立即与支持人员聊天
与支持团队交流

On Demand Recovery Current - Security Guide

Introduction

Managing information system security is a priority for every organization. In fact, the level of security provided by software vendors has become a differentiating factor for IT purchase decisions. Quest Software strives to meet standards designed to provide its customers with their desired level of security, whether it relates to privacy, authenticity and integrity of data, availability, or protection against malicious users and attacks.

This document describes the security features of On Demand Recovery. This includes access control, protection of customer data, secure network communication, and more.

About On Demand Recovery

On Demand Recovery cloud application automatically backs up Microsoft Entra ID and Microsoft 365 users, groups, service principals, device information, conditional access policies and navigation properties and lets you restore deleted or damaged data selectively.

Figure 1: On Demand Recovery overview

On Demand Recovery offers:

  • Back up Microsoft Entra ID and Microsoft 365 users, groups, service principals, device information, conditional access policies, and navigation properties - On Demand Recovery automatically backs up a directory on a regular basis.
  • Granular, selective restore – Objects can be selected in a backup and then restored to Microsoft Entra ID or Microsoft 365 without affecting other objects or attributes.
  • Restore users from the Recycle Bin - Restore or recreate users that were inadvertently moved to the Recycle Bin.
  • Cloud solution - On Demand Recovery does not require that you install or maintain any additional software. Backup snapshots are stored in the cloud.

Architecture overview

The following scheme shows the key components of the On Demand Recovery configuration.

Figure 2: Main architecture diagram

Figure 3: Hybrid restore components diagram

Table 1: On Demand Recovery and Recovery Manager for Active Directory ports and protocols

Protocol Ports Direction
HTTPS 443 (TCP/UDP) Outbound

Hybrid configuration with Recovery Manager for Active Directory requires only outbound TCP/UDP port 443 to be opened on the Recovery Manager Portal server to access the internet. If the Recovery Manager Portal server already has access to the internet, you do not need to change the Firewall configuration.

If you do not want to open all outbound IP addresses and your firewall or proxy lets you specify a DNS allow list, you can add connections to <your name space>.servicebus.windows.net to your allow list.

Figure 4: Hybrid restore operation flow diagram

  • All attributes that can be modified by Microsoft Graph API are considered as cloud attributes and restored on the first step. For example, assignedLicense, usageLicense, and membership in cloud groups.
  • On Demand Recovery also restores users from the Recycle Bin or recreates them before the on-premises restore with the Undelete option. Microsoft Entra Connect matches these objects after the cloud restore by the immutableID attribute which is restored from the On Demand Recovery backup.
  • On-premises restore is always performed for member, memberOf, accountEnabled, manager, and directReports attributes.
  • If the Restore all attributes option is select in the Restore Objects dialog, we always perform the on-premises restore even if the cloud restore was successful.
  • Groups are restored always after the on-premises restore, because in case of permanent deletion, On Demand Recovery needs to wait until a group is recreated by Microsoft Entra Connect.

Azure datacenter security

Microsoft Azure datacenters have the highest possible physical security and are considered among the most secure and well protected datacenters in the world. They are subject to regular audits and certifications including Service Organization Controls (SOC) 1, SOC 2 and ISO/IEC 27001:2005.

Relevant references with additional information about the Windows Azure datacenter security can be found here:

自助服务工具
知识库
通知和警报
产品支持
下载软件
技术说明文件
用户论坛
视频教程
RSS订阅源
联系我们
获得许可 帮助
技术支持
查看全部
相关文档

The document was helpful.

选择评级

I easily found the information I needed.

选择评级