StratoZone data and security

Frequently asked questions

What type of data does StratoZone collect for the assessment?

StratoZone collects data relating to your IT assets such as capacity, performance, hardware specs, OS information etc. A full list of data collected is shown in Appendix A and Appendix B.

How does StratoZone access data on my IT assets?

StratoZone uses an agentless data collection approach that does not require the installation of agents or appliances. The StratoZone data collector installed within your firewall, accesses the assets or IP ranges you specify remotely using SSH for Linux assets, WMI and WinRM for Windows assets.

Do I have to provide my organization's login credentials to StratoZone?

To conduct an agentless data collection, you will provide credentials to the StratoZone data collector application installed within your firewall, where your credentials are stored encrypted and never transmitted outside your organization or to StratoZone. Credentials are destroyed when you delete the data collector application.

What is the data used for?

The data is used to analyze your IT environment for cloud assessment and planning purposes, including inventory, cloud pricing, dependencies, selection of Google Cloud products, etc. Depending on your continued use of StratoZone, the data may be used to assist you with your cloud-migration. Your data is never sold to any third parties.

Where is my data stored?

The StratoZone platform is hosted in Google Cloud data centers in the United States.

How is my data secured?

Collected data is encrypted (i) in transit to the StratoZone portal using HTTPS using TLS 1.2 or, for the latest version of Windows, TLS 1.3, with RSA Encryption (SHA-256), and (ii) at rest when in the StratoZone platform using RDBMS-level security (AES-256 encryption, SHA256 hash). Sensitive data, such as usernames, passwords, and IP addresses, is encrypted when stored in your local environment (AES256 encryption, HMACSHA1 hash). The StratoZone portal secures your data with industry standard security including HTTPS using TLS 1.2 or 1.3 with RSA Encryption (SHA-256), and requires 2FA.

What operational guidelines does StratoZone comply with?

StratoZone partners and strictly follows Google ECMA guidelines. In partnership with ECMA, StratoZone maintains the following industry certifications: ISO 27001, ISO 27017, ISO 27018, SOC 2, and SOC 3.

Is my data isolated from other customer data?

Your data is logically segmented from other customer data within the StratoZone database. Additionally, there are separate application-level access controls for each customer assessment.

Who has access to my data?

Authorized members of your organization, Google, and any partners that may be engaged to assist you with your assessment or cloud-migration. For more details, see the StratoZone subscription and licensing agreement.

How long is my data retained?

Your data is retained for 60 days after the end of your subscription period (and any subsequent renewals). The subscription period defaults to 3 years. You can request the deletion of your data at any time during the subscription period or the 60 day retention period. StratoZone will comply with this instruction as soon as reasonably practicable, and in compliance with applicable law. For more details, see the StratoZone data policy.

Can I opt out of transmitting sensitive fields to the StratoZone portal?

Yes, you can exclude fields such as IP addresses before this information is sent to the StratoZone portal. You must opt out of sending certain data fields before you set up the collector(s). For more details, see Security levels for collection. Note that these options forfeit some functionality. Notify your Google or Partner engineer accordingly.

Appendix A: Data fields collected by StratoZone

Category	Description
General information	Asset name Domain name Name of a computer manufacturer Model name that a manufacturer gives to a machine Total size of physical memory Number of physical and logical processors Name and speed of each processor available Date and time the operating system was last restarted Version number of the operating system Activation date of the computer Operating system name, vendor, major version, and minor version CPU Architecture (32 or 64bit) vCenter Folder (only applicable for vCenter scans) vCenter Host (only applicable for vCenter scans) VM ID and VM name (only applicable for vCenter scans) VM Power State (only applicable for vCenter scans)
Collector information	StratoProbe collector identity StratoProbe collector group ID StratoProbe collector group name StratoProbe asset ID Asset IP address Asset name StratoProbe collector IP
Installed applications	Application name Version Vendor Installed location Install source Estimated size Actual size Display version Version minor
BIOS	BIOS manufacturer Release date of the BIOS Version of the BIOS including major and minor version
Storage	Disk label Current status Number of partitions on this physical disk Interface type of physical disk Size of the disk drive SCSI bus number and identifier number of the disk drive Interface method with storage system Type of disk used List of storage partitions
Disk partition	Drive letter Partition is the active partition File system on the logical disk Total size and free space size Volume serial number
Network card	Network label Subnet Gateway DNS MAC address DHCP (true/false) FQDN DNS registration and full registration WINS lookup GUID List of IP addresses on the network cards
Process	Process name and description Byte size of memory used for process execution Global process identifier Date the process begins executing Related process ID Path to application executable Installation date Current process status Operating system running the process The order in which the process is scheduled The number of threads devoted to a process
Installed service (Windows only)	Service name Current state Start mode Current status Start name Path of the installed service
Memory usage	Memory system caption Memory system description Memory source name Available memory amount Cache size Maximum cache size Number of cache faults per second Number of bytes currently committed Number of page faults, page reads, and pages viewed per second Number of page-write commands per second Percent of total available bytes committed Total bytes not in use by pages Total bytes in use by pages Total bytes in application Total bytes in driver
CPU usage	CPU name / description Deferred procedure call rate Interrupts Per Second Percent CPU DPC time Percent CPU idle time Percent interrupt time Percent processor time Percent privileged time Percent user time
Network performance	Network framework caption Network framework description Network name Bytes sent and received per second Bytes processed per second Total current network bandwidth Total errors in outbound packets Total packets processed per second Total errors in inbound packets Total packets received per second Total packets sent per second
Disk performance	Disk type caption Disk type description Disk type name Average bytes per read, transfer, and write Average time in seconds per read, transfer, and write Average bytes processed per second Average bytes read per second Average read, transfer, and write commands per second Percent of disk time devoted to read commands Percent of disk time in use Percent of disk time devote to write commands Percent of disk time idle Split IO operations per second Kilobytes read per second Kilobytes written per second
Port data	Associated service name and process ID Initiating port number Receiving port number Protocol name Initiating IP address Receiving IP address Current state
Disk volume (Windows only)	Auto mount Block size Capacity Caption Compressed (true/false) Device ID Dirty bit set Drive letter Drive type Free space Indexing enabled Max filename length Label Quotas enabled Quotas incomplete Quotas building System name Volume serial number Supports disk quotas Supports file-based compression
SQL Server (Windows only, if installed)	Instance ID Version Install path File version REGROOT SKU name Startup parameters Dump directory
SQL Server (Database collection)	SQL Version Stored User SSIS packages Windows SQL login count SQL Server Storage Used Always On Availability Used Windows Failover Cluster Used Databases with DQS Roles, Data Collector Users Databases with Log Shipping Database Mail in Use Databases Using File Table Filestream Groups Used Maintenance Plans Stored Policy Management Policies Enabled External Scripts Enabled (ML/R) Compute Nodes Used (Polybase) Resource Governor Groups SQL Server Audits Server-Level Triggers Service Broker Tasks SQL Endpoints DBs with CDC Enabled CLR Procedures/Functions Used Linked Servers External Access Assemblies
Oracle (Database Collection)	Dbname, DbVersion, Dbsizes, RAC Instances, etc DBID, PDBIDs, PDBNames and Status PDBSize InstanceName, Hostname, etc SegmentType by Owner Compressed Tables By Owner Compressed Tables by CompressionType Used Storage by Owner by SegmentType Tablespaces Parameters and Fragmentation Summary by PDB by Owner of Table Constraints Storage by Tablespace by PDB Data Types by Owner by PDB DBLinkName, HostName by PDB Database Parameters Database Proprietary Features Being Used Database Limits Reached History of Cores Allocated ObjectTypes by Owner by PDB Number of Lines of Code by Type by Owner by PDB PartitionTableType by Owner by PDB IndexType by Owner by PDB Database Stats by Hour by PDB PSU, RUs,RURs Applied in the DB Database Stats by Hour by PDB SQLType Stats Database alert log
MySQL (Database Collection)	Data about bInlog, DB Version, DB type/flavor (eg., MariaDB/Aurora etc), Database directory, List of plugins, List of engines Configuration variables, Number of active connections, Sleeping vs active connections Data about storage Full text indexes, Tables with missing primary keys Tables with partitions Connections by databases, applications and users Stored procedures, functions and definer clauses List of triggers List of events Definer clauses Foreign keys
PostgreSQL (Database Collection)	Db version DB flags List of extensions. Needed for supportability in the destination Tables with missing primary keys Tables with missing primary keys Disk size (used) Users/roles and privileges Users/roles and privileges Statistics about I/O on specific user tables Statistics about access to specific indexes on user tables List of indexes on user tables Listing of all replication slots that currently exist on the database cluster Statistics about the background writer process's activity Information about function and stored procedures Information about function and stored procedures For connected applications
File/Folder name collection (only path collected not contents)	/etc/cassandra/conf/cassandra-env.sh /etc/cassandra/conf/cassandra.yaml /etc/dse/cassandra/cassandra-env.sh /etc/dse/cassandra/cassandra.yaml /etc/hbase/conf/hbase-site.xml /usr/bin/hbase /lib/systemd/system/mariadb.service /usr/lib/systemd/system/mariadb.service /var/log/memcached /data/db /etc/mongod.conf c:\data\db /etc/my.cnf /etc/mysql/my.cnf /lib/systemd/system/mysql.service /usr/lib/systemd/system/mysqld.service /var/lib/mysql c:\program files\mysql\mysqld.exe /usr/sbin/mysqld /etc/postgresql/** /usr/lib/postgresql/* /var/lib/postgresql/** /var/log/postgresql/
GPU information (Linux Only)	PCI BUS Vendor Device Name
GPU performance	Name PCI Bus ID DriverVersion Power State PCIE Link Gen Max PCIE Link Gen Current GPU Temperature GPU Utilization Memory Utilization Memory Total Memory Free Memory Used Power Draw Clock Speed SM Clock Speed Memory Clock Speed Graphics
GPU running process	GPU Name GPU Bus ID GPU Serial # GPU UUID PID Process Name Used Memory

Appendix B: Data and files collected for container fit assessment

For more information about the container fit assessment tool, see About the fit assessment tool.

Windows collection

Category	Description
Commands run	registry::HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\InetStp hostname systeminfo /FO CSV ipconfig /all netstat -r netstat -a -b -n schtasks /query /V /FO CSV msinfo32 reg.exe" "export hklm\system\CurrentControlSet\services $svcRegPath /y Get-WmiObject Win32_OperatingSystem Get-WmiObject Win32_NetworkAdapter Get-WmiObject Win32_ComputerSystem Get-WmiObject Win32_ComputerSystemProduct Get-ChildItem HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall -Recurse -ErrorAction All subkeys in: HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall All subkeys in: HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall echo $PSVersionTable "$AWS_IMDS_BASE_URL/meta-data/$category" "GET" "$GCP_IMDS_BASE_URL/$key" "GET" @{"Metadata-Flavor" = "Google"}
Files collected	C:\Windows\System32\Inetsrv\Config\* C:\Windows\System32\Inetsrv\Config\applicationHost.config C:\Windows\Microsoft.NET\Framework*\v*\Config\*

Linux collection

Category	Description
Commands run	netstat -tlnp ps -o pid,user,%mem,comm,args -e dpkg -l rpm -qa sestatus lsmod systemctl service --status-all lsof /dev / docker ps ip addr ifconfig blkid lsblk --json -p --output NAME,PARTFLAGS,PARTTYPE,UUID,LABEL,FSTYPE
Files collected	/etc/fstab /etc/hosts /etc/resolv.conf /etc/hostname /etc/HOSTNAME /proc/sys/kernel/hostname /etc/issue /etc/*-release /etc/network/interfaces /etc/dhcp/dhclient-up-hooks /etc/NetworkManager/conf.d/* /etc/systemd/resolved.conf /etc/sysconfig/network-scripts/* /etc/sysconfig/network/* /proc/cpuinfo /proc/meminfo /proc/self/mounts /etc/exports /opt/IBM/WebSphere/AppServer/properties/version/installed.xml /opt/IBM/WebSphere/AppServer/properties/version/WAS.product /sys/class/net/*

Appendix C: Commands run by StratoProbe

Windows WMI collection

Category	Description
System information	General information: Win32_ComputerSystem CPU information: Win32_Processor Operating system: Win32_OperatingSystem BIOS information: Win32_BIOS Hard drive information: Win32_DiskDrive Window local volume information: Win32_Volume Network card information: Win32_NetworkAdapterConfiguration Installed software: Win32_Product If the installed software collection fails with Win32_Product, StratoProbe scans the following registry key: \HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ Running services: Win32_Service SQL Server information: SqlServiceAdvancedProperty class in the \root\microsoft\sqlserver\{SQLServerName} namespace (Only when SQL Server Configuration Management is installed) Solution file information: File System StratoProbe also scans for database solutions in the following folders: C:\data\db\ and C:\ProgramData\mysql\
Performance	Disk performance: Win32_PerfFormattedData_PerfDisk_PhysicalDisk Network performance: Win32_PerfFormattedData_TcpIp_NetworkInterface Process performance: Win32_PerfFormattedData_PerfProc_Process CPU information: Win32_PerfFormattedData_PerfOS_Processor RAM information: Win32_PerfFormattedData_PerfOS_Memory GPU Running Performance information: nvidia-smi via WMI (Only when NVIDIA GPU is present) Process Performance information: Win32_PerfFormattedData_PerfProc_Process
Dependency	Running processes: Win32_Process Open ports: netstat –ano via WMI GPU information: Win32_VideoController and Win32_Bus GPU running process information: nvidia-smi via WMI (Only when NVIDIA GPU is present)

Linux SSH collection

Category	Description
System Information	Hostname hostname -s cat/proc/sys/kernel/hostname (alternate method) echo $(hostname) (alternate method) Domain hostname -d cat/proc/sys/kernel/domainname (alternate method) echo $(domainname) (alternate method) awk '/^domain/ {print $2}' /etc/resolv.conf (alternate method) Product name cat /sys/class/dmi/id/product_name CPU information cat /proc/cpuinfo cat /sys/class/dmi/id/sys_vendor arch uname -m (alternate method for arch) Distro information cat /etc/os-release cat /etc/redhat-release cat /etc/system-release cat /etc/issue cat /etc/*-release BIOS information cat /sys/class/dmi/id/bios_date cat /sys/class/dmi/id/bios_version cat /sys/class/dmi/id/bios_vendor cat /sys/class/dmi/id/smbios_version Hard drive information df -T cat/etc/fstab (alternate method for df) env stat -f (alternate method for df) Network card information /sbin/ip addr netstat –nr cat /var/lib/dhclient/dhclient.leases cat /etc/sysconfig/network-scripts/ifcfg-ethX cat /etc/resolv.conf cat /etc/samba/smb.conf cat /sys/class/net/* Solution files /etc/cassandra/conf/cassandra-env.sh /etc/cassandra/conf/cassandra.yaml /etc/dse/cassandra/cassandra-env.sh /etc/dse/cassandra/cassandra.yaml /etc/hbase/conf/hbase-site.xml /usr/bin/hbase/ /lib/systemd/system/mariadb.service /usr/lib/systemd/system/mariadb.service /var/log/memcached.* /data/db/ /etc/mongod.conf /etc/my.cnf /etc/mysql/my.cnf /lib/systemd/system/mysql.service /usr/lib/systemd/system/mysqld.service /var/lib/mysql/ /usr/sbin/mysqld/ /etc/postgresql/*/* /usr/lib/postgresql/* /var/lib/postgresql/*/* /var/log/postgresql/ GPU info lspci -Dm Installed software in production rpm -q -a --qf dpkg -l (alternate method for rpm)
Performance	Disk performance: cat /proc/diskstats Network performance: cat /proc/net/dev CPU information: top -n 1 -b RAM information: top -n 1 -b GPU Performance information: nvidia-smi --query-gpu
Dependency	Running processes: top -n 1 -b GPU running process information: nvidia-smi --query-compute-apps Open ports: netstat -anop ss -utanp (alternate method)