What data are we uploading?
The Spotlight Cloud Diagnostic Server collects system configuration and performance metrics from monitored connections in your Spotlight environment and then periodically uploads that data to SpotlightCloud.io. From the uploaded data and subsequent analysis SpotlightCloud.io is able to generate a picture of your system’s health and performance. The actual source of the data is documented below in Appendix A.
Executed SQL and the query plans used to execute the SQL may contain fragments of data by way of string literals. At request, we replace string and numeric literals to prevent any accidental/unexpected upload of sensitive data. Read more here.
How is customer data transferred from the Spotlight Cloud Diagnostic Server application to the cloud?
When data is uploaded to spotlight cloud, from the Spotlight Cloud Diagnostic Server application, it is sent via https to a cloud-based service running in Microsoft Azure. The low-level security protocols utilized during the data-transfer will depend on the client and the server.
Where is customer data stored?
As of April 2018, all data is uploaded to Azure datacenters in North America. The datacenters utilized include: North Central US, South Central US, West Central US, East US 2 and West US 2.
Data is encrypted at rest based on Microsoft Azure Storage Service Encryption.
How long is customer data kept?
Data uploaded to Spotlight Cloud is kept indefinitely. However, we make no promises about how long we’ll keep customers’ data. Quest may purge ‘old data’ in order to keep our financial costs under control.
How does Quest protect Personally Identifiable Information (PII)?
String and numeric literals may contain sensitive or Personally Identifiable Information (PII). Before transferring data to the Spotlight Cloud environment, Quest replaces all string and numeric literals in SQL statements and queries with placeholder data. The placeholder data has no reference to the original data, cannot be reversed into the original data and has no association with the original data.
For more information please refer to
How are users authenticated on the Spotlight Clients (Web, Mobile, Spot-X, DS-Configuration Tool)?
- Standards based authentication protocol OIDC.
- Claim based secured and signed authentication token
Where can I find security and compliance information on the Windows Azure Platform?
The best place to go is the Windows Azure site itself.
Appendix A
The following data is collected from monitored connections by the Spotlight Cloud Diagnostic Server. It is uploaded as a JSON.
- sys.databases
- sys.dm_exec_sessions
- sys.dm_exec_connections
- sys.dm_exec_requests
- sys.dm_exec_cached_plans
- sys.dm_os_sys_info
- sys.dm_os_host_info
- sys.dm_os_wndows_info
- sys.configurations
- sys.master_files
- sys.dm_db_missing_index_groups
- sys.dm_db_missing_index_group_stats
- sys.dm_db_missing_index_details
- sys.dm_os_process_memory
- sys.dm_os_sys_memory
- sys.dm_exec_query_stats
- sys.dm_exec_sql_text
- sys.dm_exec_query_plan
- sys.dm_io_virtual_file_stats
- sys.dm_os_wait_stats
- msdb.dbo.sysjobs
- msdb.dbo.sysjobshistory
- msdb.dbo.sysjobsactivity
- msdb.dbo.sysalerts
- msdb.dbo.backupmediafamily
- msdb.dbo.backupset
- msdb.dbo.log_shipping_monitor_history_detail
- msdb.dbo.log_shipping_primary_databases
- msdb.dbo.log_shipping_secondary
- msdb.dbo.log_shipping_monitor_error
- msdb.dbo.log_shipping_primary_secondaries
- sys.database_mirroring
- sys.dm_server_services
- tempdb.sys.dm_db_session_space_usage
- tempdb.sys.dm_db_task_space_usage
- sys.dm_tran_active_snapshot_database_transactions
- sys.dm_db_index_physical_stats
- sys.dm_os_performance_counters
- sys.dm_exec_procedure_stats
- sys.fulltext_catalogs
- sys.dm_hadr_availability_group_states
- sys.availability_group_listeners
- sys.availability_replicas
- sys.dm_hadr_cluster
- sys.dm_hadr_cluster_members
- sys.dm_hadr_database_replica_states
- sys.dm_hadr_database_replica_cluster_states
- sys.sysusers
- hasdbaccess for user “guest” only
- sys.xp_msver
- <database>.sys.allocation_units
- <database>.sys.database_files
- <database>.sys.data_spaces
- <database>.sys.dm_db_index_usage_stats
- <database>.sys.dm_db_partition_stats
- <database>.sys.partitions
- <database>.sys.filegroups
- <database>.sys.internal_tables
- <database>.sys.objects
- <database>.sys.dm_db_xtp_table_memory_stats
- <database>.sys.index_columns
- <database>.sys.indexes
- <database>.sys.columns
- <database>.sys.schemas
- <database>.sys.database_principals