Product-related data is securely managed and used in certain internal scenarios with proper customer intimation. It is also agreed upon and accepted by the Information Governance Executive Council. Product-related data can be utilized for different purposes, including the following:

• Product deployment reports: We can correlate a customer's actual product adoption to purchased product licenses. Account managers can only assess this report so that they can have a fruitful discussion with the customer and use the purchased products in an optimal way by enhancing their design and settings. 
• SDDC analysis: This is used to analyze the deployment of SDDC products across the customer base. This can be used to identify customers that meet certain SDDC deployment criteria, which can be provided to VMware executive management.
• Customer advocacy surveys for new SDDC product releases: This is used to identify customers who have deployed new SDDC product releases. These customers can be contacted by executive management to request their responses to specific customer surveys.
• Customer support: Technical support engineers may use a VMware license key and derived customer ID values to contact the customer in order to help resolve a specific support request or to proactively give advice on a support issue the customer may encounter, based on the analysis of the product usage data.
• Customer profiles and advanced analytics: This is used to analyze customer interactions with VMware, in order to create customer profiles and advanced analytics models. These must only be made available to VMware management and need to be approved by the product usage data trustee. 

We can find details on the VMware Skyline deployment architecture, especially in a customer environment containing internal firewalls that segment different portions of the customer's network, each of which includes VMware products, in the product documentation. This covers the directional connectivity and networking port requirements for communications within customer networks and out to the internet/VAC destinations. We don't document on the northbound and southbound APIs of the collector, which are used to communicate with both the products that they are collecting and to the VMware Cloud. The APIs that we utilize for transmission of data back to the VAC can be found on the VAC confluence pages.

VMware Skyline is designed for the one-way communication of data back to VMware, and it ensures that the architecture has been developed to allow for closed-loop feedback to the collector and back to the products. The connectivity is always one-way from the Skyline Collector outward to VAC or the Photon OS update library services. We have two methods of providing return data to the Skyline Collector appliance:

• Through the Photon OS VAMI interface, for product updates/patches, and so on
• Via manifest updates, where we can post an updated manifest that describes, for example, what data is collected, at what interval, and so on

The appliance checks for manifest updates periodically, and when an update is available, it pulls the new manifest down to utilize its current configurations. The system will look to identify whether the distributed firewall (DFW) rules are active at the host or the VM level, in order to better troubleshoot connectivity issues as they arise. Skyline collector uses secure protocols to transmit the collected product usage data over HTTPS or SSH, back to VMware. The encryption algorithm is used to transfer the Skyline Collector data back to VMware.

Skyline pulls telemetry information from the product APIs and customer's inventory automatically over time, so that we can identify changes, patterns, and trends. This will help us to lower the time to solve an issue and identify problems before they turn into service availability, performance, or patch/security issues. Data that's collected by Skyline is stored in US-based VACs that are only operated by VMware. Snapshots of the protocols and encryptions are used with Skyline. Upstream encryption is done via TLS 1.2, using the cipher suite TLS_RSA_WITH_AES_128_CBC_SHA256. The data that's collected is retained in the system in VAC and Operational Summary Reports (OSRs) for a period of 13 months, as per policy guidelines.