Posts Tagged ‘Quest OnDemand

Cloud-based AD backup and recovery service – Quest OnDemand Recovery – just got updated allowing among other things to easily locate the whole change history for a given account throughout the whole backup history, and roll the object back to any particular moment in time.

The new feature is available right from the main screen. Simply search for the user account:

Select the moment in time for this AD object:

Click Finish and the object will get back to the selected time in the past!

This new feature was introduced earlier this week and is now available to all OnDemand Recovery customers (the beauty of the cloud!).

If you have not tried this service, there is a free 30 day trial available here. (Full disclosure: I work for Quest Software and am involved in the project.)


Now that our services for IT Pros: OnDemand Recovery for Active Directory and OnDemand Log Management – have been out for a couple of months, got their first customers, and demonstrated (knock on wood) 100% uptime, it seems to be the right time to start collecting feedback and give back some prizes.

This is exactly what we are going to be doing from now till the end of October 2010. All you need to do is:

  1. Start your free trial of either of the services.
  2. When you have enough feedback, fill out a quick evaluation survey.
  3. Get your $50 Amazon certificate and (if you are among the the two users who provide the most detailed feedback) iPad!

Try one of our OnDemand IT management services, complete a survey, and win a prize

The prizes should make evaluation more fun, and the survey results will help us make the services even better.

Go to this page to learn more, sign up for the services, and submit your feedback to get the prize.

The official Windows Live ID logo. Opaque back...

One of the leading providers of IT management SaaSQuest OnDemand – has decided to stop using federation with Live ID as its main user authentication method and switched to simple email address/password way.

In the age of everyone trying to federate with everyone else this move seems to be going into the opposite direction. It turned out that in this particular case – IT professionals signing up for a service – found having to use a third-party identity to be not intuitive and had privacy concerns about the same identity being used for different levels of access to various services from different vendors.

Let’s have a look at what was the rationale behind choosing Live ID initially and then abandoning it. I hope that these lessons learnt will help more thoughtful discussion of when and what kind of federation is the right one to use as opposed to someone one-sided perspective the industry seems to have at the moment.

Why Live ID?

Quest OnDemand is a set of online services for Windows IT professionals. The services currently available include eventlog management and AD backup and recovery. Considering that these are primarily used by IT professionals in the Microsoft world, and that Microsoft uses Live ID (also known as Microsoft Passport or MSN Passport) as a way to authenticate for all Microsoft’s services, it made total sense to let users sign into the new service with their existing Live ID accounts instead of making them register new ones.

When we launched Quest OnDemand in June 2010, anyone interested in any of its services could just come to and sign in with Live ID credentials.

What went wrong?

Once we launched we got overwhelmed by our users telling us how confused and frustrated they were.

The complaints seemed to fall into a few categories:

Confusion about Live ID

Surprisingly enough, a lot of people don’t realize that Live ID is an authentication system which can be used across other web properties from various companies. A lot of people don’t know that what they are using to post to Microsoft’s forums or access their hotmail account is indeed Windows Live ID.

Users signing up or deciding to try a service from your company want that to be a business between them and your company, and are not expecting a third party to get into the mix.

Broken workflow

User experience suffered from users being taken away to another site with different look and feel during their registration process. When user already had a Live ID and used it to sign-in this was not as bad – she was taken back to Quest OnDemand upon authentication. However, if a new ID had to be created user was taken away completely, asked a lot of unrelated questions such as date of birth, and then not brought back to the original site.

If you want your customers to survive your sign-up procedure you need to control the account creation experience – just redirecting them to a third-party site does not work.

Privacy concerns

Even though all Quest OnDemand wanted to know about customers were their Live ID logon names (for example, to be then used as handles for delegation purposes) Live ID in theory holds keys to a lot more data including for example hotmail address book. From the web user interfaces customers could not clearly see that they are not accidentally providing access to their private data and as result did not want to proceed with the delegation.

Using primary ID seems to be a big commitment

Email address is a much smaller commitment for a service sign-up than some sort of credentials you are actively using as your core identity. If I try a service and I don’t like it worst case – the vendor will send me some email from which I will need to unsubscribe. If I share the ID I am actively using it kind of feels like I am committing myself in a bigger way and will not have the flexibility to easily go away, and then maybe come again some other day and so on.

The industry has trained customers to supply email addresses pretty much for any sort of access – now this is what people are expecting to use for sign-ups.

What’s there now?

Starting last Friday, Live ID is gone (obviously with all existing customer profiles and data migrated) and we are back to simple email address and password sign-in process.

The benefit is that although there is indeed yet another password to keep in mind (or to reset every now and then when you forget it), the web site behavior is completely expected and well understood by anyone, and the sign-up process includes way smaller number of steps and is easier to follow.

Is federation dead?

Not at all. There are multiple other cases in which identity federation makes total sense and makes users’ lives easier and solutions more secure. For example, while dropping Live ID, Quest OnDemand still has Active Directory Federation Services (ADFS) authentication option for enterprises federating their local Active Directory with Quest’s cloud. In fact, this is the only way Quest’s own employees (for example, technical support) can log onto Quest OnDemand. In this case, federation has clear advantage because it provides tight access control and ensures that only authorized Quest employees access the service and the access happens under strict corporate control.

There are cases in which federation works great and is the best way to implement user access to your system. There are cases in which it is not. Carefully evaluate your options and find which solutions works best for your customers!

Did you have similar experience on federation either not working or quite opposite solving your problems? If so – please share.

This Monday, August 2nd, 2010 I will be talking about how cloud computing is transforming the Systems Management industry at the Cloud Computing usergroup in Mountain View, CA. Here’s the abstract:

As SaaS and cloud matures and gets wider acceptance it starts affecting new markets and application areas. While more and more widely adopted in consumer space, collaboration, CRM and human resource management, cloud only recently started affecting IT professionals and systems management in general.

Dmitry Sotnikov heads Cloud efforts at one of the biggest IT management software vendors – Quest Software. In this session he will share his views on how cloud is changing enterprise IT and what threats and opportunities he sees for existing IT software vendors, as well as Value-Added Reseller (VAR), Managed Service Provider (MSP) and System Integrator (SI) companies.

Please stop by if you are in the Valley or close. See you on Monday!

Another online service we have just launched for IT professionals is Quest OnDemand Log Management. This is a great service for event log collection, storage and analysis.

1. All you need to do to enable it, is download and install a small event collection agent and select which event logs you want to collect,

2.  The agent then runs, collects, compresses, encrypts and sends the event log data to the OnDemand service in the clouds.

3. Whenever you need to search the event log data, you simply go to the web UI, and have dashboards, reports, and keyword search across all the audit trails collected from all your systems.

And all of this is available for a low $30 per server per month subscription fee.

Check out this video on how the service works:

Read more about the service and start your free 30 day trial here.

Last week was the official commercial launch of Quest OnDemand Recovery for AD – a subscription-based automated service which protects your Active Directory for a small monthly fee.

Changes are good, and Active Directory – as the identity core of most companies’ IT – is always changes. However, sometimes wrong changes happen: accounts or whole containers can get accidentally deleted, or a script can go wild and wipe out a bunch of attributes across a set of accounts (I personally once got affected by such an incident a few years ago).

Quest OnDemand Recovery for AD works as a time machine for your Active Directory:

  1. A small local agent in your network on the schedule you select detects changes in AD, compresses and encrypts them and sends them to a remote datacenter.
  2. Whenever you need to roll back any change, you log on to the web site, browse and search your backups, pick the change you want to undo and click Restore.
  3. The agents gets the changes back and applies them to the local AD.

Watch the quick video here:

There is a free 30 day trial of the service, after which you can keep using it for a small monthly fee (which when I am writing this is just 60 cents per AD user account per month).

You can learn more about this service and sign-up for it here.

Full disclosure: I am personally involved in Quest OnDemand efforts. And very excited about it, I must say. 🙂

Microsoft’s TechNet EDGE posted a video with quite detailed discussion of Systems Management as a Service concept, example of such a service (Quest OnDemand), how it uses Windows Azure as the underlying technology, the security model behind it, and so on. Obviously a demo is in there as well.

Check out the video here.

RSS My company’s main blog

My Recent Tweets



The posts on this blog are provided “as is” with no warranties and confer no rights. The opinions expressed on this site are mine and mine alone, and do not necessarily represent those of my employer Jelastic or anyone else for that matter. All trademarks acknowledged.

© 2008-2012 Dmitry Sotnikov

%d bloggers like this: