TellusR is committed to maintaining the highest standards of security, ensuring that organizations can deploy and use the system with confidence.
This is an overview of the security measures and considerations implemented in TellusR.
Docker Containerization: TellusR is deployed using Docker containers, allowing for isolated and consistent environments. Each component of TellusR, such as the search engine and the NLP-service, runs in separate containers, minimizing cross-service dependencies and reducing attack surfaces.
Network Segmentation: The Docker containers are networked together within a private, secure network. Public endpoints are only exposed to the local host on port 8900 and are protected with password authentication to control access.
Secure External Access: For external access, it is recommended to secure the server with a firewall and set up a proxy that forwards the TellusR interface to end users via HTTPS. This setup ensures that all communication between end users and the TellusR interface is encrypted and protected from unauthorized access.
TellusR can be installed on the customers preferred cloud- or on prem server. Hence all data will be stored in the customers environment. HTTPS is used to encrypt data transmitted between the TellusR interface and end users, ensuring secure communication and protection against eavesdropping and man-in-the-middle attacks. Regular updates and security patches are provided to address emerging threats and vulnerabilities. In order to access TellusRs chat capabilities, TellusR will need to be integrated with the LLM of choice.
TellusR is designed to help organizations comply with data privacy regulations such as GDPR. To ensure that only authorized individuals can access sensitive indexed data, TellusR support robust data privacy mechanisms. We offer two key methods for managing access to this data:
The Docker containers are networked together within a private, secure network. Public endpoints are only exposed to the local host on port 8900 and 80 and are protected with password authentication to control access. The application hosts a dashboard on 8900 and has support for admin users and basic users. Admin users have access to admin-like operations, whereas basic users only can perform query-like operations.
TellusR can integrate with either an external or internal LLM, depending on customer needs. If an external LLM is used, a typical TellusR architecture may look like this: