The appliance is designed to be installed within your own security perimeter. It has its own firewall installed to only allow ingress to ports that are required for its management, monitoring and Speech APIs.
The appliance uses a microservices architecture running on a customized Ubuntu machine. AppArmor default security policies are used to protect the OS and running applications on the appliance.
Data on the appliance (including audio and video data that is submitted via the Speech API, logs, and output transcripts) are encrypted on disk.
There are several firewall rules that may need to be enabled to ensure the communication can be made to the virtual appliance:
The Websocket Speech API for real-time uses the secure wss
protocol (using a self-signed certificate). However, access to the Management API, Monitoring API (Glances) and Speech API is not secured (http
only), and no authorization tokens or passwords are required for access to the APIs. It is therefore up to the customer to deploy the appliance behind a load balancer or gateway that can provide those features if you need them. This is especially important if you are intending to deploy your appliances onto a public cloud (for example as an Amazon EC2 instance).