Introduction
This security guide provides information about the Quest® Recovery Manager for Active Directory Disaster Recovery Edition 10.3.2 release.
Managing information system security is a priority for every organization. In fact, the level of security provided by software vendors has become a differentiating factor for IT purchase decisions. Quest strives to meet standards designed to provide its customers with their desired level of security as it relates to privacy, confidentiality, integrity, and availability. This document describes the security features of Quest® Recovery Manager for Active Directory Disaster Recovery Edition. It reviews access control, protection of customer data, secure network communication, cryptographic standards and more.
About Recovery Manager for Active Directory
Recovery Manager for Active Directory enables fast, online recovery. Comparison reports highlight what objects and attributes have been changed and deleted in Active Directory enabling efficient, focused recovery at the object or attribute level. Accurate backups and a quicker recovery enable you to reduce the time and costs associated with AD outages and reduce the impact on users throughout your organization.
Recovery Manager for Active Directory is based on patented technology.
It is crucial for any modern business to maintain the availability of its network-computer environment at all times. Unplanned downtime caused by a disastrous event, such as a directory service malfunction, can severely disrupt the operation of a business. Therefore, business-critical infrastructures demand the ability to recover failed systems and services in the shortest possible time.
Recovery Manager for Active Directory Disaster Recovery Edition (RMAD/DRE) employs advanced technologies to minimize the downtime caused by the corruption or improper modification of Active Directory®, Active Directory Lightweight Directory Services (AD LDS) (ADAM), and Group Policy data. This product allows for automatic backup, and fast remotely managed recovery of data stored in Active Directory.
Recovery Manager for Active Directory Disaster Recovery Edition (RMAD/DRE) dramatically reduces the time required to restore Active Directory®, AD LDS (ADAM), and Group Policy data. This improves the availability of corporate networks and reduces network downtime. Given that the time required to recover Active Directory® using a conventional full-backup tool is typically a few hours, Recovery Manager for Active Directory offers huge savings on time, productivity, and administrative overhead.
Recovery Manager for Active Directory Forest Edition (RMAD/DRE) is designed to recover the entire Active Directory® forest or specific domains in the forest. The use of Recovery Manager for Active Directory helps you to minimize the downtime caused by the corruption or improper modification of Active Directory® forest and data.
Recovery Manager for Active Directory Disaster Recovery Edition (RMAD/DRE) takes your recovery plans to the next level. With Recovery Manager for Active Directory Disaster Recovery Edition, you can easily back up Active Directory® and you'll have multiple options to meet the needs of your business continuity plans.
Disaster Recovery Edition provides flexible recovery methods, including a phased recovery, restoring to a clean OS or bare metal recovery. You can also strengthen your recovery plans with secondary storage options such as Secure Storage server and Cloud Storage.
Later in this document, we will use Recovery Manager for Active Directory (or RMAD for short) to refer to Recovery Manager for Active Directory Disaster Recovery Edition, except in cases where we need to explicitly distinguish between the editions.
Architecture Overview
Recovery Manager for Active Directory uses a client-server model with backup and restore agents installed on domain controllers and the Recovery Manager consoles installed on a Windows server. This model is used to orchestrate both backup and recovery operations.
The product components include:
- Backup agent
- Forest Recovery agent
- Recovery Manager Console (MMC)
- Forest Recovery Console
- PowerShell API
Figure 1: High-Level Architecture
| NOTE |
Some components in figure, may not apply to your edition of Recovery Manager for Active Directory. Refer to User Guide for your edition. |
Overview of Data Handled by RMAD
Recovery Manager for Active Directory manages and protects critical data in an Active Directory (AD) environment, focusing on ensuring the availability and integrity of AD components in case of disasters or failures. The types of data handled by Recovery Manager include:
- Active Directory backups, which contain the DIT database, SYSVOL, and registry hives
- BMR backups
- AD LDS (ADAM) backups