VDI View Security Gateway Logging

[Drew Perry <aperry () MURRAYSTATE EDU>]

Anyone running VMware VDI View with their Security Gateway that can answer
some logging questions for me? Our VMware team says that the Security
Gateway doesn't log external auth/fail, IP addresses, User IDs, or
destination VM. According to them, the Connection Broker *does* provide
User ID, destination VM, and log on/off timestamps, but *does not* provide
source IP addresses. Evidently that info is stored in *the registry of the
destination VM*, but many of our destination VMs are non-persistent images
for student or vendor use. I find it highly suspect that a company as
prominent as VMware would provide a Security Gateway that doesn't provide
detailed logging, but I'm not day-to-day with their catalog. Any help?

In case you're wondering: Yes, this was spurred by the Mandiant report on
the South Carolina breach. Time to shore up those walls, people!

Drew Perry
Security Analyst
Murray State University
(270) 809-4414
aperry () murraystate edu

***MSU Information Systems staff will *never* ask for your password or
other confidential information via email.***
*
*