Authentication

migVisor Credentials

migVisor credentials are used to keep the process of authentication safe and secure.

Credentials are personal and should never be shared between different users.

The same credentials are used to authenticate users to both mConsole and mMC.

Password Requirements

migVisor passwords are required to meet the following criteria:

Contain 8-32 characters
Include at least one upper-case letter: A-Z
Include at least one lowercase letter: a-z
Include at least one number: 0-9
Include at least one special character: ! @ # $ % ^ & * ( ) - _ = + \ | [ ] { } ; : / ? . > <

Credentials Encryption in Transit

To secure authentication credentials in transit, an SSL profile configuration is used.

Security protocols TLS 1.3 and TLS 1.2 are used for protecting the data as it travels over the internet during read and write operations and during communication between the different migVisor services and source database servers.

Credentials Encryption at Rest

At rest, authentication credentials are encrypted by the application layer and stored in the database.

For mConsole, passwords are encrypted using BCrypt strong salted hashing functions.

mMC stores database access authentication credentials as a local configuration in an encrypted form using AES/ECB/PKCS5Padding cipher objects and padding schemes.

GCP

On top of that, all of migVisor’s storage data is encrypted by Google-managed data encryption keys. GCP keys don’t take part in the encryption of the credentials.

Azure

On top of that, all of migVisor’s storage data is encrypted by Azure-managed data encryption keys. Azure keys don’t take part in the encryption of the credentials.