When choosing for a tenant private instance of Ellipsis Drive, the management of the servers will be done by our own team. The security settings will match with the public version of Ellipsis Drive.

When choosing to deploy Ellipsis Drive on your own infrastructure, we assume that the security settings for it will be managed by you to suit the needs of your internal organization.

Below we list the security related aspects of an Ellipsis Drive deployment. Each aspect describes the minimum permission needed. We recommend to use the principle of Least Privilege. So do not use higher permissions or lower settings then described below.

Root access

Ellipsis Drive machines are designed to be run in a docker environment. The processes require root access inside the docker container during deployment, but does not need them afterwards. No root access is needed to the host of the docker containers.

Networking

Strictly speaking, only the machines hosting the API require access to the public internet to function. Having public internet access does allow the machines to get software updates automatically.

All machines do need to be able to connect with each other. It is highly recommended to deploy them in an Amazon VPC or a similar service. Dividing it in further sub-networks is not necessary.

If deployed without an existing passive file storage, the file storage created by Ellipsis Drive is only accessible by itself.

SSH keys

Users of the system can access the docker containers through the host. They do not need separate SSH keys to directly SSH to the containers themselves.

How these users access the host is dependent on the infrastructure and organizational structure Ellipsis Drive is deployed on.

Secrets and credentials

By default, the secrets and credentials the application uses are stored in a config file that comes with the installation, as this is the most context independent approach. A script is provided that can be run to change the credentials on all servers. This script can also be used to rotate credentials automatically.

We recommend to use a managed service to store and rotate secrets for your application, such as AWS Secrets Manager.

Sensitive data

Aside from the secrets and credentials, the data uploaded by the users must be protected from unauthorized access. The original uploaded files are first stored in the temporary storage before uploaded to the passive, permanent storage. Derivative data of that file for active usage of that data are stored the active storage portions of the system.

Encryption of these data through your preferred method is supported.

Backups of the data is not managed by the Ellipsis Drive application itself. You should apply your own backup policies and procedures on the data. It is highly suggested to at least backup the passive storage. If the active storage is lost, it can be reconstructed from the passive storage.

emails and passwords

Each user of your Ellipsis Drive instance can login with his or her username/email and password. Users should update their password regularly.

Ellipsis drive never exposes a user email to another user, only the username.