Introduction
Managing information system security is a priority for every organization. In fact, the level of security provided by software vendors has become a differentiating factor for IT purchase decisions. Quest Software strives to meet standards designed to provide its customers with their desired level of security, whether it relates to privacy, authenticity and integrity of data, availability, or protection against malicious users and attacks.
This document describes the security features of Quest On Demand Migration for Email. It reviews access control, protection of customer data, secure network communication, and more. There is also an appendix that describes how On Demand Migration for Email’s security features meet the NIST’s recommended federal information security standards as detailed in the Federal Information Security Management Act (FISMA).
About On Demand Migration for Email
About On Demand Migration for Email
Quest On Demand Migration for Email (ODME) securely migrates data to Office 365 and on-premises Exchange or hosted Exchange email platforms without requiring organizations to install or maintain migration servers for the move. From a single console, administrators can migrate multiple users simultaneously and migrate data such as email, calendars and folders in a phased approach. Administrators can filter to clean up unwanted data and shorten the time it takes to migrate.
With Quest On Demand Migration for Email, you can quickly and securely migrate data from on-premises Exchange 2007 and above, Google G Suite or other platforms to Office 365 or Exchange 2010/2013/2016/2019.
Fast, reliable migration with Zero Footprint
Quest On Demand Migration for Email offers:
- Concurrent migration – it supports multiple, simultaneous migrations, ensuring your project completes on time.
- Flexibility – Email, calendars, contacts and tasks can be migrated in a phased approach.
- Data filtering – Clean up unwanted data and complete the migration faster by filtering email data by age, or excluding source email folders by name.
- Mailbox authentication - Administrators with authorized administrator or service account credentials can migrate user mailboxes without knowing or resetting user passwords. This reduces administrative effort while ensuring the security of your environment. For Office 365, you can also use Modern Authentication to connect to your tenant. The Use Modern Authentication option lets you grant consent to ODME instead of providing Administrative credentials with Application Impersonation rights.
Permissions Required to Configure and Operate ODME
Permissions Required to Configure and Operate ODME
Permissions Required to Configure and Operate ODME
The main interface through which the customer interacts with and configures ODME is its web application. ODME does not require the installation of any software components on the customer’s systems. In order to create an ODME user account, a customer representative goes to Quest Software’s ODME website and enters the necessary user account information, including information about the customer’s company and an email address (user name) and password.
In order to configure an email migration job, the user needs admin privileges on both the source and target email repositories. Specifically, the user requires privileges which allow access (read only) to all email accounts on the source system that will be migrated.
Overview of Data Handled by ODME
Overview of Data Handled by ODME
ODME manages the following type of customer data:
- Source and target server locations and credentials
- Source and target mailbox names
- Mailbox data including email, calendar, contacts, personal distribution lists and tasks
- Email meta-data such as subject line, date, size (but not the email body)
The following customer data will, by default, be persisted by ODME:
- Source and target server locations & credentials
- Source and target mailbox names
- Product logs data which can include structured error message entries, containing email meta-data such as subject line, date, size, the folder name (if any) in which the email resides, but not the email body, for items, that ODME failed to transport.
- MIME content of mailbox item: to facilitate troubleshooting, the MIME content of mailbox item may be stored when an error occurs during migration. This is turned off by default, and is only enabled when the customer grants permission.
The persisted data is stored until a customer’s subscription expires. The data is stored in Azure Storage, including Table, Queue and BLOB (binary large object) storage, and is persisted as long as a customer’s subscription is active. Once a customer decides to unsubscribe from ODME, their data will be deleted 30 days after their subscription expires. The customer is notified of this upon their subscription termination.
ODME does not persist the actual emails that get migrated. They only exist in memory while they are in process of getting migrated. The only exception occurs when the customer specifically gives the ODME product team permission to turn on full logging mode in order to capture sufficient data to help in identifying and solving an error.
