This is the documentation for a previous version of our product. Click here to see the latest version.

Security

The appliance is designed to be installed within your own security perimeter. It has its own firewall installed to only allow ingress to ports that are required for its management, monitoring and Speech APIs.

Overview

The appliance uses a microservices architecture running on a customized Ubuntu machine. AppArmor default security policies are used to protect the OS and running applications on the appliance.

Data on the appliance (including audio and video data that is submitted via the Speech API, logs, and output transcripts) are encrypted on disk.

Firewall Ports

There are several firewall rules that may need to be enabled to ensure the communication can be made to the virtual appliance:

  • 8080/TCP - Used for the Management API to manage the virtual appliance
  • 3000/TCP - Monitoring (Glances)
  • 8082/TCP - REST Speech API for submitting jobs (batch ASR)
  • 9000/TCP - Websocket Speech API for real-time ASR

Securing your Deployment

The Websocket Speech API for real-time uses the secure wss protocol (using a self-signed certificate). However, access to the Management API, Monitoring API (Glances) and Speech API is not secured (http only), and no authorization tokens or passwords are required for access to the APIs. It is therefore up to the customer to deploy the appliance behind a load balancer or gateway that can provide those features if you need them. This is especially important if you are intending to deploy your appliances onto a public cloud (for example as an Amazon EC2 instance).