On Demand Migration Current - Security Guide

Chat now with support

Get Live Help
Complete Registration

Sign In

Request Pricing

Contact Sales

On Demand Migration Current - Security Guide - SharePoint Migration

Introduction About On Demand Migration for SharePoint Architecture overview Azure datacenter security Overview of data handled by On Demand Migration Admin Consent and Service Principals Location of customer data Privacy and protection of customer data Separation of customer data Network communications Authentication of users Role based access control FIPS 140-2 compliance SDLC and SDL Third Party assessments and certifications Operational security Customer measures

Separation of customer data

A common concern related to cloud based services is the prevention of commingling of data that belongs to different customers. On Demand Migration has architected its solution to specifically prevent such data commingling by logically separating customer data stores.

Customer data are differentiated using a Customer Organization Identifier. The Customer Organization Identifier is a unique identifier obtained from the Quest On Demand Core that is created when the customer signs up with the application.

This identifier used throughout the solution to ensure strict data separation of customers' data in Elasticsearch storage and during processing.

A separate Elasticsearch server instance is used for each customer.

Network communications

Internal network communication within Azure includes:

Inter-service communication between On Demand Migration components, On Demand Core and the On Demand Platform
Communication to customer Azure AD/Office 365 tenants

The following scheme shows the communication configuration between key components of On Demand Migration.

Figure 1: Component Communication Architecture

The network communication is secured with HTTPS and is not visible to the external public internet.

Inter-service communication uses OAuth authentication using a Quest Azure AD service account with the rights to access the services. No backend services of On Demand Migration can be used by end-users.

External network communication from outside Azure to On Demand Services include:

On Demand Migration user interface access

All external communication is secured with HTTPS.

The On Demand Migration user interface uses OAuth authentication with JWT token issued to a logged in user.

There are no unsecured HTTP calls within On Demand Migration.

Authentication of users

The customer logs in to the application by providing On Demand user account credentials.

The process of registering a SharePoint Office 365 tenant into On Demand Migration is handled through the well established Azure Admin Consent workflow. For more information about the Azure Active Directory Admin Consent workflow, please refer the Quest On Demand Core technical documents.

Role based access control

On Demand Migration does provide the common authentication via Quest Identity Broker. Quest On Demand is configured with default roles that cannot be edited or deleted, and also allows you to add custom roles to make permissions more granular. Each access control role has a specific set of permissions that determines what tasks a user assigned to the role can perform. For more information on role-based access control, please refer the Quest On Demand product documentation.

Please select your product:

To serve you better, please complete the Purpose of your Chat:

Recommended Solutions for Your Problem

On Demand Migration Current - Security Guide - SharePoint Migration

Separation of customer data

Network communications

Authentication of users

Role based access control