The appliance is designed to be installed within your own security perimeter. It has its own firewall installed to only allow ingress to ports that are required for its management, monitoring and Speech APIs.
The appliance uses a microservices architecture running on a customized Ubuntu machine. AppArmor default security policies are used to protect the OS and running applications on the appliance.
Data on the appliance (including audio and video data that is submitted via the Speech API, logs, and output transcripts) are encrypted on disk.
There are several firewall rules that may need to be enabled to ensure the communication can be made to the virtual appliance. If you setup HTTPS as described in the 'SSL Configuration' section of these docs then you only need to expose port 443.
|8080/TCP||Used for the Management API to manage the virtual appliance|
|8082/TCP||REST Speech API for batch ASR|
|9000/TCP||Websocket Speech API for real-time ASR|
|443/TCP||Used for HTTPS communication with all of the above services|