Quest One Privileged Account Appliance

Size: px
Start display at page:

Download "Quest One Privileged Account Appliance"

Transcription

1 Quest One Privileged Account Appliance Security Architecture Written By Quest Software, Inc.

2 Contents Abstract... 2 Introduction... 3 Enhanced Privileged Account Management with Quest One... 3 About this Document... 3 Layers of Protection in the Quest One Privileged Account Appliance... 4 Appliance Hardening... 4 Operating System Hardening... 4 Application Protection Techniques... 5 Certificates, Keys and Key Management... 5 Backup Protection... 7 Security for Patches and Software Updates... 7 About Quest One Identity Solutions

3 Abstract This document describes the security architecture of the Quest One Privileged Account Appliance, developed by e-dmz and now part of the Quest One Identity Solutions. 2

4 Introduction Enhanced Privileged Account Management with Quest One Quest One Identity Solutions deliver privileged account management by providing powerful tools that delegate access to exactly what an administrator should be allowed to access nothing more, nothing less eliminating the keys to the kingdom problem. Previously, this included privileged account management for AD and Unix/Linux administrators only. Quest s recent acquisition of e-dmz Security LLC, however, as enabled Quest One to extend privileged account management to Windows, applications, and even mainframes, with the addition of the Quest One Privileged Account Appliance, formerly known as eguardpost and PAR. The Quest One Privileged Account Appliance offers integrated modules designed specifically to meet the compliance and security requirements associated with privileged identity management and privileged access control: Privileged Password Manager Enables secure storage, release control, and change control of privileged passwords across a heterogeneous deployment of systems and applications. Privileged Password Manager also replaces embedded passwords that are hardcoded in scripts, procedures and programs with simple CLI/API calls. Privileged Session Manager Offers control, auditing, and replay of sessions of high risk users, including administrator and remote vendors. Privileged Command Manager Provides the ability to granularly delegate user access to specific programs, tasks and commands across both Windows and Unix/Linux hosts. Privileged Command Manager is an add-on module to Privileged Session Manager. About this Document The appliance uses multiple defense mechanisms to thwart potential attacks and security breaches. This document describes the layers of protection employed in the Quest One Privileged Account Appliance. 3

5 Layers of Protection in the Quest One Privileged Account Appliance Appliance Hardening The Quest One Privileged Account Appliance outermost layer of protection consists of measures to protect the physical appliance itself. These measures include the following: Full disk encryption with pre-boot authentication The hard drive for the appliance is protected via full disk encryption (AES-256) provided by Guardian Edge s Encryption Plus Hard Disk. This ensures that even if the appliance is lost or stolen, the disk cannot be accessed outside the appliance. The pre-boot authentication prevents attempts to remotely mount the drive to bypass access controls, since the device remains locked until the boot process is complete, at which time all internal controls are enabled. Firewall Appliances are protected via an internal firewall. The firewall provides packet inspection and filtering and is configured with the following rules: HTTPS (443/tcp) is permitted inbound. Optional HTTPS over port 8443 may be user-enabled for remote access to the appliance configuration interface. SSH2 (22/tcp) is permitted inbound to PAR for CLI/API access. Connections from the appliance and their responses are permitted. Other traffic directed to the appliance is dropped with the details recorded in the firewall log in the application. Operating System Hardening The next layer of protection involves hardening the operating system and system-level software, such as the internal database management system (DBMS). These measures include the following: Prevent console access and restrict network access Console access is not permitted by any user. A large percentage of security breaches are accomplished by convincing a privileged user to access a malicious web site or open an infected file; preventing access to underlying operating system completely mitigates these risks. Disable or remove unused services Any services that are not specifically required by the appliance are disabled or removed, which tremendously reduces potential attack vectors. Some of the most frequently exploited services that are disabled are the server service, terminal services, remote administration, routing, and remote access. While the appliance runs on a server operating system, it does that act as a server in any way except to perform its dedicated purpose. Disable or remove unused programs and operating system components All unnecessary operating system components or applications are removed or disabled. Examples include disabling all unused Internet Information Service components and removing all client software. Implement highly restrictive ACLs Access control lists (ACLs) throughout the file system ensure that no individual can gain access to any sensitive file for which they have not been specifically granted access. This measure helps to ensure that and error or oversight in an application or web page will not allow and 4

6 authenticated user (non-authenticated users have no access to anything) to retrieve information that they are not authorized to access. Use Local Security Policy As a starting point, the appliances are configured following best practices for Local Security Policy settings, and then are extended to further restrict and remove any authority that is not required for the appliance s dedicated purpose. Application Protection Techniques Further protection comes from the following application protection techniques: Web server security The Web server is secured in accordance with Microsoft s guidelines for IIS security, and then further hardened by disabling unnecessary services, even though the firewall assures that these services are unavailable. Access to the Web server permitted via HTTPS only, ensuring that no clear text information is ever communicated between the appliance and a client across the network. Database security Communication between the Web application and the database is secured by permitting the execution of the pre-compiled stored procedures only to the appropriate operating system groups. There is no access whatsoever to the underlying database structures or data, and the stored procedure parameters are validated upon execution. This eliminates and possibility of SQL injection exploits. Additional validation is performed within ever stored procedure to ensure that the user is authorized to access the specific data or perform the specific action in the request. Service broker architecture The appliance employs a service broker architecture to perform the various tasks, such as decrypting a password or changing the password on a remote system. This architecture ensures that the users have no ability to perform any tasks or access any sensitive data outside of the application. Instead, the user submits a request for an action to be performed, and after confirming that that user is permitted to request that action against the specific object, the broker will perform the task and return the results to the user. Protection of passwords Passwords for managed systems and accounts reside in tables in the database, but are never stored as clear text. Instead they are AES-256 encrypted before storage, and the key used for this encryption is an x.509 certificate that is not accessible to users in any way. (This is discussed in further detail in the next section.) Since no unencrypted password information, nor any of the keys used to encrypt or decrypt the password, are stored in the appliance, no additional encryption (beyond the full disk encryption) of the database data files is performed. File system ACLs however, do protect the files from access by unauthorized individuals. Certificates, Keys and Key Management The Quest One Privileged Account Appliance stores, manages and uses numerous keys and certificates for protecting application components and communicating to external devices. Protection of these components fall within the measures described above but merits the following additional discussion: SSH private keys The appliance components use SSH and SCP extensively, whether it is to communicate with a partner appliance in a high availability environment; to transfer backups, data extracts, or session logs to a remote storage location; or to communicate with a managed system to perform password management tasks. 5

7 These key pairs are OpenSSH-format, 1024-bit DSA keys that are typically generated inside the appliance. The only private keys that can be imported are for managing systems. Our recommendation is NOT to do this, but to let the appliance generate the key pairs instead. This way, only the appliance has access to the private key, with no means for anyone to gain access to them. This option exists for companies whose policy dictates that the private key must be escrowed at some other location. In that case, we will generate public keys based on the imported private key. If this is successful, then the public key for the uploaded private key is made available for download from the appliance. Private keys are placed into and ACL protected folder on the encrypted hard disk and are accessible only to the internal account. The appliances allow the creation of multiple system-wide key pairs with configurable start and end dates or a single key pair for every system. The use of system-wide keys allow for greatly simplified deployment and facilitates key rotation, whereas the use of system-specific keys greatly reduces the exposure of a key that becomes compromised. Encryption keys In most cases, an X.509 certificate is used as the key for encryption. The exception to this rule is for encryption of the session recording logs, which are stored outside of the database. For these session logs, a unique, random, strong password is used as the key for encryption and is stored in the database. This facilitates recording and replay of recorded sessions through Distributed Processing Appliances (DPAs). Certificates Certificates are used for several purposes: Web server certificates (HTTPS) Two SSL certificates exist for the distinct Web servers on the appliances. The first is for the standard application interface. This can and should be changed at initial install, and then changed periodically based on internal company policy. The second is for the configuration interface. At present, this certificate cannot be changed, because 1) access to the configuration interface can be limited to a crossover connection to the configuration port of the appliance only, and 2) a failure to update this certificate correctly would completely disable the configuration interface, potentially making the appliance unreachable and irreparable. A planned enhancement will soon remove this restriction. Encryption keys Several different X.509 v3 certificates are used for encrypting and decrypting files or data on the appliance. These certificates are stored in the personal key store of an internal account and protected by Microsoft DPAPI; that is, the master key for the store is encrypted using a hash of the current password for the account and can be updated only via a change password, which decrypts the master key with the old password hash and then re-encrypts with the new password hash. If a forced password change occurs, the key trail is permanently destroyed. The master password can be rotated at any time by the customer by performing a Reset Internal Password command from the System Configuration interface of the application, which resets the internal password for this account to a randomly generated strong password, and as a result, resets the DPAPI master key. For mutual certificate authentication between a Privileged Account Appliance and a Virtual Cache Appliance Communication with a Virtual Cache Appliance is performed by consuming or invoking secure Web services, and certificates are used for bi-directional authentication. 6

8 Backup Protection A backup is an archive of the application components and data files, including the databases, keys, user account databases, and web server settings. This archive is AES-256 encrypted with a X.509 certificate dedicated for internal operations, and protected as described in the preceding section, Certificates, Keys, and Key Management. This X.509 certificate exists on all Quest One Privileged Account Appliance devices, since it is what enables us to send a replacement appliance on which you could restore a previous backup to recover all data from a failed appliance. This of course means that a backup from one customer could be restored onto another customer's appliance; however, it would be unusable without knowledge of valid usernames and passwords to gain access to it. To provide added protection, the backup can optionally be encrypted a second time using a customer-supplied password as the key, ensuring that it can be restored only by people with the knowledge of that password. This additional encryption is highly recommended. Security for Patches and Software Updates The only way to apply code changes such as an application update, license change, or an operating system security patch to an application is via a patch provided by Quest Software. These patches are a proprietary format, are AES-256 encrypted using an X.509 certificate as the key, and are further authenticated by the use of a patch key that is uniquely generated based on both hardware and software attributes of the appliance. This ensures that only patches that come from Quest can be applied to an appliance. 7

9 About Quest One Identity Solutions Quest One Identity Solutions reduce the complexity, cost and risk of managing identities and controlling access to increase your compliance, security and efficiency. Our modular yet integrated approach features a broad portfolio of award-winning solutions that simplify access governance, user activity monitoring, privileged account management and identity administration. Unlike traditional framework solutions, Quest One provides granular enforcement across heterogeneous systems with 360-degree business visibility and incredibly rapid time to value! Whether you are starting from scratch, already have an identity and access management solution or need to address specific IAM objectives on a single system or platform, Quest One enables you to do it more simply and affordably than you can imagine. Learn more about the solutions that earned SC Magazine s highest five-star RECOMMENDED rating by visiting 8

10 2011 Quest Software, Inc. ALL RIGHTS RESERVED. This document contains proprietary information protected by copyright. No part of this document may be reproduced or transmitted in any form or by any means, electronic or mechanical, including photocopying and recording for any purpose without the written permission of Quest Software, Inc. ( Quest ). The information in this document is provided in connection with Quest products. No license, express or implied, by estoppel or otherwise, to any intellectual property right is granted by this document or in connection with the sale of Quest products. EXCEPT AS SET FORTH IN QUEST'S TERMS AND CONDITIONS AS SPECIFIED IN THE LICENSE AGREEMENT FOR THIS PRODUCT, QUEST ASSUMES NO LIABILITY WHATSOEVER AND DISCLAIMS ANY EXPRESS, IMPLIED OR STATUTORY WARRANTY RELATING TO ITS PRODUCTS INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTY OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, OR NON-INFRINGEMENT. IN NO EVENT SHALL QUEST BE LIABLE FOR ANY DIRECT, INDIRECT, CONSEQUENTIAL, PUNITIVE, SPECIAL OR INCIDENTAL DAMAGES (INCLUDING, WITHOUT LIMITATION, DAMAGES FOR LOSS OF PROFITS, BUSINESS INTERRUPTION OR LOSS OF INFORMATION) ARISING OUT OF THE USE OR INABILITY TO USE THIS DOCUMENT, EVEN IF QUEST HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. Quest makes no representations or warranties with respect to the accuracy or completeness of the contents of this document and reserves the right to make changes to specifications and product descriptions at any time without notice. Quest does not make any commitment to update the information contained in this document. If you have any questions regarding your potential use of this material, contact: Quest Software World Headquarters LEGAL Dept 5 Polaris Way Aliso Viejo, CA Refer to our Web site for regional and international office information. Trademarks Quest, Quest Software, the Quest Software logo, AccessManager, ActiveRoles, Aelita, Akonix, AppAssure, Benchmark Factory, Big Brother, BridgeAccess, BridgeAutoEscalate, BridgeSearch, BridgeTrak, BusinessInsight, ChangeAuditor, ChangeManager, Defender, DeployDirector, Desktop Authority, DirectoryAnalyzer, DirectoryTroubleshooter, DS Analyzer, DS Expert, Foglight, GPOADmin, Help Desk Authority, Imceda, IntelliProfile, InTrust, Invirtus, itoken, I/Watch, JClass, Jint, JProbe, LeccoTech, LiteSpeed, LiveReorg, LogADmin, MessageStats, Monosphere, MultSess, NBSpool, NetBase, NetControl, Npulse, NetPro, PassGo, PerformaSure, Point,Click,Done!, PowerGUI, Quest Central, Quest vtoolkit, Quest vworkspace, ReportADmin, RestoreADmin, ScriptLogic, Security Lifecycle Map, SelfServiceADmin, SharePlex, Sitraka, SmartAlarm, Spotlight, SQL Navigator, SQL Watch, SQLab, Stat, StealthCollect, Storage Horizon, Tag and Follow, Toad, T.O.A.D., Toad World, vautomator, vcontrol, vconverter, vfoglight, voptimizer, vranger, Vintela, Virtual DBA, VizionCore, Vizioncore vautomation Suite, Vizioncore vbackup, Vizioncore vessentials, Vizioncore vmigrator, Vizioncore vreplicator, WebDefender, Webthority, Xaffire, and XRT are trademarks and registered trademarks of Quest Software, Inc in the United States of America and other countries. Other trademarks and registered trademarks used in this guide are property of their respective owners. Updated [September, 2011] 9

11 About Quest Software, Inc. Quest Software (Nasdaq: QSFT) simplifies and reduces the cost of managing IT for more than 100,000 customers worldwide. Our innovative solutions make solving the toughest IT management problems easier, enabling customers to save time and money across physical, virtual and cloud environments. For more information about Quest solutions for administration and automation, data protection, development and optimization, identity and access management, migration and consolidation, and performance monitoring, go to Contacting Quest Software PHONE (United States and Canada) If you are located outside North America, you can find your local office information on our Web site. MAIL Quest Software, Inc. World Headquarters 5 Polaris Way Aliso Viejo, CA USA Contacting Quest Support Quest Support is available to customers who have a trial version of a Quest product or who have purchased a commercial version and have a valid maintenance contract. Quest Support provides around-the-clock coverage with SupportLink, our Web self-service. Visit SupportLink at https://support.quest.com. SupportLink gives users of Quest Software products the ability to: Search Quest s online Knowledgebase Download the latest releases, documentation and patches for Quest products Log support cases Manage existing support cases View the Global Support Guide for a detailed explanation of support programs, online services, contact information and policies and procedures. TBW-Q1P-AccAppliance-US-SW-BODY

An Introduction to Toad Extension for Visual Studio. Written By Thomas Klughardt Systems Consultant Quest Software, Inc.

An Introduction to Toad Extension for Visual Studio. Written By Thomas Klughardt Systems Consultant Quest Software, Inc. An Introduction to Toad Extension for Visual Studio Written By Thomas Klughardt Systems Consultant Quest Software, Inc. Contents Introduction... 2 Installation... 3 Creating Projects... 4 Working with

More information

10.2. Auditing Cisco PIX Firewall with Quest InTrust

10.2. Auditing Cisco PIX Firewall with Quest InTrust 10.2 Auditing Cisco PIX Firewall with Quest InTrust 2010 Quest Software, Inc. ALL RIGHTS RESERVED. This guide contains proprietary information protected by copyright. The software described in this guide

More information

Direct Migration from SharePoint 2003 to SharePoint 2010

Direct Migration from SharePoint 2003 to SharePoint 2010 Direct Migration from SharePoint 2003 to SharePoint 2010 It s Easy with Quest Migration Manager for SharePoint Written By Alexander Kirillov, Quest Software TECHNICAL BRIEF 2010 Quest Software, Inc. ALL

More information

Secure and Efficient Log Management with Quest OnDemand

Secure and Efficient Log Management with Quest OnDemand Secure and Efficient Log Management with Quest OnDemand TECHNICAL BRIEF 2011 Quest Software, Inc. ALL RIGHTS RESERVED. This document contains proprietary information protected by copyright. No part of

More information

Migrating Your Applications to the Cloud

Migrating Your Applications to the Cloud Migrating Your Applications to the Cloud How to Overcome the Challenges and Reduce the Costs Written By Quest Software, Inc. Contents Abstract... 2 Introduction... 3 What is the Cloud?... 3 Current and

More information

Taking Unix Identity and Access Management to the Next Level

Taking Unix Identity and Access Management to the Next Level Taking Unix Identity and Access Management to the Next Level Now that you ve taken care of local users and groups what s next? Written by Quest Software, Inc. TECHNICAL BRIEF 2010 Quest Software, Inc.

More information

Go Beyond Basic Up/Down Monitoring

Go Beyond Basic Up/Down Monitoring Go Beyond Basic Up/Down Monitoring Extending the Value of SCOM with Spotlight on SQL Server Enterprise and Foglight Performance Analysis for SQL Server Introduction Microsoft Systems Center Operations

More information

Eight Best Practices for Identity and Access Management

Eight Best Practices for Identity and Access Management Eight Best Practices for Identity and Access Management BUSINESS BRIEF 2011 Quest Software, Inc. ALL RIGHTS RESERVED. This document contains proprietary information protected by copyright. No part of this

More information

Quest Management Agent for Forefront Identity Manager

Quest Management Agent for Forefront Identity Manager Quest Management Agent for Forefront Identity Manager Version 1.0 Administrator Guide 2010 Quest Software, Inc. ALL RIGHTS RESERVED. This guide contains proprietary information protected by copyright.

More information

Foglight 5.5.4.5 for SQL Server

Foglight 5.5.4.5 for SQL Server Foglight 5.5.4.5 for SQL Server Managing SQL Server Database Systems 2010 Quest Software, Inc. ALL RIGHTS RESERVED. This guide contains proprietary information protected by copyright. The software described

More information

Quest ChangeAuditor 5.0. For Windows File Servers. Events Reference

Quest ChangeAuditor 5.0. For Windows File Servers. Events Reference Quest ChangeAuditor For Windows File Servers 5.0 Events Reference 2010 Quest Software, Inc. ALL RIGHTS RESERVED. This guide contains proprietary information protected by copyright. The software described

More information

Using Stat with Custom Applications

Using Stat with Custom Applications Using Stat with Custom Applications Written by Quest Software Inc. TECHNICAL BRIEF 2010 Quest Software, Inc. ALL RIGHTS RESERVED. This document contains proprietary information protected by copyright.

More information

Key Methods for Managing Complex Database Environments

Key Methods for Managing Complex Database Environments Key Methods for Managing Complex Database Environments Written by Dave Pearson Senior Project Manager Quest Software, Inc. WHITE PAPER Contents Abstract... 4 Introduction... 5 Balancing Key Business Needs...

More information

Quest One Password Manager

Quest One Password Manager Quest One Password Manager Version 5.0 User Guide 2013 Quest Software, Inc. ALL RIGHTS RESERVED. This guide contains proprietary information protected by copyright. The software described in this guide

More information

Toad for Oracle Compatibility with Windows 7 Revealed

Toad for Oracle Compatibility with Windows 7 Revealed Toad for Oracle Compatibility with Windows 7 Revealed Written by John Pocknell Quest Software TECHNICAL BRIEF Contents Contents... 1 Abstract... 2 Introduction... 3 Testing... 4 Possible Issues... 5 Issue

More information

Six Steps to Achieving Data Access Governance. Written By Quest Software

Six Steps to Achieving Data Access Governance. Written By Quest Software Six Steps to Achieving Data Access Governance Written By Quest Software Contents Abstract... 2 It s the Wild West Out There... 3 The Problems with Current Practices... 4 Inefficiency... 4 Ineffectiveness...

More information

Proactive Performance Management for Enterprise Databases

Proactive Performance Management for Enterprise Databases Proactive Performance Management for Enterprise Databases Written by Dave Pearson, Senior Product Manager, Quest Software, Inc. WHITE PAPER 2010 Quest Software, Inc. ALL RIGHTS RESERVED. This document

More information

Foglight 5.5.4.5 for SQL Server

Foglight 5.5.4.5 for SQL Server Foglight 5.5.4.5 for SQL Server Managing SQL Server Database Systems 2010 Quest Software, Inc. ALL RIGHTS RESERVED. This guide contains proprietary information protected by copyright. The software described

More information

How Password Lifecycle Management Can Save Money and Improve Security

How Password Lifecycle Management Can Save Money and Improve Security How Password Lifecycle Management Can Save Money and Improve Security by Don Jones Quest Software, Inc. WHITE PAPER 2010 Quest Software, Inc. ALL RIGHTS RESERVED. This document contains proprietary information

More information

2007 Quest Software, Inc. ALL RIGHTS RESERVED. TRADEMARKS. Disclaimer

2007 Quest Software, Inc. ALL RIGHTS RESERVED. TRADEMARKS. Disclaimer What s New 6.7 2007 Quest Software, Inc. ALL RIGHTS RESERVED. This guide contains proprietary information protected by copyright. The software described in this guide is furnished under a software license

More information

An Innovative Approach to SOAP Monitoring. Written By Quest Software

An Innovative Approach to SOAP Monitoring. Written By Quest Software An Innovative Approach to SOAP Monitoring Written By Quest Software Contents Introduction...2 SOAP Overview...3 The SOAP Monitoring Challenge...6 From the Service Consumer Perspective...6 From the Service

More information

The Active Directory Management and Security You ve Always Dreamed Of

The Active Directory Management and Security You ve Always Dreamed Of The Active Directory Management and Security You ve Always Dreamed Of Written by Don Jones Co-founder, Concentrated Technology WHITE PAPER 2011 Quest Software, Inc. ALL RIGHTS RESERVED. This document contains

More information

Five Tips for Effective Backup and Recovery in Virtual Environments

Five Tips for Effective Backup and Recovery in Virtual Environments Five Tips for Effective Backup and Recovery in Virtual Environments Written by Daniel Lord Sr. Product Marketing Manager Quest Software, Inc. WHITE PAPER Contents Abstract... 3 Introduction... 4 Our Five

More information

The Case for Quest One Identity Manager

The Case for Quest One Identity Manager The Case for Quest One Identity Manager How Four Organizations Simplified and Transformed Identity and Access Management BUSINESS BRIEF 2010 Quest Software, Inc. ALL RIGHTS RESERVED. This document contains

More information

Enterprise Single Sign-On 8.0.3

Enterprise Single Sign-On 8.0.3 For Internal Use Only Enterprise Single Sign-On 8.0.3 Additional Dedicated Server Instance Copyright 1998-2009 Quest Software and/or its Licensors ALL RIGHTS RESERVED. This publication contains proprietary

More information

Achieving ISO/IEC 27001 Compliance with Quest One Solutions for Privileged Access. Written By Quest Software, Inc.

Achieving ISO/IEC 27001 Compliance with Quest One Solutions for Privileged Access. Written By Quest Software, Inc. Achieving ISO/IEC 27001 Compliance with Quest One Solutions for Privileged Access Written By Quest Software, Inc. Contents Abstract... 2 Introduction... 3 About BS ISO/IEC 27001:2005... 3 About ISO 27001

More information

How to Use Custom Site Templates and Definitions supporting Corporate look-and-feel

How to Use Custom Site Templates and Definitions supporting Corporate look-and-feel l 10.3 1.0 Installation Auditing and Configuration Microsoft ISA Server Guide How to Use Custom Site Templates and Definitions supporting Corporate look-and-feel 2010 Quest Software, Inc. ALL RIGHTS RESERVED.

More information

6.0. Planning for Capacity in Virtual Environments Reference Guide

6.0. Planning for Capacity in Virtual Environments Reference Guide 6.0 Planning for Capacity in Virtual Environments 2009 Quest Software, Inc. ALL RIGHTS RESERVED. This guide contains proprietary information protected by copyright. The software described in this guide

More information

Top Seven Tips and Tricks for Group Policy in Windows 7

Top Seven Tips and Tricks for Group Policy in Windows 7 Top Seven Tips and Tricks for Group Policy in Windows 7 Written by Jeremy Moskowitz, Microsoft Group Policy MVP, GPanswers.com WHITE PAPER 2010 Quest Software, Inc. ALL RIGHTS RESERVED. This document contains

More information

Enterprise Single Sign-On 8.0.3 Installation and Configuration Guide

Enterprise Single Sign-On 8.0.3 Installation and Configuration Guide Enterprise Single Sign-On 8.0.3 Installation and Configuration Guide Dedicated Directory Replication Copyright 1998-2009 Quest Software and/or its Licensors ALL RIGHTS RESERVED. This publication contains

More information

Image-Based Data Protection: Simply Better Data Protection

Image-Based Data Protection: Simply Better Data Protection Image-Based Data Protection: Simply Better Data Protection Gain Net Savings of $15 for Every $1 Invested in Image-Based Data Protection Technologies Such as Quest vranger Written by Quest Server Virtualization

More information

How to Use Custom Site Templates and Definitions supporting Corporate look-and-feel

How to Use Custom Site Templates and Definitions supporting Corporate look-and-feel l 10.3 1.0 Auditing Installation and and Monitoring Configuration Microsoft Guide IIS How to Use Custom Site Templates and Definitions supporting Corporate look-and-feel 2010 Quest Software, Inc. ALL RIGHTS

More information

Nine Key Features of SharePoint 2010 that Simplify SharePoint Administration

Nine Key Features of SharePoint 2010 that Simplify SharePoint Administration Nine Key Features of SharePoint 2010 that Simplify SharePoint Administration Written by Joel Oleson Senior Architect Quest Software, Inc. WHITE PAPER 2010 Quest Software, Inc. ALL RIGHTS RESERVED. This

More information

Desktop to Cloud. Browser Migration in the Enterprise. Written By Quest Software, Inc.

Desktop to Cloud. Browser Migration in the Enterprise. Written By Quest Software, Inc. Desktop to Cloud Browser Migration in the Enterprise Written By Quest Software, Inc. Contents Abstract... 2 Introduction... 3 The Growth of Cloud Computing... 4 The Challenges... 5 Challenges in Migrating

More information

8.0. Quick Start Guide

8.0. Quick Start Guide 8.0 Quick Start Guide 2011 Quest Software, Inc. ALL RIGHTS RESERVED. This guide contains proprietary information protected by copyright. The software described in this guide is furnished under a software

More information

Quest Application Performance Monitoring Implementation Methodology

Quest Application Performance Monitoring Implementation Methodology Quest Application Performance Monitoring Implementation Methodology 02-03-11 1 Contents Contents... 2 Objectives... 3 Quest APM Implementation Phases... 4 Phase I: Business Requirements Assessment... 4

More information

The Active Directory Recycle Bin: The End of Third-Party Recovery Tools?

The Active Directory Recycle Bin: The End of Third-Party Recovery Tools? The Active Directory Recycle Bin: The End of Third-Party Recovery Tools? Written by Don Jones Microsoft MVP White Paper 2009 Quest Software, Inc. All rights reserved. This guide contains proprietary information,

More information

Are You Spending More than You Realize on Active Directory Management?

Are You Spending More than You Realize on Active Directory Management? Are You Spending More than You Realize on Active Directory Management? Curbing Costs with Unified AD Management Written By Jeffery D. Hicks Principal Consultant JDH Information Technology Solutions, Inc.

More information

Quest vworkspace 7.1. Microsoft RD Session Host/Terminal Server Quick Start Guide

Quest vworkspace 7.1. Microsoft RD Session Host/Terminal Server Quick Start Guide Quest vworkspace 7.1 Microsoft RD Session Host/Terminal Server Quick Start Guide 2010 Quest Software, Inc. ALL RIGHTS RESERVED. Patents Pending. This guide contains proprietary information protected by

More information

Quest Site Administrator 4.4

Quest Site Administrator 4.4 Quest Site Administrator 4.4 for SharePoint Product Overview 2011 Quest Software, Inc. ALL RIGHTS RESERVED. This guide contains proprietary information, which is protected by copyright. The software described

More information

2010 Quest Software, Inc. ALL RIGHTS RESERVED. Trademarks. Third Party Contributions

2010 Quest Software, Inc. ALL RIGHTS RESERVED. Trademarks. Third Party Contributions 4.9 Evaluator Guide 2010 Quest Software, Inc. ALL RIGHTS RESERVED. This guide contains proprietary information protected by copyright. The software described in this guide is furnished under a software

More information

Protecting and Auditing Active Directory with Quest Solutions

Protecting and Auditing Active Directory with Quest Solutions Protecting and Auditing Active Directory with Quest Solutions Written by Randy Franklin Smith CEO, Monterey Technology Group, Inc. Publisher of UltimateWindowsSecurity.com TECHNICAL BRIEF 2010 Quest Software,

More information

Quest Support: vworkspace Troubleshooting Guide. Version 1.0

Quest Support: vworkspace Troubleshooting Guide. Version 1.0 Quest Support: vworkspace Troubleshooting Guide Version 1.0 2010 Quest Software, Inc. ALL RIGHTS RESERVED. This guide contains proprietary information protected by copyright. The software described in

More information

2009 Quest Software, Inc. ALL RIGHTS RESERVED. Trademarks. Disclaimer

2009 Quest Software, Inc. ALL RIGHTS RESERVED. Trademarks. Disclaimer 6.5 User Guide 2009 Quest Software, Inc. ALL RIGHTS RESERVED. This guide contains proprietary information protected by copyright. The software described in this guide is furnished under a software license

More information

The Quest Cloud Automation Platform

The Quest Cloud Automation Platform The Quest Cloud Automation Platform Written by Dave Malcom Vice President and Chief Technologist, Virtualization and Cloud, Quest Software, Inc. BUSINESS BRIEF Contents Abstract... 3 Introduction... 4

More information

Foglight 5.2.0. Foglight Experience Viewer (FxV) Upgrade Field Guide

Foglight 5.2.0. Foglight Experience Viewer (FxV) Upgrade Field Guide Foglight 5.2.0 Foglight Experience Viewer (FxV) 2009 Quest Software, Inc. ALL RIGHTS RESERVED. This guide contains proprietary information protected by copyright. The software described in this guide is

More information

SHAREPOINT 2010. Best Practices for Preparing for SharePoint Migrations. Colin Spence IN FOUR EASY STEPS. Written by

SHAREPOINT 2010. Best Practices for Preparing for SharePoint Migrations. Colin Spence IN FOUR EASY STEPS. Written by Best Practices for Preparing for SharePoint Migrations Written by SHAREPOINT 2010 Colin Spence IN FOUR EASY STEPS MCP and MCTS in SharePoint, and Partner, Convergent Computing Prepare, Migrate, Manage

More information

Exchange 2010 and Your Audit Strategy

Exchange 2010 and Your Audit Strategy Exchange 2010 and Your Audit Strategy Authors Valentine Boiarkine Software Architect, Blade Contributors Jamie Manuel Product Marketing Manager, Quest Software Keith Bick Editor, Blade WHITE PAPER 2010

More information

Enterprise Single Sign-On. The Holy Grail of Computing

Enterprise Single Sign-On. The Holy Grail of Computing Enterprise Single Sign-On. The Holy Grail of Computing Written by Jackson Shaw Senior Director, Product Management Identity and Access Management, Quest Software Inc. Technical Brief 2009 Quest Software,

More information

IT Consolidation in the Public Sector: How to Achieve IT Optimization

IT Consolidation in the Public Sector: How to Achieve IT Optimization IT Consolidation in the Public Sector: How to Achieve IT Optimization Written by Quest Software, Inc. WHITE PAPER 2010 Quest Software, Inc. ALL RIGHTS RESERVED. This document contains proprietary information

More information

6.5. Web Interface. User Guide

6.5. Web Interface. User Guide 6.5 Web Interface User Guide 2009 Quest Software, Inc. ALL RIGHTS RESERVED. This guide contains proprietary information protected by copyright. The software described in this guide is furnished under a

More information

Controlling & Managing Super User Access

Controlling & Managing Super User Access Controlling & Managing Super User Access A Primer on Privileged Account Management Written by Kris Zupan Chief Architect Quest Software WHITE PAPER 2011 Quest Software, Inc. ALL RIGHTS RESERVED. This document

More information

A Governance Guide for Hybrid SharePoint Migrations. Written By Chris Beckett Information Systems Architect and SharePoint Solutions Specialist

A Governance Guide for Hybrid SharePoint Migrations. Written By Chris Beckett Information Systems Architect and SharePoint Solutions Specialist A Governance Guide for Hybrid SharePoint Migrations Written By Chris Beckett Information Systems Architect and SharePoint Solutions Specialist Contents Abstract... 2 Introduction... 3 Understanding Cloud

More information

Top Five Reasons to Choose Toad Over SQL Developer

Top Five Reasons to Choose Toad Over SQL Developer Top Five Reasons to Choose Toad Over SQL Developer Written By: John Pocknell Senior Product Manager Quest Software Contents Abstract... 2 Introduction... 3 Toad for Oracle... 5 SQL Developer... 7 Top Five

More information

Best Practices Guide for IT Governance & Compliance

Best Practices Guide for IT Governance & Compliance Best Practices Guide for IT Governance & Compliance Assess, Audit/Alert, and Remediate Written By Quest Software Contents Abstract... 3 Introduction... 4 Key Steps to Maintaining Compliance... 5 Overview...

More information

Best Practices for SharePoint Development and Customization

Best Practices for SharePoint Development and Customization Best Practices for SharePoint Development and Customization Written By: Mario Fulan, MCM, Account Technology Strategist, Microsoft Ricardo Wilkins, SharePoint Practice Lead, Improving Enterprises Contents

More information

Moving to the Cloud : Best Practices for Migrating from Novell GroupWise to Microsoft Exchange Online Standard

Moving to the Cloud : Best Practices for Migrating from Novell GroupWise to Microsoft Exchange Online Standard Moving to the Cloud : Best Practices for Migrating from Novell GroupWise to Microsoft Exchange Online Standard Written by Keith Ridings, Product Manager, GroupWise Migration Dan Gauntner, Product Marketing

More information

8.6 Migrating to Exchange 2010

8.6 Migrating to Exchange 2010 8.6 Migrating to Exchange 2010 2010 Quest Software, Inc. ALL RIGHTS RESERVED. This guide contains proprietary information protected by copyright. The software described in this guide is furnished under

More information

Foglight 5.6.4. Managing SQL Server Database Systems Getting Started Guide. for SQL Server

Foglight 5.6.4. Managing SQL Server Database Systems Getting Started Guide. for SQL Server Foglight for SQL Server 5.6.4 Managing SQL Server Database Systems Getting Started Guide 2012 Quest Software, Inc. ALL RIGHTS RESERVED. This guide contains proprietary information protected by copyright.

More information

Using Self Certified SSL Certificates. Paul Fisher. Quest Software. Systems Consultant. Desktop Virtualisation Group

Using Self Certified SSL Certificates. Paul Fisher. Quest Software. Systems Consultant. Desktop Virtualisation Group Using Self Certified SSL Certificates Paul Fisher Systems Consultant paul.fisher@quest.com Quest Software Desktop Virtualisation Group Quest Software (UK) Limited Ascot House Maidenhead Office Park Westacott

More information

Quest SQL Optimizer 6.5. for SQL Server. Installation Guide

Quest SQL Optimizer 6.5. for SQL Server. Installation Guide Quest SQL Optimizer for SQL Server 6.5 2008 Quest Software, Inc. ALL RIGHTS RESERVED. This guide contains proprietary information protected by copyright. The software described in this guide is furnished

More information

4.0. Offline Folder Wizard. User Guide

4.0. Offline Folder Wizard. User Guide 4.0 Offline Folder Wizard User Guide Copyright Quest Software, Inc. 2007. All rights reserved. This guide contains proprietary information, which is protected by copyright. The software described in this

More information

Foglight. Managing Java EE Systems Supported Platforms and Servers Guide

Foglight. Managing Java EE Systems Supported Platforms and Servers Guide Foglight Managing Java EE Systems Supported Platforms and Servers Guide 2013 Quest Software, Inc. ALL RIGHTS RESERVED. This guide contains proprietary information protected by copyright. The software described

More information

Foglight for Oracle. Managing Oracle Database Systems Getting Started Guide

Foglight for Oracle. Managing Oracle Database Systems Getting Started Guide Foglight for Oracle Managing Oracle Database Systems Getting Started Guide 2014 Quest Software, Inc. ALL RIGHTS RESERVED. This guide contains proprietary information protected by copyright. The software

More information

System Requirements and Platform Support Guide

System Requirements and Platform Support Guide Foglight 5.6.7 System Requirements and Platform Support Guide 2013 Quest Software, Inc. ALL RIGHTS RESERVED. This guide contains proprietary information protected by copyright. The software described in

More information

Quest vworkspace Virtual Desktop Extensions for Linux

Quest vworkspace Virtual Desktop Extensions for Linux Quest vworkspace Virtual Desktop Extensions for Linux What s New Version 7.6 2012 Quest Software, Inc. ALL RIGHTS RESERVED. Patents Pending. This guide contains proprietary information protected by copyright.

More information

Foglight 5.6.5.2. Managing SQL Server Database Systems Getting Started Guide. for SQL Server

Foglight 5.6.5.2. Managing SQL Server Database Systems Getting Started Guide. for SQL Server Foglight for SQL Server 5.6.5.2 Managing SQL Server Database Systems Getting Started Guide 2013 Quest Software, Inc. ALL RIGHTS RESERVED. This guide contains proprietary information protected by copyright.

More information

Quest One Password Manager

Quest One Password Manager Quest One Password Manager Version 5.0 Administrator Guide 2013 Quest Software, Inc. ALL RIGHTS RESERVED. This guide contains proprietary information protected by copyright. The software described in this

More information

Defender Delegated Administration. User Guide

Defender Delegated Administration. User Guide Defender Delegated Administration User Guide 2012 Quest Software, Inc. ALL RIGHTS RESERVED. This guide contains proprietary information protected by copyright. The software described in this guide is furnished

More information

How to Use Custom Site Templates and Definitions supporting Corporate look-and-feel

How to Use Custom Site Templates and Definitions supporting Corporate look-and-feel l 10.3 1.0 Auditing Installation and Monitoring and Configuration Microsoft Windows Guide How to Use Custom Site Templates and Definitions supporting Corporate look-and-feel 2010 Quest Software, Inc. ALL

More information

formerly Help Desk Authority 9.1.2 Quest Free Network Tools User Manual

formerly Help Desk Authority 9.1.2 Quest Free Network Tools User Manual formerly Help Desk Authority 9.1.2 Quest Free Network Tools User Manual 2 Contacting Quest Software Email: Mail: Web site: info@quest.com Quest Software, Inc. World Headquarters 5 Polaris Way Aliso Viejo,

More information

Desktop Virtualization: Best Bet for a Dwindling IT Budget?

Desktop Virtualization: Best Bet for a Dwindling IT Budget? Desktop Virtualization: Best Bet for a Dwindling IT Budget? Where are the Actual Savings? Written by Quest Software s Desktop Virtualization Group WHITE PAPER Contents Executive Summary... 2 Hardware Savings...

More information

Quest Authentication Services 4.0. Quest Defender Integration Guide

Quest Authentication Services 4.0. Quest Defender Integration Guide Quest Authentication Services 4.0 Quest Defender Integration Guide Copyright (c) 2011 Quest Software, Inc. ALL RIGHTS RESERVED. This guide contains proprietary information protected by copyright. The software

More information

Foglight. Foglight for Virtualization, Free Edition 6.5.2. Installation and Configuration Guide

Foglight. Foglight for Virtualization, Free Edition 6.5.2. Installation and Configuration Guide Foglight Foglight for Virtualization, Free Edition 6.5.2 Installation and Configuration Guide 2013 Quest Software, Inc. ALL RIGHTS RESERVED. This guide contains proprietary information protected by copyright.

More information

Quick Connect Express for Active Directory

Quick Connect Express for Active Directory Quick Connect Express for Active Directory Version 5.2 Quick Start Guide 2012 Dell Inc. ALL RIGHTS RESERVED. This guide contains proprietary information protected by copyright. The software described in

More information

Foglight. Foglight for Virtualization, Enterprise Edition 7.2. Virtual Appliance Installation and Setup Guide

Foglight. Foglight for Virtualization, Enterprise Edition 7.2. Virtual Appliance Installation and Setup Guide Foglight Foglight for Virtualization, Enterprise Edition 7.2 Virtual Appliance Installation and Setup Guide 2014 Quest Software, Inc. ALL RIGHTS RESERVED. This guide contains proprietary information protected

More information

Foglight. Dashboard Support Guide

Foglight. Dashboard Support Guide Foglight Dashboard Support Guide 2013 Quest Software, Inc. ALL RIGHTS RESERVED. This guide contains proprietary information protected by copyright. The software described in this guide is furnished under

More information

Foglight 5.6.5. Managing SQL Server Database Systems Permissions Guide. for SQL Server

Foglight 5.6.5. Managing SQL Server Database Systems Permissions Guide. for SQL Server Foglight for SQL Server 5.6.5 Managing SQL Server Database Systems Permissions Guide 2012 Quest Software, Inc. ALL RIGHTS RESERVED. This guide contains proprietary information protected by copyright. The

More information

Data Center Consolidation Strategies for the Federal CIO

Data Center Consolidation Strategies for the Federal CIO Data Center Consolidation Strategies for the Federal CIO Written by Quest Software, Inc. WHITE PAPER Contents Abstract... 3 Introduction... 4 The Role of the CIO in Consolidation... 6 Taking the Strategic

More information

Benchmark Factory for Databases 6.5. User Guide

Benchmark Factory for Databases 6.5. User Guide Benchmark Factory for Databases 6.5 User Guide Copyright 2010 Quest Software, Inc. ALL RIGHTS RESERVED. This guide contains proprietary information protected by copyright. The software described in this

More information

Data center and cloud management. Enabling data center modernization and IT transformation while simplifying IT management

Data center and cloud management. Enabling data center modernization and IT transformation while simplifying IT management Data center and cloud management Enabling data center modernization and IT transformation while simplifying IT management 2013 Dell, Inc. ALL RIGHTS RESERVED. This document contains proprietary information

More information

ChangeAuditor 5.6. For Windows File Servers Event Reference Guide

ChangeAuditor 5.6. For Windows File Servers Event Reference Guide ChangeAuditor 5.6 For Windows File Servers Event Reference Guide 2011 Quest Software, Inc. ALL RIGHTS RESERVED. This guide contains proprietary information protected by copyright. The software described

More information

8.0. Forest Edition. Deployment Guide

8.0. Forest Edition. Deployment Guide 8.0 Forest Edition Deployment Guide 2011 Quest Software, Inc. ALL RIGHTS RESERVED. This guide contains proprietary information protected by copyright. The software described in this guide is furnished

More information

Unified and Intelligent Identity and Access Management

Unified and Intelligent Identity and Access Management Unified and Intelligent Identity and Access Management Authors Jackson Shaw Quest Software, Inc. WHITE PAPER 2011 Quest Software, Inc. ALL RIGHTS RESERVED. This document contains proprietary information

More information

Quest ChangeAuditor 4.8

Quest ChangeAuditor 4.8 Quest ChangeAuditor 4.8 Migration Guide Copyright Quest Software, Inc. 2009. All rights reserved. This guide contains proprietary information protected by copyright. The software described in this guide

More information

Choosing the Right Active Directory Bridge Solution

Choosing the Right Active Directory Bridge Solution Choosing the Right Active Directory Bridge Solution Written by Quest Software, Inc. WHITE PAPER 2010 Quest Software, Inc. ALL RIGHTS RESERVED. This document contains proprietary information protected by

More information

Quest Solutions for PCI Compliance

Quest Solutions for PCI Compliance Quest Solutions for PCI Compliance Effective Data Access Controls and Data Protection Management for Complying with the Payment Card Industry Data Security Standard Written by Quest Software, Inc. TECH

More information

2010 Quest Software, Inc. ALL RIGHTS RESERVED. Trademarks. Third Party Contributions

2010 Quest Software, Inc. ALL RIGHTS RESERVED. Trademarks. Third Party Contributions 4.9 User Guide 2010 Quest Software, Inc. ALL RIGHTS RESERVED. This guide contains proprietary information protected by copyright. The software described in this guide is furnished under a software license

More information

for Oracle 7.5.3 User Guide

for Oracle 7.5.3 User Guide Quest SQL Optimizer for Oracle 7.5.3 User Guide 2010 Quest Software, Inc. ALL RIGHTS RESERVED. This guide contains proprietary information protected by copyright. The software described in this guide is

More information

Migrating Lotus Notes Applications to Microsoft Office 365 and SharePoint Online

Migrating Lotus Notes Applications to Microsoft Office 365 and SharePoint Online Migrating Lotus Notes Applications to Microsoft Office 365 and SharePoint Online Author Steve Walch Senior Product Manager Quest Software WHITE PAPER 2011 Quest Software, Inc. ALL RIGHTS RESERVED. This

More information

Quest ActiveRoles Server

Quest ActiveRoles Server Quest ActiveRoles Server Deployment Best Practices Written by Quest Software, Inc. TECH BRIEF 2010 Quest Software, Inc. ALL RIGHTS RESERVED. This document contains proprietary information protected by

More information

Web Portal Installation Guide 5.0

Web Portal Installation Guide 5.0 Web Portal Installation Guide 5.0 2011 Quest Software, Inc. ALL RIGHTS RESERVED. This guide contains proprietary information protected by copyright. The software described in this guide is furnished under

More information

Authentication Services 4.1. Authentication Services Single Sign-on for SAP Integration Guide

Authentication Services 4.1. Authentication Services Single Sign-on for SAP Integration Guide Authentication Services 4.1 Authentication Services Single Sign-on for SAP Integration Guide Copyright 2014 Quest Software, Inc. ALL RIGHTS RESERVED. This guide contains proprietary information protected

More information

ChangeAuditor 6.0 For Windows File Servers. Event Reference Guide

ChangeAuditor 6.0 For Windows File Servers. Event Reference Guide ChangeAuditor 6.0 For Windows File Servers Event Reference Guide 2013 Quest Software, Inc. ALL RIGHTS RESERVED. This guide contains proprietary information protected by copyright. The software described

More information

Quest Collaboration Services 3.6.1. How it Works Guide

Quest Collaboration Services 3.6.1. How it Works Guide Quest Collaboration Services 3.6.1 How it Works Guide 2011 Quest Software, Inc. ALL RIGHTS RESERVED. This guide contains proprietary information protected by copyright. The software described in this guide

More information

FOR WINDOWS FILE SERVERS

FOR WINDOWS FILE SERVERS Quest ChangeAuditor FOR WINDOWS FILE SERVERS 5.1 User Guide Copyright Quest Software, Inc. 2010. All rights reserved. This guide contains proprietary information protected by copyright. The software described

More information

Dell One Identity Cloud Access Manager 8.0 - How to Configure vworkspace Integration

Dell One Identity Cloud Access Manager 8.0 - How to Configure vworkspace Integration Dell One Identity Cloud Access Manager 8.0 - How to Configure vworkspace Integration February 2015 This guide describes how to configure Dell One Identity Cloud Access Manager to communicate with a Dell

More information

8.0. Deployment Guide

8.0. Deployment Guide 8.0 Deployment Guide 2011 Quest Software, Inc. ALL RIGHTS RESERVED. This guide contains proprietary information protected by copyright. The software described in this guide is furnished under a software

More information

Quest Migration Manager 3.2

Quest Migration Manager 3.2 Quest Migration Manager 3.2 for SharePoint User Guide 2011 Quest Software, Inc. ALL RIGHTS RESERVED. This guide contains proprietary information, which is protected by copyright. The software described

More information

Ten Things to Look for in a SharePoint Recovery Tool

Ten Things to Look for in a SharePoint Recovery Tool Ten Things to Look for in a SharePoint Recovery Tool Written by Ilia Sotnikov Product Manager, SharePoint Management Solutions Quest Software, Inc. White Paper Copyright Quest Software, Inc. 2009. All

More information