VMs hosted on a XenServer host or pool. If the server or pool is licensed, the Management Agent can check for and apply updates to itself and to the I/O drivers in the VM. As part of checking for updates, the automatic update feature makes a web request to Cloud Software Group that can identify the VM where the Management Agent runs.
-
XenCenter check for updates - This feature determines whether any hotfixes, cumulative updates, or new releases are available for the XenServer hosts and pools XenCenter manages. As part of checking for updates, this feature makes a web request to Citrix that includes telemetry. This telemetry is not user-specific and is used to estimate the total number of XenCenter instances worldwide.
-
XenCenter email alerts XenCenter can be configured to send email notifications when alert thresholds are exceeded. To send these email alerts, XenCenter collects and stores the target email address.
Telemetry information received by Cloud Software Group is treated in accordance with our Agreements.
Telemetry
The XenServer telemetry functionality collects basic licensing information about your XenServer pools.
When you install XenServer, your pool coordinator gathers telemetry data and uploads it weekly to a Microsoft Azure Cloud environment located in the United States. This data does not identify individuals or customers and is sent securely over HTTPS on port 443 to https://telemetry.ops.xenserver.com/. No information other than the four elements identified below is collected or transmitted.
Access to this data is restricted to members of the XenServer Operations and Product Management teams.
Telemetry information received by Cloud Software Group is treated in accordance with our Agreements.
Telemetry collected
For each XenServer pool, the pool coordinator collects the following data:
| Data collected | Description |
|---|---|
| UUID | A random unique ID for the telemetry data of this pool. This UUID is not the same as the pool UUID or any other existing identifier. It is not collected in server status reports. |
| Product version | The version of XenServer installed in this pool. |
| Sockets (per host) | The number of sockets this host has. |
| Edition (per host) | The type of license on this host. |
This data does not identify individuals or customers and contains no personally identifiable information.
Viewing the telemetry data
The data that XenServer submits is logged on your pool coordinator in /var/telemetry/telemetry.data. This file is not collected in the server status logs.
Server status reports
During the course of operation a XenServer host collects and logs various information on the server where XenServer is installed. These logs can be collected as part of a server status report.
A server status report can be generated on-demand. You can upload these reports to Citrix Insight Services or provide them to Support. The server status report contains information that can aid in diagnosing issues in your environment.
Server status reports that are uploaded to Citrix Insight Services are stored in Amazon S3 environments located in the United States.
XenServer and XenCenter collect information from the following data sources:
- XenCenter
- XenServer hosts and pools
- Hosted VMs
You can select which data items are included in the server status reports. You can also delete any server status reports that are uploaded to your MyCitrix account on Citrix Insight Services.
Citrix Insight Services does not implement an automatic data retention for server status reports uploaded by the customer. The customer determines the data retention policy. You can choose to delete any server status reports that are uploaded to your MyCitrix account on Citrix Insight Services.
Data collected
A server status report can contain the following log files:
| Log type | Contains PII? |
|---|---|
device-model |
yes |
fcoe |
yes |
firstboot |
yes |
network-status |
yes |
process-list |
yes |
xapi |
yes |
xenserver-databases |
yes |
control-slice |
maybe |
disk-info |
maybe |
hardware-info |
maybe |
high-availability |
maybe |
host-crashdump-logs |
maybe |
kernel-info |
maybe |
loopback-devices |
maybe |
message-switch |
maybe |
multipath |
maybe |
system-logs |
maybe |
v6d |
maybe |
xapi-clusterd |
maybe |
xapi-debug |
maybe |
xcp-rrdd-plugins |
maybe |
xen-info |
maybe |
xenopsd |
maybe |
xenserver-config |
maybe |
xenserver-install |
maybe |
xenserver-logs |
maybe |
xha-liveset |
maybe |
yum |
if customized |
network-config |
if customized |
cron |
if customized |
blobs |
no |
block-scheduler |
no |
boot-loader |
no |
conntest |
no |
CVSM |
no |
pam |
no |
system-services |
no |
tapdisk-logs |
no |
VM-snapshot-schedule |
no |
xapi-subprocess |
no |
xen-bugtool |
no |
xenserver-domains |
no |
Management Agent automatic updates
The Management Agent runs within VMs hosted on a XenServer host or pool. If the host or pool is licensed, the Management Agent can check for and apply updates to itself and to the I/O drivers in the VM. As part of checking for updates, the automatic update feature makes a web request to us that can identify the VM where the Management Agent runs.
The web logs captured from the requests made by the Management Agent automatic updates feature are located in a Microsoft Azure Cloud environment located in the United States. These logs are then copied to a log management server in the United Kingdom.
The web requests made by the Management Agent automatic updates feature are made over HTTPS. Web log files are transmitted securely to the log management server.
You can select whether your VM uses the Management Agent automatic update feature. If you choose to use the Management Agent automatic update feature, you can also choose whether the web request includes the VM identifying information.
Web logs containing information from web requests made by the Management Agent automatic updates feature and the XenCenter check for updates feature can be retained indefinitely.
Data collected
The Management Agent automatic updates web requests can contain the following data points:
| Data collected | Description | What we use it for |
|---|---|---|
| IP address | The IP address of the VM where the Management Agent is installed | |
| Partial VM UUID | The first four characters of the unique user ID for the VM where the Management Agent is installed |
XenCenter check for updates
This feature determines whether any hotfixes, cumulative updates, or new releases are available for the XenServer hosts and pools XenCenter manages. As part of checking for updates, this feature makes a web request to Cloud Software Group that includes telemetry. This telemetry does not personally identify users and is used to estimate the total number of XenCenter instances worldwide.
The web logs captured from the requests made by the XenCenter check for updates feature are located in a Microsoft Azure Cloud environment located in the United States. These logs are then copied to a log management server in the United Kingdom.
The web requests made by the XenCenter check for updates feature are made over HTTPS. Web log files are transmitted securely to the log management server.
The XenCenter check for updates feature is enabled by default. You can choose to disable this feature.
Data collected
The check for updates feature web requests contain the following data points:
| Data collected | Description | What we use it for |
|---|---|---|
| IP address | The IP address of the XenCenter host machine | |
| XenCenter version | The version of XenCenter making the request |
XenCenter email alerts
XenCenter can be configured to send email notifications when alert thresholds are exceeded. To send these email alerts, XenCenter collects and stores the target email address.
The email address that XenCenter uses to send email alerts is stored on the machine where you installed XenCenter.
You can delete email alerts configured in XenCenter to remove the stored email information.
XenCenter retains the email information used to provide email alerts for the lifetime of the email notification. When you delete the configured email alert, the data is removed.
Data collected
To provide email alerts XenCenter stores the following data points:
| Data collected | Description | What we use it for |
|---|---|---|
| Email address | The email address for alerts | To send alert and notification emails to |
| SMTP server | The SMTP server to use | To route the email alerts to the recipient |