Data collected when gathering diagnostic information from vSphere products
book
Article ID: 327899
calendar_today
Updated On:
Products
VMware vSphere ESXiVMware vCenter Server
Issue/Introduction
This article explains what information is included during collection of a vm-support bundle.
Environment
VMware vSphere ESXi 6.x
VMware vCenter Server 6.x
VMware vSphere ESXi 7.x
VMware vCenter Server 7.x
VMware vSphere ESXi 8.x
VMware vCenter Server 8.x
Resolution
Host Support Bundle Collection
VMware support uses host support bundles to help diagnose and resolve problems specific to your deployment. VMware support might request that you collect a host support bundle.
The data collected in a host support bundle includes the name of the affected ESXi host, logs, virtual machine descriptions (but never the contents of virtual disks or snapshot files), information about the state of the affected machine, and, if present, core dumps.
Core dumps are generated when an ESXi host, a virtual machine, or a ESXi service (For example: hostd) fails. The core dump encapsulates detailed information about the failure, including CPU and memory information.
The data collected by a core dump may include data from the ESXi host that was in memory when the core dump was created. If present, this data is scattered throughout the core dump based on what the ESXi or virtual machine was doing at the time of the failure.
Transmitting the support bundle to VMware IMPLICITLY grants VMware permission to examine the data therein, including any core dumps.
Be diligent when transmitting an ESXi host support bundle to VMware. If there are concerns about the data contained in a host support bundle, these options are available:
Do not collect or send any information.
VMware support will attempt to troubleshoot the issue, though may not be able to resolve it without further information.
Remove any data deemed sensitive (For example: core dumps, log messages containing environmental information) from the host before collecting the host support bundle.
VMware support will attempt to troubleshoot the issue, though may not be able to resolve it without further information.
Do not collect the core dump files during the host support bundle collection.
This option can be deselected when gathering the support bundle from the vSphere Web Client.
Enable vSphere Virtual Machine Encryption on the environment
vSphere Virtual Machine Encryption provides additional protections and rights. This method does not remove any sensitive information from the support bundle. See below for further information on transmitting encrypted support bundles.
vSphere Virtual Machine Encryption and Host Support Bundle Collection
A host support bundle may include core dumps. Core dumps may include some customer data. When vSphere Virtual Machine Encryption is present and active, a core dump may include cryptographic information (For example: passwords, cryptographic keys). The captured data is both necessary and unavoidable. VMware may require this data in order to find and fix the reported issue.
When vSphere Virtual Machine Encryption is present and active, core dumps will be encrypted. This provides protection for any ESXi host data captured by a core dump. The core dump and its data are indecipherable unless the encrypting key is known.
Note: VMware cannot decipher this information.
Core dump encryption provides additional protections and rights when a host support bundle is collected:
Collect a host support bundle without a password.
This will leave any core dumps indecipherable to VMware.
Collect a host support bundle with a password.
This will change the core dump encryption from the customer’s encryption key to a key generated specifically for that vm-support collection. The generated key will be saved as part of the host support bundle. This key will be encrypted via the specified password. Unless the password is shared with VMware, any core dump data is indecipherable. Providing the password to VMware EXPLICITLY grants VMware permission to examine the core dump and data in the core dump.
VMware support will attempt to troubleshoot the issue without access to the support bundle, though may not be able to resolve it without the password to decrypt the data.
If you decide to transmit a password to VMware, ensure that you are using a secure channel. A phone call is considered secure for this purpose.
Remove the core dump files from the host before collecting the host support bundle.
Decrypt any core dumps relevant to the issue and collect a host support bundle with or without a password.
Do this only if your company's security policies allow it. Decrypted core dumps might expose sensitive data. You must delete the decrypted core dumps and the support bundle immediately after transmitting the host support bundle to VMware.
If the decrypted core dumps were transmitted to VMware via a host support package, it is imperative that the host support package be securely deleted as well.
vCenter Server support bundle Collection
When a vc-support bundle is collected, only the information necessary for support purposes will be included. This includes the name of the affected machine, logs, information about the state of the affected machine, and, if present, any vCenter Server core dumps.
vCenter Server core dumps are not encrypted. Customers should follow their corporate guidelines for managing these core dumps.