Separation of Customer Data
A common concern related to cloud based services is the prevention of commingling of data that belongs to different customers. Disaster Recovery for Identity for Active Directory has architected its solution to specifically prevent such data commingling by logically separating customer data stores.
Customer data are differentiated using a Customer Organization Identifier. The Customer Organization Identifier is a unique identifier obtained from the Quest On Demand Core that is created when the customer signs up with the application.
Row Level Security (RLS) is used to ensure data isolation between different organizations within a single Azure SQL Server database. Each database table includes an OrganizationID column. To enforce this isolation, RLS is enabled on all tables, restricting query results to only those rows where the OrganizationID matches the current user's organization, preventing unauthorized data access.
Recovery Manager for Active Directory (RMAD) pods are used only once and are not shared between different environments or organizations.
Each organization has its own Blob storage container with an organization specific Encryption Scope.
Network Communications
Internal network communication within Azure includes:
- Inter-service communication between Disaster Recovery for Identity for Active Directory components.
- Inter-service communication between Disaster Recovery for Identity for Active Directory and the On Demand platform.
The network communication is secured with HTTPS TLS 1.2 minimum and is not visible to the external public internet. Inter-service communication uses OAuth authentication using a Quest Entra ID service account with the rights to access the services. No backend services of Disaster Recovery for Identity for Active Directory can be used by end-users. The following scheme shows the communication configuration between key components of Disaster Recovery for Identity for Active Directory:
Figure 2: Component Communication Architecture
Disaster Recovery for Identity for Active Directory accepts the following network communication from outside Azure:
- Access to Disaster Recovery for Identity for Active Directory Web UI.
- Hybrid agent deployed on customer on-premises server accessing Disaster Recovery for Identity for Active Directory backend via Azure IoT Hub.
- Domain controller (DC) agent deployed on customer domain controllers or target servers accessing Azure Blob Storage.
All external communication is secured with HTTPS TLS 1.2 minimum.
The hybrid agent communicates with the On Demand cloud through Azure’s IoT Hub service. The agent itself behaves as an IoT device. All communications with Azure are conducted over the MQTT protocol using the Microsoft Azure Device Client library.
Communication keys are required to facilitate communication between the hybrid agent and domain controller agent.
The Disaster Recovery for Identity for Active Directory user interface uses OAuth authentication with a JWT token issued to a logged in user.
Authentication of Users
The customer logs in to the application by providing On Demand user account credentials.
For more information about user authentication, please refer to the Quest On Demand Global Settings Security Guide.
Role Based Access Control
Disaster Recovery for Identity for Active Directory provides the common authentication via Microsoft Entra ID. Quest On Demand is configured with default roles that cannot be edited or deleted and also allows you to add custom roles to make permissions more granular. Each access control role has a specific set of permissions that determines what tasks a user assigned to the role can perform. For more information on role-based access control, please refer the Quest On Demand product documentation.
