On Demand Recovery Current

On Demand Recovery Current - Security Guide

Introduction About On Demand Recovery Architecture overview Azure datacenter security Overview of data handled by On Demand Recovery Admin Consent and Service Principals Location of customer data Privacy and protection of customer data Separation of customer data Network communications Authentication of users Role based access control FIPS 140-2 compliance SDLC and SDL Third Party assessments and certifications Operational security Customer measures

Separation of customer data

A common concern related to cloud based services is the prevention of commingling of data that belongs to different customers.On Demand Recovery has architected its solution to specifically prevent such data commingling by logically separating customer data stores.

Customer data are differentiated using a Customer Organization Identifier. The Customer Organization Identifier is a unique identifier obtained from the Quest On Demand Core that is created when the customer signs up with the application.

This identifier is used throughout the solution to ensure strict data separation of customers' backups in the Azure Blob storage.

Furthermore, each customer has its own instance of Elasticsearch that is used for unpack, object search, and restore operations. Elasticsearch index is stored on a separate Azure Disk with enabled encryption in the Quest Azure subscription.

Network communications

All communications to and from the On Demand Recovery web application go over HTTPS, and the SSL certificates are issued by trusted certificate authorities. As for the On Demand Recovery web application itself, it enforces that all communications occur over HTTPS connections. If a user tries to access via a regular HTTP, the application will redirect the request to HTTPS version of the endpoint’s enabled connection. On Demand Recovery communicates with Azure Active Directory Graph API over HTTPS. TLS 1.2 is enforced for this communication.

Authentication of users

The customer logs in to the application by providing On Demand user account credentials.

The process of registering an Azure AD tenant into On Demand Recovery is handled through the well established Azure Admin Consent workflow. For more information about Azure Active Directory Admin Consent workflow, refer to the Quest On Demand Core product documentation:

Role based access control

Quest On Demand provides permission-based roles to determine what permission level a user has and what tasks the user can perform.

For more details, see Adding users to an organization section in the On Demand Global Settings User Guide.

List of permissions that can be assigned to Recovery module users

Can manage backup settings
Can download hybrid credentials
Can run backup manually
Can unpack backups
Can run difference report
Can restore from objects
Can restore from differences
Can read backup history
Can read unpacked objects
Can read differences
Can read task history
Can read events
Can read restore attributes
Can read UI projects
Can read UI collections
Can manage events

NOTE: On Demand administrators have full access to global settings and all module permissions.

Verwandte Dokumente

The document was helpful.

Bewertung auswählen

I easily found the information I needed.

Bewertung auswählen

Bitte w&auml;hlen Sie Ihr Produkt aus:

Damit wir Ihnen besser helfen können, geben Sie den Grund Ihres Chats an:

Empfohlene Lösungen für Ihr Problem

On Demand Recovery Current - Security Guide

Separation of customer data

Network communications

Authentication of users

Role based access control

Bitte wählen Sie Ihr Produkt aus: