立即与支持人员聊天
与支持团队交流

On Demand Recovery Current - Security Guide

Separation of customer data

A common concern related to cloud based services is the prevention of commingling of data that belongs to different customers.On Demand Recovery has architected its solution to specifically prevent such data commingling by logically separating customer data stores.

Customer data are differentiated using a Customer Organization Identifier. The Customer Organization Identifier is a unique identifier obtained from the Quest On Demand Global Settings that is created when the customer signs up with the application.

This identifier is used throughout the solution to ensure strict data separation of customers' backups in the Azure Blob storage.

Furthermore, each customer has its own instance of Elasticsearch that is used for unpack, object search, and restore operations. Elasticsearch index is stored on a separate Azure Disk with enabled encryption in the Quest Azure subscription.

Network communications

All communications to and from the On Demand Recovery web application go over HTTPS, and the SSL certificates are issued by trusted certificate authorities. As for the On Demand Recovery web application itself, it enforces that all communications occur over HTTPS connections. If a user tries to access via a regular HTTP, the application will redirect the request to HTTPS version of the endpoint’s enabled connection. On Demand Recovery communicates with Microsoft Graph API over HTTPS. TLS 1.2 is enforced for this communication.

Authentication of users

The customer logs in to the application by providing On Demand user account credentials.

The process of registering an Microsoft Entra tenant into On Demand Recovery is handled through the well established Azure Admin Consent workflow. For more information about Microsoft Entra Admin Consent workflow, refer to the Quest On Demand Global Settings product documentation:

Role based access control

Quest On Demand provides permission-based roles to determine what permission level a user has and what tasks the user can perform.

For more details, see Adding users to an organization section in the On Demand Global Settings User Guide.

List of permissions that can be assigned to Recovery module users

  • Can manage backup settings
  • Can download hybrid credentials
  • Can run backup manually
  • Can unpack backups
  • Can run difference report
  • Can restore from objects
  • Can restore from differences
  • Can read backup history
  • Can read unpacked objects
  • Can read differences
  • Can read task history
  • Can read events
  • Can read restore attributes
  • Can read UI projects
  • Can read UI collections
  • Can manage events
NOTE: On Demand administrators have full access to global settings and all module permissions.
相关文档

The document was helpful.

选择评级

I easily found the information I needed.

选择评级