Migrator Pro for Active Directory restricts access to features, functions and data based on role membership described below.
Global Administrator
-
Allows creation of new profiles
-
Allows modification of configuration in the application/database for all profiles
-
Allows creation or modification of Cutover activities and custom actions for all profiles
-
Can submit migration events, including ReACL and Cutover actions for workstations, as well as user Cutover actions (enable/disable) for all profiles
-
All configuration pages can be accessed
Profile Administrator
-
Cannot create of new profiles
-
Can submit migration events, including ReACL and Cutover actions for workstations, as well as user cutover actions (enable/disable)
-
All configuration pages can be accessed
-
Allow modification of configuration in the application/database
-
Allow creation or modification of Cutover activities and custom actions
Migration Operator
-
Can submit migration events, including ReACL and Cutover actions for workstations, as well as user cutover actions (enable/disable)
-
Configuration pages cannot be accessed
-
Cannot modify configuration in the application/database
-
Cannot create or modify Cutover activities and custom actions
Read Only User
-
Can view directory synchronization results and logs
-
Can view Active Directory Cutover status
-
Configuration pages cannot be accessed
-
Cannot modify configuration in the application/database
-
Cannot create or modify Cutover activities and custom actions
Migrator Pro for Active Directory cryptographic usage is based on FIPS 140-2 compliant cryptographic functions. Migrator Pro for Active Directory makes use of FIPS 140-2 compliant encryption keys stored locally.
More information:
The Migrator Pro for Active Directory Development team follows a managed Software Development Lifecycle (SDLC).
The Migrator Pro for Active Directory team follows a strict Quality Assurance cycle.
-
Access to source control and build systems is protected by domain security. Only employees on Quest’s corporate network have access to these systems. If a developer leaves the company, they will no longer be able to access Quest systems.
-
All code is versioned in source control.
-
All product code is reviewed by another developer before check in.
The Migrator Pro for Active Directory team follows a managed Security Development Lifecycle (SDL) which includes:
-
MS-SDL best practices
-
Threat modeling
-
OWASP guidelines
-
Static code analysis scanning is performed on regular basis
-
Software composition analysis scanning is performed on regular basis
-
Migrator Pro for Active Directory has been validated in a Secure Technical Implementation Guidelines (STIG) environment. See https://public.cyber.mil/stigs/ for more information.
-
As an additional layer of security against possible development environment threats, and as part of its sandbox testing environment the development team monitors traffic of Migrator Pro for Active Directory on a continuous basis. This monitoring includes an evaluation of the outgoing traffic for any malicious communications.
Migrator Pro for Active Directory developers go through the same set of hiring processes and background checks as other Quest employees.
Migrator Pro for Active Directory security features are only one part of a secure environment. Customers should follow their own security best practices when deploying Migrator Pro for Active Directory.