forked from jasonkeene/docs-rabbitmq-staging
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathgdpr.html.md.erb
65 lines (46 loc) · 2.71 KB
/
gdpr.html.md.erb
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
---
title: VMware RabbitMQ for Tanzu Application Service and Data Protection
owner: London Services
---
This topic provides information for <%= vars.product_full %> operators to help with
compliance with the General Data Protection Regulation (GDPR).
For more information about GDPR and personal data in Pivotal Platform, see
[General Data Protection Regulation](https://docs.pivotal.io/application-service/operating/gdpr.html).
The topic describes locations where <%= vars.product_short %> might store personal data, and
actions you can take to control this data.
## <a id="personal-data"></a> Personal Data in <%= vars.product_short %>
VMware recommends that you strictly control personally identifiable information
used to interact with <%= vars.product_short %>.
This information might be stored in the following locations:
* [Queues](#queues)
* [Logs](#logs)
You should also control access to your RabbitMQ servers, RabbitMQ management commands, and the management console.
<p class="note"><strong>Note</strong>:
For a list of the locations that personal data might be stored throughout Pivotal Platform, see
<a href="https://docs.pivotal.io/application-service/operating/gdpr.html#personal-data">
Where Personal Data May Reside</a></p>
## <a id="queues"></a> Queues
<%= vars.product_short %> does not know if any message contains personally identifiable information.
If you use <%= vars.product_short %> to send personally identifiable information,
you should take appropriate safeguards to protect that information.
RabbitMQ stores messages, including message headers, in memory and on disk until they are consumed.
The following are actions you can take to comply with the GDPR:
* Monitor your queues to ensure the following:
* Messages are consumed in a timely manner.
* You are managing the lifecycle of messages containing personally identifiable
according to your data protection policies.
* Consider using non-durable messages and setting a time to live (TTL) to limit the lifespan of messages.
## <a id="logs"></a> Logs
### <a id="haproxy-logs"></a> HAProxy Logs
<%= vars.product_short %> uses HAProxy as a load balancer for the pre-provisioned service.
The log may contain IP addresses.
These are contained in the file `/var/vcap/sys/log/rabbitmq-haproxy/haproxy.log` on an haproxy VM.
To empty the contents of an haproxy log, run the command:
```
/var/vcap/sys/log/rabbitmq-haproxy/haproxy.log
```
### <a id="server-logs"></a> RabbitMQ Server Logs
The RabbitMQ server logs may contain IP addresses.
The log files are stored on rabbitmq-server VMs in the directory `/var/vcap/sys/log/rabbitmq-server`.
For information about RabbitMQ server logs, see [Logging](https://www.rabbitmq.com/logging.html)
in the RabbitMQ documentation.