SentiOne Automate was designed with On-Premise and Cloud deployments within Customer's infrastructure in mind. Logical structure of the applications is built upon microservices paradigm, our applications are mostly stateless and the data is separated from the application's logic. This way we can deliver updates without the need of having direct access to the data. What's more logs of our applications are fully anonymized, which allows sharing them for diagnosis without worrying about privacy of Customer's clients. All communication between applications in Kubernetes cluster and databases and users is secured (data encryption in transit).
Our current reference deployment relies on running our components in safe internal network, with the only external access allowed through the API of Gateway service. Our components communicate by using HTTP protocol and exchanged data is in JSON format.
It's possible to extend security of our solution with following functionalities:
- Extended password policy (password minimum length 12 characters)
- Integration with external authentication services like Kerberos. See SSO Server
- Limiting access to specific ports to dedicated IP address pool (firewall) - depending on channels supported all incoming traffic should be blocked and limited to whitelisted IPs
- Communication tunneling with use of VPN
- Use of user's certificates while communicating with HTTPS protocol
- Use of advanced authentication and authorization methods provided with DB vendors
- Encrypt hard drives to provide encryption at rest
Additional configuration may be applied to improve security
Maximum session age
play.http.session.maxAge=9 # hours
After 9 hours after login session cookie will expire and user will be logged out
Session expiration time
chatbots.admin.session-expiration-time: 9h # hours
inactivity for 9 hours will log out user, however any interaction will extend session.
Session id logging
When enabled logs will not only include "USER:xxx, IP:xxx" but also "SESSION_ID:xxx"
Updated 3 days ago