TECHNICAL BRIEF

Secure and Efficient Log Management with

Quest® OnDemand

Technical Brief: Secure and Efficient Log Management with Quest® OnDemand 1

© 2011 Quest Software, Inc.

ALL RIGHTS RESERVED.

This document contains proprietary information protected by copyright. No part of this document may be

reproduced or transmitted in any form or by any means, electronic or mechanical, including photocopying

and recording for any purpose without the written permission of Quest Software, Inc. (―Quest‖).

The information in this document is provided in connection with Quest products. No license, express or

implied, by estoppel or otherwise, to any intellectual property right is granted by this document or in

connection with the sale of Quest products. EXCEPT AS SET FORTH IN QUEST'S TERMS AND

CONDITIONS AS SPECIFIED IN THE LICENSE AGREEMENT FOR THIS PRODUCT, QUEST

ASSUMES NO LIABILITY WHATSOEVER AND DISCLAIMS ANY EXPRESS, IMPLIED OR

STATUTORY WARRANTY RELATING TO ITS PRODUCTS INCLUDING, BUT NOT LIMITED TO, THE

IMPLIED WARRANTY OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, OR NON-

INFRINGEMENT. IN NO EVENT SHALL QUEST BE LIABLE FOR ANY DIRECT, INDIRECT,

CONSEQUENTIAL, PUNITIVE, SPECIAL OR INCIDENTAL DAMAGES (INCLUDING, WITHOUT

LIMITATION, DAMAGES FOR LOSS OF PROFITS, BUSINESS INTERRUPTION OR LOSS OF

INFORMATION) ARISING OUT OF THE USE OR INABILITY TO USE THIS DOCUMENT, EVEN IF

QUEST HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. Quest makes no

representations or warranties with respect to the accuracy or completeness of the contents of this

document and reserves the right to make changes to specifications and product descriptions at any time

without notice. Quest does not make any commitment to update the information contained in this

document.

If you have any questions regarding your potential use of this material, contact:

Quest Software World Headquarters

LEGAL Dept

5 Polaris Way

Aliso Viejo, CA 92656

www.quest.com

E-mail: legal@quest.com

Refer to our Web site for regional and international office information.

Trademarks Quest, Quest Software, the Quest Software logo, AccessManager, ActiveRoles, Aelita, Akonix,

AppAssure, Benchmark Factory, Big Brother, BridgeAccess, BridgeAutoEscalate, BridgeSearch,

BridgeTrak, BusinessInsight, ChangeAuditor, ChangeManager, Defender, DeployDirector, Desktop

Authority, DirectoryAnalyzer, DirectoryTroubleshooter, DS Analyzer, DS Expert, Foglight, GPOADmin,

Help Desk Authority, Imceda, IntelliProfile, InTrust, Invirtus, iToken, I/Watch, JClass, Jint, JProbe,

LeccoTech, LiteSpeed, LiveReorg, LogADmin, MessageStats, Monosphere, MultSess, NBSpool,

NetBase, NetControl, Npulse, NetPro, PassGo, PerformaSure, Point,Click,Done!, PowerGUI, Quest

Central, Quest vToolkit, Quest vWorkSpace, ReportADmin, RestoreADmin, ScriptLogic, Security Lifecycle

Map, SelfServiceADmin, SharePlex, Sitraka, SmartAlarm, Spotlight, SQL Navigator, SQL Watch, SQLab,

Stat, StealthCollect, Storage Horizon, Tag and Follow, Toad, T.O.A.D., Toad World, vAutomator,

vControl, vConverter, vFoglight, vOptimizer, vRanger, Vintela, Virtual DBA, VizionCore, Vizioncore

vAutomation Suite, Vizioncore vBackup, Vizioncore vEssentials, Vizioncore vMigrator, Vizioncore

vReplicator, WebDefender, Webthority, Xaffire, and XRT are trademarks and registered trademarks of

Quest Software, Inc in the United States of America and other countries. Other trademarks and registered

trademarks used in this guide are property of their respective owners.

Technical Brief: Secure and Efficient Log Management with Quest® OnDemand 2

Contents Abstract ......................................................................................................................................................... 3

Introduction.................................................................................................................................................... 4

Quest OnDemand vs. On-Premises: Choosing the Right Solution............................................................... 5

About Quest OnDemand ........................................................................................................................... 5

Benefits of Quest OnDemand .................................................................................................................... 5

Auto-deploy ............................................................................................................................................ 5

Auto-update ........................................................................................................................................... 5

What about Security?................................................................................................................................. 6

OnDemand Log Management ....................................................................................................................... 7

Installing and Configuring OnDemand Log Management.......................................................................... 7

Using OnDemand Log Management ......................................................................................................... 9

Secure and Automated Event Monitoring in Real Time ......................................................................... 9

Reviewing Key Log Management Information ....................................................................................... 9

Pre-defined Event Searches ................................................................................................................ 10

Customize Your Search ....................................................................................................................... 10

Reporting ............................................................................................................................................. 11

Alerting ................................................................................................................................................. 12

Conclusion................................................................................................................................................... 13

For More Information ................................................................................................................................... 14

Technical Brief: Secure and Efficient Log Management with Quest® OnDemand 3

Abstract Small- to medium-size businesses can realize significant benefits by using Quest OnDemand, Quest’s

cloud-based IT management solutions. Quest OnDemand solutions securely provide Windows

management services on a pay-as-you-go basis without requiring traditional on-premises deployment or

maintenance – simply download a small agent to your existing infrastructure and you’re ready to go.

This technical brief explains the benefits and security of the Quest OnDemand solutions, and then details

how to install, configure and use OnDemand Log Management.

Technical Brief: Secure and Efficient Log Management with Quest® OnDemand 4

Introduction Managing the IT network of a small- to medium-size business (SMB) with a limited budget is

challenging—and critical. Because many system tools and applications depend on the Windows

infrastructure, even an hour of system downtime can have disastrous consequences on the company’s

productivity and bottom line.

Quest Software’s OnDemand solutions provide the SMB with an affordable alternative that simplifies IT

management, reduces staffing costs, and improves system performance. OnDemand solutions do not

require traditional on-premises deployment or maintenance and are designed to ensure 24x7 availability.

This technical brief explains the benefits and security of the Quest OnDemand solutions, and then

describes installing, configuring and using OnDemand Log Management.

Technical Brief: Secure and Efficient Log Management with Quest® OnDemand 5

Quest OnDemand vs. On-Premises: Choosing the Right Solution About Quest OnDemand Quest OnDemand solutions enable you to focus on your core business rather than devoting your time

and resources to managing your infrastructure. For organizations that have made the strategic decision to

manage all or part of their Windows environments with cloud-based services, adopting an SaaS strategy

provides important security and management capabilities while eliminating application maintenance and

minimizing upfront costs.

Benefits of Quest OnDemand With Quest OnDemand solutions, you can spend less time and budget managing your Windows infrastructure. OnDemand solutions seamlessly and securely provide the solutions you need with flexible subscription-based pricing, enabling you to affordably spread your investment over time. There are significant benefits to using the Quest OnDemand solutions:

Auto-deploy Quest OnDemand solutions use a web-based delivery method. A small agent is automatically deployed; there is no need to download or install any software. This simple deployment process ensures that your solutions are quickly implemented and available for use, providing you with a fast ROI. OnDemand solutions are scalable to any size environment.

Auto-update New functionality, updates and bug fixes are deployed automatically – you no longer have to install updates or patches.

Single Point of Access Registering for a Quest OnDemand solution is fast and easy and all solutions can be accessed from a single portal. Quest OnDemand solutions also provide role and permissions management, enabling you to delegate access to both internal and external users.

Security Assurance OnDemand solutions use encryption and SAML-based security access controls to ensure your data is protected in transit and at rest. The solutions also use the Windows Identity Foundation (WIF) for identity management, authentication and authorization, and your data is securely stored on the Windows Azure platform.

Remote Access OnDemand solutions are accessible anytime, from any location, with a supported web browser.

Predictable Costs Subscription-based pricing enables you to immediately access the solution you need, while spreading your investment over time. For more information on choosing the right solution, read the white paper, The

Business Case for Software as a Service, written by Microsoft MVP Don Jones.

Technical Brief: Secure and Efficient Log Management with Quest® OnDemand 6

What about Security? Some organizations may be concerned about the security of data stored in the cloud, but in reality

security is a major reason why they should consider moving to the cloud. Data hosted in the cloud with

Quest OnDemand solutions has a very high level of security:

Security of data in transit – Data stored using a Quest OnDemand solution is transferred to a

Microsoft Azure data center using SSL encryption.

Security of data in storage – After transit, your data is stored in a separate data container

protected with a SAML-based access control system.

Security of the physical data center – The physical data center is subjected to stringent

security requirements and must pass regular audits and certifications, including SAS 70 Type I

and Type II as well as ISO/IEC 27001:2005.

Quest OnDemand’s data security is illustrated in Figure 1:

Figure 1. The transfer and storage of company data from the company’s workstation

to the Quest OnDemand service using Microsoft’s Azure platform

For more information about security, read the white paper, Addressing Security and Data Ownership

Issues when Choosing a SaaS Provider, written by Microsoft MVP Greg Shields.

Technical Brief: Secure and Efficient Log Management with Quest® OnDemand 7

OnDemand Log Management Meeting IT compliance and security auditing requirements means reporting on user activity on the

network—often to multiple stakeholders with disparate reporting requirements. In order to deliver these

audit reports, organizations must collect, store and report on data in Windows event logs. This is

challenging for understaffed IT departments in small- and medium-size businesses, where IT

professionals may have to wear many hats at once. On-premises log management solutions can be

expensive to support and maintain, with ever-growing hardware and storage requirements. The IT staff

must provide backup and recovery, manage patches, and install and maintain antivirus software and

updates.

Administrators in SMBs need an automated, flexible and secure solution without the overhead of

traditional on-premises deployment and maintenance.

Installing and Configuring OnDemand Log Management In a short process, you can download and deploy the OnDemand agent in your Windows environment.

You need to grant the agent administrative rights so that it can collect the event logs.

You can opt to install additional agent modules that provide extended auditing of user access to critical

infrastructure resources such as Active Directory and File Systems.

Figure 2. You can install extended auditing for Active Directory and File Systems

Technical Brief: Secure and Efficient Log Management with Quest® OnDemand 8

Once the agent is in place, you select the type of event logs you want to collect:

Figure 3. Choose which event logs to collect

The log data is streamed securely via SSL transfer to your company’s specific compartment in the

Microsoft Azure data center. You are the only one who will have the ability to access or grant others

access to this data.

Technical Brief: Secure and Efficient Log Management with Quest® OnDemand 9

Using OnDemand Log Management

Secure and Automated Event Monitoring in Real Time Quest OnDemand Log Management monitors events in real time, enabling you to respond immediately to

problems and ensuring adherence to compliance regulations. All collected events are stored in a secure

OnDemand repository, reducing the volume of event log storage needed on premises. And since Quest

OnDemand Log Management automates the collection of event logs, administrators are available for

more strategic projects.

Reviewing Key Log Management Information You can get an overview of key log management statistics from the home page dashboard:

Figure 4. The OnDemand Log Management home page provides key event statistics at a glance

Technical Brief: Secure and Efficient Log Management with Quest® OnDemand 10

Pre-defined Event Searches Just click on one of the pre-defined searches and start your investigation with only events you need:

Figure 5. Pre-defined searches let you quickly start the investigation

Customize Your Search Tune your search by simply typing words or phrases you’re looking for, or by applying easy to use filters

to selected event columns like the user name or event ID:

Figure 6. Searching for a specific event is quick and easy

Technical Brief: Secure and Efficient Log Management with Quest® OnDemand 11

Reporting Any search that you created can be easily exported to several output formats including those supported

by many applications, CSV files and printer-friendly PDF documents:

Figure 7. Results of any search can be exported to a variety of file formats

The resulting reports can be handed over to external or internal auditors as a proof of compliance to

requirements imposed by various IT affecting regulations like PCI, DSS, SOX, HIPAA and others:

Figure 8. Reports can serve as an evidence of compliance with internal policies or external regulations

Technical Brief: Secure and Efficient Log Management with Quest® OnDemand 12

Alerting Just like with reports, you can easily turn any search to an alert to be delivered to the inbox of the

designated administrator every time the event you deemed important is detected by OnDemand Log

Management on any of the monitored computers:

Figure 9. Recieve email alerts as critical events happen

Technical Brief: Secure and Efficient Log Management with Quest® OnDemand 13

Conclusion Every organization, large or small, needs to collect, store, report and alert on event data. On-premises log

management solutions may work well for large organizations with extensive IT staffs and budgets, but

small- to medium-size businesses often do not have those resources. To help, Quest offers cloud-based

IT management solutions that securely provide Windows management services on a pay-as-you-go basis

without requiring traditional on-premises deployment or maintenance.

Quest OnDemand Log Management frees your organization from the cost and complexity of managing

log storage by storing your event log data in a secure repository off-site. OnDemand Log Management

also automates the collection of event logs and monitors events in real time, enabling you to reduce on-

site administrative work by enabling you to respond immediately to problems and comply with internal

policies and external regulations.

Technical Brief: Secure and Efficient Log Management with Quest® OnDemand 14

For More Information To learn more about Quest OnDemand Log Management or to sign up for a free 30-day trial, please visit

www.quest.com/ondemand.

5 Polaris Way, Aliso Viejo, CA 92656 | PHONE 800.306.9329 | WEB www.quest.com | EMAIL sales@quest.com

If you are located outside North America, you can find local office information on our Web site.

TECHNICAL BRIEF

About Quest Software, Inc.

Quest Software (Nasdaq: QSFT) simplifies and reduces the cost of managing IT for more

than 100,000 customers worldwide. Our innovative solutions make solving the toughest IT

management problems easier, enabling customers to save time and money across physical,

virtual and cloud environments. For more information about Quest solutions for application

management, database management, Windows management, virtualization management

and IT management, go to www.quest.com.

Contacting Quest Software

PHONE 800.306.9329 (United States and Canada)

If you are located outside North America, you can find your

local office information on our Web site.

EMAIL sales@quest.com

MAIL Quest Software, Inc.

World Headquarters

5 Polaris Way

Aliso Viejo, CA 92656

USA

Contacting Quest Support

Quest Support is available to customers who have a trial version of a Quest product or who

have purchased a commercial version and have a valid maintenance contract.

Quest Support provides around-the-clock coverage with SupportLink, our Web self-service.

Visit SupportLink at https://support.quest.com.

SupportLink gives users of Quest Software products the ability to:

• Search Quest’s online Knowledgebase

• Download the latest releases, documentation and patches for Quest products

• Log support cases

• Manage existing support cases

View the Global Support Guide for a detailed explanation of support programs, online services,

contact information and policies and procedures.

© 2011 Quest Software, Inc. ALL RIGHTS RESERVED.

Quest, Quest Software, the Quest Software logo are registered trademarks of Quest Software, Inc. in the U.S.A. and/or other countries. All other trademarks and registered trademarks are property of their respective owners. TBW_SecureEfficientLogMngmt_US_EC_20110308