About Download Obfuscation Map Feature

Products

VMware vSAN

Issue/Introduction

This article provides information about how to download Obfuscation Map, to help in identifying the obfuscated data sent to VMware .

Symptoms:
Obfuscation Map is a feature used with "vSAN Support Insight".

vSAN Support Insight is a next-generation platform for analytics of health, configuration, and performance telemetry. Its purpose is to help vSAN users maintain a reliable and consistent computing, storage and network environment. It is a phone home system leveraging the existing vCenter Customer Experience Improvement Program (CEIP). Once CEIP is enabled and verified, log information is pushed back using SSL (HTTPS) from the vCenter Server to VMware’s Analytics Cloud on a regular cadence to provide Health, performance, and configuration information for VMware Support and engineering. None of the data (Hostnames, VM names, subnets, IP addresses, Mac addresses) is identifiable by VMware support, they are obsfucated. As an example, an entity such as "ESXi hostname" that is known to the user as host-123.xyz.com will be known as "host-104" at VMware Global Support's side through the sanitization or obfuscation process. For more details, reference the following link .

Example's of VMware support views:

The vSAN Obfuscation Map is a feature which provides mapping of the obsfucated data sent to VMware in order to facilitate communication during the Support Request process between vSAN User and VMware Global Support.

Note: The obfuscation mapping files are not sent to VMware through CEIP. Only obfuscated data is sent to VMware.

Environment

VMware vSAN 6.6.x
VMware vSAN 7.0.x
VMware vSAN 6.7.x

Resolution

How to download obfuscation mapping file (Flex):

In the vSphere Web Client, navigate to the vSAN Cluster > Configure > vSAN > Health and Performance > Online Health Check. Click on the Download Obfuscation Map button. This will download a file to the user's machine. The file is a human and machine readable JSON file. Any text editor can be used to open it, including Notepad.

How to download obfuscation mapping file (HTML5):

In the vSphere Web Client, navigate to the vSAN Cluster > Monitor > Support. Click on the Download Obfuscation Map button. This will download a file to the user's machine. The file is a human and machine readable JSON file. Any text editor can be used to open it, including Notepad.

How to access the obfuscation mapping file without UI:

vCenter Server Appliance:
1. SSH into vCenter Server Appliance.
2. Run command: cd /var/log/vmware/vsan-health/
3. The obfuscation mapping file is <uuid>_obfuscationTableForHuman.json.gz.

Windows Environment:
1. Login to Windows vCenter Server machine.
2. Open C:\Program Files\VMware\vCenter Server\logs\vsan-health
3. The obfuscation mapping file is <uuid>_obfuscationTableForHuman.json.gz.

How to use the obfuscation mapping while working with VMware Global Support:

During the Support Process, VMware Global Support might root cause an issue to entity tango-eagle-bravo. vSAN user will have two options to use the obfuscation mapping to identify what tango-eagle-bravo is in his environment:

Option 1: User opens obfuscation mapping file (Max Privacy) and locate tango-eagle-bravo. This option ensure maximum privacy since the mapping data will never leave the user's environment.
Option 2: User sends obfuscation mapping by E-Mail or SR upload. In this option the user shares the obfuscation mapping file with VMware Global Support. VMware will use this file to temporary decipher entity tango-eagle-bravo to the actual name known to the user. This temporary resolution is done in real time and will expire after 7 days. VMware will not store the translated data anywhere to meet its CEIP compliance.

Note: Anything shared in the obfuscation mapping file exist in support log bundle. Sharing the mapping file to VMware Global Support is not needed if the log bundle is provided.

How to determine if vSAN Analytics with Skyline is available:

During the Support Process, VMware Global Support will be able to determine if vSAN Analytics with Skyline is available to the user by using the user's vCenter UUID. For instructions to retrieve the vCenter UUID, see the following KB: vSAN Analytics for Skyline – How to locate vCenter UUID.