Secure and Efficient Log Management with Quest® OnDemand
TECHNICAL BRIEF
© 2011 Quest Software, Inc. ALL RIGHTS RESERVED. This document contains proprietary information protected by copyright. No part of this document may be reproduced or transmitted in any form or by any means, electronic or mechanical, including photocopying and recording for any purpose without the written permission of Quest Software, Inc. (―Quest‖). The information in this document is provided in connection with Quest products. No license, express or implied, by estoppel or otherwise, to any intellectual property right is granted by this document or in connection with the sale of Quest products. EXCEPT AS SET FORTH IN QUEST'S TERMS AND CONDITIONS AS SPECIFIED IN THE LICENSE AGREEMENT FOR THIS PRODUCT, QUEST ASSUMES NO LIABILITY WHATSOEVER AND DISCLAIMS ANY EXPRESS, IMPLIED OR STATUTORY WARRANTY RELATING TO ITS PRODUCTS INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTY OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, OR NONINFRINGEMENT. IN NO EVENT SHALL QUEST BE LIABLE FOR ANY DIRECT, INDIRECT, CONSEQUENTIAL, PUNITIVE, SPECIAL OR INCIDENTAL DAMAGES (INCLUDING, WITHOUT LIMITATION, DAMAGES FOR LOSS OF PROFITS, BUSINESS INTERRUPTION OR LOSS OF INFORMATION) ARISING OUT OF THE USE OR INABILITY TO USE THIS DOCUMENT, EVEN IF QUEST HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. Quest makes no representations or warranties with respect to the accuracy or completeness of the contents of this document and reserves the right to make changes to specifications and product descriptions at any time without notice. Quest does not make any commitment to update the information contained in this document. If you have any questions regarding your potential use of this material, contact: Quest Software World Headquarters LEGAL Dept 5 Polaris Way Aliso Viejo, CA 92656 www.quest.com E-mail:
[email protected] Refer to our Web site for regional and international office information.
Trademarks Quest, Quest Software, the Quest Software logo, AccessManager, ActiveRoles, Aelita, Akonix, AppAssure, Benchmark Factory, Big Brother, BridgeAccess, BridgeAutoEscalate, BridgeSearch, BridgeTrak, BusinessInsight, ChangeAuditor, ChangeManager, Defender, DeployDirector, Desktop Authority, DirectoryAnalyzer, DirectoryTroubleshooter, DS Analyzer, DS Expert, Foglight, GPOADmin, Help Desk Authority, Imceda, IntelliProfile, InTrust, Invirtus, iToken, I/Watch, JClass, Jint, JProbe, LeccoTech, LiteSpeed, LiveReorg, LogADmin, MessageStats, Monosphere, MultSess, NBSpool, NetBase, NetControl, Npulse, NetPro, PassGo, PerformaSure, Point,Click,Done!, PowerGUI, Quest Central, Quest vToolkit, Quest vWorkSpace, ReportADmin, RestoreADmin, ScriptLogic, Security Lifecycle Map, SelfServiceADmin, SharePlex, Sitraka, SmartAlarm, Spotlight, SQL Navigator, SQL Watch, SQLab, Stat, StealthCollect, Storage Horizon, Tag and Follow, Toad, T.O.A.D., Toad World, vAutomator, vControl, vConverter, vFoglight, vOptimizer, vRanger, Vintela, Virtual DBA, VizionCore, Vizioncore vAutomation Suite, Vizioncore vBackup, Vizioncore vEssentials, Vizioncore vMigrator, Vizioncore vReplicator, WebDefender, Webthority, Xaffire, and XRT are trademarks and registered trademarks of Quest Software, Inc in the United States of America and other countries. Other trademarks and registered trademarks used in this guide are property of their respective owners.
Technical Brief: Secure and Efficient Log Management with Quest® OnDemand
1
Contents Abstract ......................................................................................................................................................... 3 Introduction.................................................................................................................................................... 4 Quest OnDemand vs. On-Premises: Choosing the Right Solution............................................................... 5 About Quest OnDemand ........................................................................................................................... 5 Benefits of Quest OnDemand .................................................................................................................... 5 Auto-deploy ............................................................................................................................................ 5 Auto-update ........................................................................................................................................... 5 What about Security?................................................................................................................................. 6 OnDemand Log Management ....................................................................................................................... 7 Installing and Configuring OnDemand Log Management.......................................................................... 7 Using OnDemand Log Management ......................................................................................................... 9 Secure and Automated Event Monitoring in Real Time......................................................................... 9 Reviewing Key Log Management Information ....................................................................................... 9 Pre-defined Event Searches ................................................................................................................ 10 Customize Your Search ....................................................................................................................... 10 Reporting ............................................................................................................................................. 11 Alerting ................................................................................................................................................. 12 Conclusion................................................................................................................................................... 13 For More Information ................................................................................................................................... 14
Technical Brief: Secure and Efficient Log Management with Quest® OnDemand
2
Abstract Small- to medium-size businesses can realize significant benefits by using Quest OnDemand, Quest’s cloud-based IT management solutions. Quest OnDemand solutions securely provide Windows management services on a pay-as-you-go basis without requiring traditional on-premises deployment or maintenance – simply download a small agent to your existing infrastructure and you’re ready to go. This technical brief explains the benefits and security of the Quest OnDemand solutions, and then details how to install, configure and use OnDemand Log Management.
Technical Brief: Secure and Efficient Log Management with Quest® OnDemand
3
Introduction Managing the IT network of a small- to medium-size business (SMB) with a limited budget is challenging—and critical. Because many system tools and applications depend on the Windows infrastructure, even an hour of system downtime can have disastrous consequences on the company’s productivity and bottom line. Quest Software’s OnDemand solutions provide the SMB with an affordable alternative that simplifies IT management, reduces staffing costs, and improves system performance. OnDemand solutions do not require traditional on-premises deployment or maintenance and are designed to ensure 24x7 availability. This technical brief explains the benefits and security of the Quest OnDemand solutions, and then describes installing, configuring and using OnDemand Log Management.
Technical Brief: Secure and Efficient Log Management with Quest® OnDemand
4
Quest OnDemand vs. On-Premises: Choosing the Right Solution About Quest OnDemand Quest OnDemand solutions enable you to focus on your core business rather than devoting your time and resources to managing your infrastructure. For organizations that have made the strategic decision to manage all or part of their Windows environments with cloud-based services, adopting an SaaS strategy provides important security and management capabilities while eliminating application maintenance and minimizing upfront costs.
Benefits of Quest OnDemand With Quest OnDemand solutions, you can spend less time and budget managing your Windows infrastructure. OnDemand solutions seamlessly and securely provide the solutions you need with flexible subscription-based pricing, enabling you to affordably spread your investment over time. There are significant benefits to using the Quest OnDemand solutions:
Auto-deploy Quest OnDemand solutions use a web-based delivery method. A small agent is automatically deployed; there is no need to download or install any software. This simple deployment process ensures that your solutions are quickly implemented and available for use, providing you with a fast ROI. OnDemand solutions are scalable to any size environment.
Auto-update New functionality, updates and bug fixes are deployed automatically – you no longer have to install updates or patches.
Single Point of Access Registering for a Quest OnDemand solution is fast and easy and all solutions can be accessed from a single portal. Quest OnDemand solutions also provide role and permissions management, enabling you to delegate access to both internal and external users.
Security Assurance OnDemand solutions use encryption and SAML-based security access controls to ensure your data is protected in transit and at rest. The solutions also use the Windows Identity Foundation (WIF) for identity management, authentication and authorization, and your data is securely stored on the Windows Azure platform.
Remote Access OnDemand solutions are accessible anytime, from any location, with a supported web browser.
Predictable Costs Subscription-based pricing enables you to immediately access the solution you need, while spreading your investment over time. For more information on choosing the right solution, read the white paper, The Business Case for Software as a Service, written by Microsoft MVP Don Jones.
Technical Brief: Secure and Efficient Log Management with Quest® OnDemand
5
What about Security? Some organizations may be concerned about the security of data stored in the cloud, but in reality security is a major reason why they should consider moving to the cloud. Data hosted in the cloud with Quest OnDemand solutions has a very high level of security: Security of data in transit – Data stored using a Quest OnDemand solution is transferred to a Microsoft Azure data center using SSL encryption. Security of data in storage – After transit, your data is stored in a separate data container protected with a SAML-based access control system. Security of the physical data center – The physical data center is subjected to stringent security requirements and must pass regular audits and certifications, including SAS 70 Type I and Type II as well as ISO/IEC 27001:2005. Quest OnDemand’s data security is illustrated in Figure 1:
Figure 1. The transfer and storage of company data from the company’s workstation to the Quest OnDemand service using Microsoft’s Azure platform
For more information about security, read the white paper, Addressing Security and Data Ownership Issues when Choosing a SaaS Provider, written by Microsoft MVP Greg Shields.
Technical Brief: Secure and Efficient Log Management with Quest® OnDemand
6
OnDemand Log Management Meeting IT compliance and security auditing requirements means reporting on user activity on the network—often to multiple stakeholders with disparate reporting requirements. In order to deliver these audit reports, organizations must collect, store and report on data in Windows event logs. This is challenging for understaffed IT departments in small- and medium-size businesses, where IT professionals may have to wear many hats at once. On-premises log management solutions can be expensive to support and maintain, with ever-growing hardware and storage requirements. The IT staff must provide backup and recovery, manage patches, and install and maintain antivirus software and updates. Administrators in SMBs need an automated, flexible and secure solution without the overhead of traditional on-premises deployment and maintenance.
Installing and Configuring OnDemand Log Management In a short process, you can download and deploy the OnDemand agent in your Windows environment. You need to grant the agent administrative rights so that it can collect the event logs. You can opt to install additional agent modules that provide extended auditing of user access to critical infrastructure resources such as Active Directory and File Systems.
Figure 2. You can install extended auditing for Active Directory and File Systems
Technical Brief: Secure and Efficient Log Management with Quest® OnDemand
7
Once the agent is in place, you select the type of event logs you want to collect:
Figure 3. Choose which event logs to collect
The log data is streamed securely via SSL transfer to your company’s specific compartment in the Microsoft Azure data center. You are the only one who will have the ability to access or grant others access to this data.
Technical Brief: Secure and Efficient Log Management with Quest® OnDemand
8
Using OnDemand Log Management Secure and Automated Event Monitoring in Real Time Quest OnDemand Log Management monitors events in real time, enabling you to respond immediately to problems and ensuring adherence to compliance regulations. All collected events are stored in a secure OnDemand repository, reducing the volume of event log storage needed on premises. And since Quest OnDemand Log Management automates the collection of event logs, administrators are available for more strategic projects.
Reviewing Key Log Management Information You can get an overview of key log management statistics from the home page dashboard:
Figure 4. The OnDemand Log Management home page provides key event statistics at a glance
Technical Brief: Secure and Efficient Log Management with Quest® OnDemand
9
Pre-defined Event Searches Just click on one of the pre-defined searches and start your investigation with only events you need:
Figure 5. Pre-defined searches let you quickly start the investigation
Customize Your Search Tune your search by simply typing words or phrases you’re looking for, or by applying easy to use filters to selected event columns like the user name or event ID:
Figure 6. Searching for a specific event is quick and easy
Technical Brief: Secure and Efficient Log Management with Quest® OnDemand
10
Reporting Any search that you created can be easily exported to several output formats including those supported by many applications, CSV files and printer-friendly PDF documents:
Figure 7. Results of any search can be exported to a variety of file formats
The resulting reports can be handed over to external or internal auditors as a proof of compliance to requirements imposed by various IT affecting regulations like PCI, DSS, SOX, HIPAA and others:
Figure 8. Reports can serve as an evidence of compliance with internal policies or external regulations
Technical Brief: Secure and Efficient Log Management with Quest® OnDemand
11
Alerting Just like with reports, you can easily turn any search to an alert to be delivered to the inbox of the designated administrator every time the event you deemed important is detected by OnDemand Log Management on any of the monitored computers:
Figure 9. Recieve email alerts as critical events happen
Technical Brief: Secure and Efficient Log Management with Quest® OnDemand
12
Conclusion Every organization, large or small, needs to collect, store, report and alert on event data. On-premises log management solutions may work well for large organizations with extensive IT staffs and budgets, but small- to medium-size businesses often do not have those resources. To help, Quest offers cloud-based IT management solutions that securely provide Windows management services on a pay-as-you-go basis without requiring traditional on-premises deployment or maintenance. Quest OnDemand Log Management frees your organization from the cost and complexity of managing log storage by storing your event log data in a secure repository off-site. OnDemand Log Management also automates the collection of event logs and monitors events in real time, enabling you to reduce onsite administrative work by enabling you to respond immediately to problems and comply with internal policies and external regulations.
Technical Brief: Secure and Efficient Log Management with Quest® OnDemand
13
For More Information To learn more about Quest OnDemand Log Management or to sign up for a free 30-day trial, please visit www.quest.com/ondemand.
Technical Brief: Secure and Efficient Log Management with Quest® OnDemand
14
TECHNICAL BRIEF
About Quest Software, Inc. Quest Software (Nasdaq: QSFT) simplifies and reduces the cost of managing IT for more than 100,000 customers worldwide. Our innovative solutions make solving the toughest IT management problems easier, enabling customers to save time and money across physical, virtual and cloud environments. For more information about Quest solutions for application management, database management, Windows management, virtualization management and IT management, go to www.quest.com.
Contacting Quest Software PHONE
800.306.9329 (United States and Canada)
If you are located outside North America, you can find your
local office information on our Web site.
EMAIL
[email protected]
MAIL
Quest Software, Inc.
World Headquarters
5 Polaris Way
Aliso Viejo, CA 92656
USA
Contacting Quest Support Quest Support is available to customers who have a trial version of a Quest product or who have purchased a commercial version and have a valid maintenance contract. Quest Support provides around-the-clock coverage with SupportLink, our Web self-service. Visit SupportLink at https://support.quest.com. SupportLink gives users of Quest Software products the ability to: • Search Quest’s online Knowledgebase • Download the latest releases, documentation and patches for Quest products • Log support cases • Manage existing support cases View the Global Support Guide for a detailed explanation of support programs, online services, contact information and policies and procedures.
5 Polaris Way, Aliso Viejo, CA 92656 | PHONE 800.306.9329 | WEB www.quest.com | EMAIL
[email protected]
If you are located outside North America, you can find local office information on our Web site. © 2011 Quest Software, Inc. ALL RIGHTS RESERVED. Quest, Quest Software, the Quest Software logo are registered trademarks of Quest Software, Inc. in the U.S.A. and/or other countries. All other trademarks and registered trademarks are property of their respective owners. TBW_SecureEfficientLogMngmt_US_EC_20110308