Dr. Migrate Documentation
DMC
Deployment and Setup
Security and Credential Management

Security and Credential Management

Security is central to DMC’s design. This section details how credentials, data, and execution processes are handled to minimize risk and ensure full transparency.

Security Summary

Security Focus DMC Approach
Credential Protection Credentials exist only in memory, auto-erased after execution.
Data Security Locally stored, AES-256 encrypted ZIP file.
Access Controls Supports least privilege access for vCenter and guest VMs.
Customer Transparency Provides full command list for review before upload.
No External Transmission No automatic cloud upload—customer controls data sharing.

Credential Handling

DMC requires temporary admin credentials to access vCenter and guest VMs. However, all credentials are handled securely and never persist beyond execution.

How Credentials Are Managed Securely

Security Aspect DMC Implementation
Storage of Credentials Credentials are only stored in memory
Persistence Credentials are immediately erased when DMC terminates.
Logging No sensitive information (usernames/passwords) is logged.
ℹ️
Key Security Feature: Credentials are never stored in files or databases—they exist only for the duration of execution.

Data Security & Encryption

All collected data is stored locally on the Windows jump box and is never transmitted externally automatically.

Encryption Process

  • Data is stored in a password-protected ZIP file.
  • AES-256 encryption secures all collected information.
  • Customers receive a private decryption key for validation before upload.

Data Storage and Transmission Controls

Security Aspect DMC Implementation
Data Storage Location Encrypted ZIP file on the Windows jump box.
Data Transmission No automatic data transfer—manual review and upload required.
External Network Communication DMC has no outbound connections beyond the customer’s network.

Customer Transparency: Reviewing Commands

DMC offers full visibility into all commands executed on guest VMs to support trust and accountability.

  • The complete list of command-line queries is available on the Captured Metrics page.
  • Verbose logging is enabled by default, allowing customers to trace every command run during collection.
  • Customers can review scan output locally to verify that collected metrics align with documented behavior and scope.

Next Steps

Review Metrics
View detailed metrics collected from your environment
 Upload Results
Learn how to securely upload your scan results
System & Access Requirements