What data are we uploading?

The Spotlight Cloud Diagnostic Server collects system configuration and performance metrics from monitored connections in your Spotlight environment and then periodically uploads that data to SpotlightCloud.io. From the uploaded data and subsequent analysis SpotlightCloud.io is able to generate a picture of your system’s health and performance. The actual source of the data is documented below in Appendix A.

Executed SQL and the query plans used to execute the SQL may contain fragments of data by way of string literals. At request, we replace string and numeric literals to prevent any accidental/unexpected upload of sensitive data. Read more here.

How is customer data transferred from the Spotlight Cloud Diagnostic Server application to the cloud?

When data is uploaded to spotlight cloud, from the Spotlight Cloud Diagnostic Server application, it is sent via https to a cloud-based service running in Microsoft Azure. The low-level security protocols utilized during the data-transfer will depend on the client and the server.

Where is customer data stored?

As of April 2018, all data is uploaded to Azure datacenters in North America. The datacenters utilized include: North Central US, South Central US, West Central US, East US 2 and West US 2.

Data is encrypted at rest based on Microsoft Azure Storage Service Encryption.

How long is customer data kept?

Data uploaded to Spotlight Cloud is kept indefinitely. However, we make no promises about how long we’ll keep customers’ data. Quest may purge ‘old data’ in order to keep our financial costs under control.

How does Quest protect Personally Identifiable Information (PII)?

String and numeric literals may contain sensitive or Personally Identifiable Information (PII). Before transferring data to the Spotlight Cloud environment, Quest replaces all string and numeric literals in SQL statements and queries with placeholder data. The placeholder data has no reference to the original data, cannot be reversed into the original data and has no association with the original data.

For more information please refer to

How are users authenticated on the Spotlight Clients (Web, Mobile, Spot-X, DS-Configuration Tool)?

  • Standards based authentication protocol OIDC.
  • Claim based secured and signed authentication token

Where can I find security and compliance information on the Windows Azure Platform?

The best place to go is the Windows Azure site itself.

Appendix A

The following data is collected from monitored connections by the Spotlight Cloud Diagnostic Server. It is uploaded as a JSON.

  1. sys.databases
  2. sys.dm_exec_sessions
  3. sys.dm_exec_connections
  4. sys.dm_exec_requests
  5. sys.dm_exec_cached_plans
  6. sys.dm_os_sys_info
  7. sys.dm_os_host_info
  8. sys.dm_os_wndows_info
  9. sys.configurations
  10. sys.master_files
  11. sys.dm_db_missing_index_groups
  12. sys.dm_db_missing_index_group_stats
  13. sys.dm_db_missing_index_details
  14. sys.dm_os_process_memory
  15. sys.dm_os_sys_memory
  16. sys.dm_exec_query_stats
  17. sys.dm_exec_sql_text
  18. sys.dm_exec_query_plan
  19. sys.dm_io_virtual_file_stats
  20. sys.dm_os_wait_stats
  21. msdb.dbo.sysjobs
  22. msdb.dbo.sysjobshistory
  23. msdb.dbo.sysjobsactivity
  24. msdb.dbo.sysalerts
  25. msdb.dbo.backupmediafamily
  26. msdb.dbo.backupset
  27. msdb.dbo.log_shipping_monitor_history_detail
  28. msdb.dbo.log_shipping_primary_databases
  29. msdb.dbo.log_shipping_secondary
  30. msdb.dbo.log_shipping_monitor_error
  31. msdb.dbo.log_shipping_primary_secondaries
  32. sys.database_mirroring
  33. sys.dm_server_services
  34. tempdb.sys.dm_db_session_space_usage
  35. tempdb.sys.dm_db_task_space_usage
  36. sys.dm_tran_active_snapshot_database_transactions
  37. sys.dm_db_index_physical_stats
  38. sys.dm_os_performance_counters
  39. sys.dm_exec_procedure_stats
  40. sys.fulltext_catalogs
  41. sys.dm_hadr_availability_group_states
  42. sys.availability_group_listeners
  43. sys.availability_replicas
  44. sys.dm_hadr_cluster
  45. sys.dm_hadr_cluster_members
  46. sys.dm_hadr_database_replica_states
  47. sys.dm_hadr_database_replica_cluster_states
  48. sys.sysusers
    1. hasdbaccess for user “guest” only
  49. sys.xp_msver
  50. <database>.sys.allocation_units
  51. <database>.sys.database_files
  52. <database>.sys.data_spaces
  53. <database>.sys.dm_db_index_usage_stats
  54. <database>.sys.dm_db_partition_stats
  55. <database>.sys.partitions
  56. <database>.sys.filegroups
  57. <database>.sys.internal_tables
  58. <database>.sys.objects
  59. <database>.sys.dm_db_xtp_table_memory_stats
  60. <database>.sys.index_columns
  61. <database>.sys.indexes
  62. <database>.sys.columns
  63. <database>.sys.schemas
  64. <database>.sys.database_principals