Dossier: Security Overview

Briefing to understand security implemented while collecting and processing performance metrics

The integrity of the Dossier collector, security of the End User environment, and protection of End User data are issues of paramount
concern in all elements of design of the Live Optics application. Security overrides all other concerns. As an example, many frequently
requested usability features have been rejected, as such features would compromise our strict security requirements.

Live Optics security areas can be divided into the following categories:

- Collector Integrity
- Collector Information-Gathering Protocols
- Dossier file security
- Live Optics Web Application Security

Security begins with the Dossier collector. This section covers security issues pertaining
directly to the Dossier collector.

Collector Integrity

The Dossier collector is a Mircrosoft® .NET executable for the Microsoft® Windows platform. This executable runs in End User environ-
ments. Guaranteeing the integrity of this collector is of critical concern.

The Dossier collector download occurs from a login-protected, HTTPS (SSL) download link. By downloading the collectors directly,
users know they are getting the collector directly from Dell. The collector is digitally signed by Dell using the Microsoft® Authenticode
signature protocol.

Collector Information-Gathering Protocols

The Dossier collector gathers some basic information about the host server where it executes, such as the operating system version,
hostname, and domain. The primary activity of a Dossier scan involves walking the file system. Dossier opens files, examines their
meta-data (last accessed, last written, created date, etc). Dossier also stores and tracks the most commonly encountered file system
extensions. Actual file names are not recorded, and only the root path of each file system to be scanned is recorded. Individual sub
directory names are not recorded.

Optionally, Dossier in some cases reads small portions of a small sampling of files to test the compressibility and de-dup potential of a
file. This data is read and run through either the compression or the
de-dup algorithms built into the collector. No portion of the file data or even any
derivation of the file data (such as a secure hash) is ever recorded in the resulting In This Briefing
Dossier data file.
• Collector Security

• Protocols Used

• Securing the Online

Analytics Portal
Security: continued
Live Optics SIOKIT File Security

Dossier files are encrypted with 2048 bit RSA and 256-AES keys. The private keys are secured within the Dell datacenter. The public keys
are embedded into the collector.

Live Optics Web Application Security

The Live Optics web application was designed following the strict Dell guidelines and has been scrutinized by both the internal Dell Security
Team as well as outside security experts.

Access to the site is via the secure and encrypted HTTPS framework. Latest security patches are routinely applied to all Dell servers.

While we do not disclose the design of our environment, the Live Optics datacenter consists of multiple layers of firewalled servers and
communication frameworks. Data is securely stored behind numerous firewalled networks.

Dell Security policy prevents us from listing the exact methods we use to secure the site, but we can disclose that the Dell Security team
routinely runs numerous leading 3rd party security applications that scan both the site and source code for vulnerabilities.

A review of security measures implemented in Live Optics

Security: continued

Data Gathered by Live Optics

The collectors gather information about each host

system that they monitor:

• Operating System and version

• Hostname

• Domain Name of the server

• Date and time

• Telemetric information on how long it took for the Dossier

scan to run

• Number of files

• Number of files of certain size categories

• Number of compressed files

• Number of compressed files of certain size categories

• Total size of files

• Total size of compressed files

• Total size of files that matched known file extensions

• List of top file extensions by size

A review of security measures implemented in Live Optics

Understanding more about Live Optics Contact Us
Our contact information can be found on the right in the blue column!
The Live Optics team can
be contacted at the
The Live Optics site is located at http://LiveOptics.com
following address:
The Live Optics support site is located at https://support.LiveOptics.com or by emailing
support@LiveOptics.com
support@LiveOptics.com
@runLiveOptics
The Live Optics support site also has a vast library of other insightful attributes of Live
Optics and can be located here: YouTube.com/LiveOptics

https://support.LiveOptics.com General Manager:

Sam Kirchoff