Accessibility Skip to Top Navigation Skip to Main Content Home  |  Change Text Size  |  Contact IRS  |  About IRS  |  Site Map  |  Español  |  Help  
magnifying glass
Advanced Search   Search Tips

VMWare

 

Privacy Impact Assessment - VMWare

VMWare System Overview

VMWare is a technology that enables you to perform server virtualization.  This means on one physical server you can have multiple versions of an operating system running. 

Data in the System

1. Describe the information (data elements and fields) available in the system in the following categories:

A.  Taxpayer
B.  Employee
C.  Audit Trail Information (including employee log-in info)
D.  Other (Describe)

VMWare is a virtual server technology.  It doesn’t process data.  It will be a component of the Windows Server 2003 operating system.  The functionality allows a physical server to have multiple operating systems running.   However, certain employee data is used to create network login accounts that enable employees to access the system.  This data is limited to the data gathered when the employee completes a Form 5081.  This data includes first initial, the middle initial (or X if there is no middle name), first 4 characters of the user’s last name, and the user’s district office code.  While Windows Server 2003 does harvest and store audit trail data, it isn’t used to process that data

2. Describe/identify which data elements are obtained from files, databases, individuals, or any other sources.

A.  IRS
B.  Taxpayer
C.  Employee
D.  Other Federal Agencies (List agency)
E.  State and Local Agencies (List agency)
F.  Other third party sources (Describe)

The VMWare technology and the operating system itself don’t use or process any of these data elements.  It may be used as a conduit to store the data on a server’s hard disk drive.  The server on which this operating system is installed may allow an application to run or store the data, but if so, the storage of any such data or the application using the data is not applicable to the PIA for the Windows Server 2003 operating system. 

3.  Is each data item required for the business purpose of the system?  Explain.

Yes.  As defined above, the only element used by the server as data is a portion of the user’s name and location information.  This information is used solely to grant access rights to the server architecture.

4. How will each data item be verified for accuracy, timeliness, and completeness?

Data used to access the system will be verified from the Form 5081 completed by the employee and verified by their manager.  If the access name created for the account is incorrect the employee will notify the appropriate administrative official to correct the erroneous data.

5. Is there another source for the data?  Explain how that source is or is not used.  No.

6. Generally, how will data be retrieved by the user? 

 The user will know there is a discrepancy if they are unable to logon.  Users are granted appropriate access rights to their home directory, shared data folders or applications as required and approved by their management through the use of a Form 5081.

7. Is the data retrievable by a personal identifier such as name, SSN, or other unique identifier? 

 No, not directly used by the server.

Access to the Data

8. Who will have access to the data in the system (Users, Managers, System Administrators, Developers, Others)?

Access to the data or applications running on the VMWare servers will be controlled by Windows Server 2003 group membership and individual Access Control Lists (ACLs).  For example:  A user’s home directory may be stored on a server running Windows Server 2003 operating system.  The security features of Windows Server 2003 allow for specific rights granted for individual directories or files to specific groups or individuals based on the user requirements and appropriate approval levels such as a manager gaining access to their own employees’ files in the case of illness or unexpected absence.  For home directories, typically, the user is the only person with permission to their own files.  However, Domain Administrators would have access to all data stored on the server if permissions are changed to allow that access.  Domain Administrators can also grant permissions to managers and other users as required and with appropriate approval levels. 

9. How is access to the data by a user determined and by whom? 

 The only data directly used by the server is the user’s name and all users have the ability to determine that information.

10. Do other IRS systems provide, receive, or share data in the system?  If YES, list the system(s) and describe which data is shared.  If NO, continue to Question 12.

Many systems that process SBU data run on the server.  However, the server itself doesn’t necessarily share this data with other systems other than as access control tokens used to access other systems.

11. Have the IRS systems described in Item 10 received an approved Security Certification and Privacy Impact Assessment?

Unknown.

12.  Will other agencies provide, receive, or share data in any form with this system?  No.

Administrative Controls of the Data

13.  What are the procedures for eliminating the data at the end of the retention period?

The data is comprised of user login information.  When employees leave the service, user accounts are deleted and proper documentation is maintained for 6 years in case it’s needed as a result of an internal inquiry.

14.  Will this system use technology in a new way?  If "YES" describe.  If "NO" go to Question 15.  No.

15.  Will this system be used to identify or locate individuals or groups?  If so, describe the business purpose for this capability.  No.

16. Will this system provide the capability to monitor individuals or groups? If yes, describe the business purpose for this capability and the controls established to prevent unauthorized monitoring.

The servers have the ability to harvest audit trail information and store it until either the log is removed or analyzed during a normal audit process, detailed in LEM 25.10.8 Auditing and Incident Response Security Standards.

Audit trails and/or event logs can be archived and made available to the appropriate Security personnel or management with the appropriate approval authority, as stated in LEM 25.10.8.7.6.2 Archival of Audit Log Files.

17. Can use of the system allow IRS to treat taxpayers, employees, or others, differently?  Explain.  No.

18.  Does the system ensure "due process" by allowing affected parties to respond to any negative determination, prior to final action?

This isn’t applicable since the system doesn’t itself process SBU data, rather it would be used to store it.

Many types of data can be stored on the server running the Windows Server 2003 operating system.  Access rights to various data levels on the server are controlled by ACLs and group membership by the Domain Administrator.  Through appropriate management approval channels and Form 5081, access to data stored on the server can be obtained by modifying permissions on the directories or files.

19.  If the system is web-based, does it use persistent cookies or other tracking devices to identify web visitors?  N/A.
 


Page Last Reviewed or Updated: November 08, 2004