Data Security

Last Updated March 07, 2025

This topic describes how Tanzu Telemetry Collector transmits, stores, and secures collected data.

Tanzu Telemetry Collector collects configuration data about your foundation. Tanzu Telemetry Collector does not collect any personal data or information related to an identified or identifiable natural person. For example, it does not collect data on passwords, private keys, or other authentication-type tools.

Tanzu Telemetry Collector collects configuration data for all services installed on a foundation. This might include Partner tile data.

Security Measures

Tanzu Telemetry Collector connects to Tanzu Operations Manager, and optionally the Reporting app, task, and service instance usage on any VMware Tanzu Platform for Cloud Foundry foundation that has provided valid credentials. After Tanzu Telemetry Collector collects data, this data might be transmitted to Broadcom. The data is stored securely in Google Cloud Platform (GCP).

Tanzu Telemetry Collector secures data during transmission using the following measures:

HTTPS connections when communicating
User-specific credentials to authenticate HTTPS requests to Broadcom

Additionally, the Collector filters out any customer-sensitive information to ensure full data security, including string-based product configuration values, secrets, user IDs and names, IP addresses, org and space names, etc.

Data Collected

Tanzu Telemetry Collector collects data in a FoundationDetails_######.tar file on your local filesystem. The FoundationDetails_######.tar contains the following data:

From Tanzu Operations Manager

API Endpoint	Data Collected
`/api/v0/diagnostic_report`	Tanzu Operations Manager version BOSH stemcell IaaS type Deployed and staged products, versions, and stemcells BOSH director configuration details BOSH releases NTP servers info is filtered out Documentation: Diagnostic Report API
`/api/v0/staged/products/:product_guid/properties`	Custom configurations for every installed product All customer-entered fields are redacted for customer security (e.g. strings, secrets, etc.) Documentation: Getting a staged product’s properties
`/api/v0/staged/products/:product_guid/resources`	Resources List of the compute and disk configurations for all jobs on the installed products Documentation: Retrieving resources for a job
`/api/v0/vm_types`	Details about VMs used on your IaaS, including: Name RAM CPU Ephemeral disk Built-in (true/false) Documentation: Returning all VM types
`/api/v0/deployed/products`	List of all deployed tiles, including: Name Version Product GUID Documentation: All deployed products
`/api/v0/installations`	Event history for tile changes, including: Change type (e.g. “upgrade”) Start time End time Change status Username is filtered out Documentation: List of Apply Changes
`/api/v0/deployed/certificates`	Details about deployed certificates: Issuer Valid start and end dates Configurable Property reference Property type Property ID Documentation: Getting Information About Certificates from Products
`/api/v0/certificate_authorities`	Details about certificate authorities: ID Issuer Created and expired dates Active status Cert_pem and Nats_cert_pem are filtered out Documentation: Listing the Root Certificate Authorities
`/api/v0/staged/pending_changes`	List of all pending changes, including: Product GUID Product Action Last Deployed State Product Errands Product Stemcells Documentation: View a list of pending changes
`/api/v0/download_core_consumption`	Details about core consumption: Time Reported Product Identifier Physical Core Count Virtual Core Count Documentation: View the core consumption data

From the Usage Service

The Telemetry Collector can be optionally configured to collect information about application instances, tasks, and service instances from the Usage Service.

API Endpoint	Data Collected
`/system_report/app_usages`	System-wide app usage data: App instance hours Average app instances Maximum app instances Documentation: App usage
`/system_report/task_usages`	System-wide task usage data: Total task runs Maximum concurrent tasks Task hours Documentation: Task usage
`/system_report/service_usages`	System-wide service usage data: Service name Service GUID Duration in hours Average service instances Maximum service instances Service plan usage: Service plan GUID Service plan duration in hours Service plan average service instances Service plan maximum service instances Service plan name is filtered out Documentation: Service usage

From CredHub

The Telemetry Collector can be optionally configured to collect certificate data from CredHub so that Broadcom may help a customer better flag any soon-to-expire certificates. If configured to collect from CredHub, it gets the Name, Issuer, and Valid Date for each certificate.

Metadata

Data	Description
Environment type	The environment used when collecting data with the CLI (production, pre-production, QA, development, sandbox); this is entered by the CLI user
List of files collected	The list of the files created by the `collect` command
Data collection timestamp	The date the data was collected
Foundation ID	The product GUID of the BOSH Director
Collector tool version	The version of Tanzu Telemetry Collector used to collect data

Content feedback and comments

Tanzu Telemetry Collector 1.3