Ellipsis Drive
  • πŸ‘‹Welcome to Ellipsis Drive!
  • Getting Started
    • ⚑Quick Start!
      • 1. Sign up for Ellipsis Drive
      • 2. Creating Vector Layers
      • 3. Creating Raster Layers
      • 4. Creating Point Cloud Layers
      • 5. Data sharing and user access
      • 6. Map building
    • 🏒Set up your organisation
    • πŸ‘₯User Types
      • πŸ”ŽData Scientists
      • πŸ–₯️Developers
      • 🌐GIS professionals
      • πŸ—ΊοΈNon-technical users
    • Capabilities table
    • πŸ“šGlossary
    • πŸ“„Metadata
  • Advanced Usage
  • 🌍Working With Vector Data
    • πŸ–ŒοΈVector styling methods
    • β˜‘οΈFilter vector data
    • πŸ”ŽInspect vector data
    • ✏️Edit vector data
  • 🌏Working With Raster Data
    • πŸ“ˆCreating time series with raster data
    • πŸ–ŒοΈRaster styling methods
    • πŸ”ŽAnalyse raster data
  • πŸš€Sharing & Collaboration
    • πŸ“‚Sharing Folders & Layers
    • πŸ’²Subscriptions on spatial data
    • πŸ“€Transferring spatial data
  • πŸ’‘Good to know
    • 🌍Adding third party layer
    • ⬇️Downloading data
    • ⏳Processing Units
    • 🌏How to change the host location
    • πŸ”Marketplace vs Reseller vs Ellipsis Drive
  • Integrate & automate
    • πŸ”—Integration options
      • πŸ’»Use Ellipsis Drive viewer as embedded window
      • Creating (signed) viewer url's
      • πŸ—ΊοΈDisplay Ellipsis Drive layers in your app
      • πŸ’ΎUse Ellipsis Drive layers in third party software
      • πŸ“‰Query layers from your app
      • πŸ“‚Use Ellipsis Drive to ingest client data
      • πŸ”—Connect Ellipsis Drive to your platform
      • πŸ“ŠPerform analytics on Ellipsis Drive layers
      • 🌐Publish your outputs as Ellipsis Drive layers
    • βš™οΈAPI v3
      • Account
        • Create new account
        • Get account details
        • Login to your account
        • Edit profile
        • Update username
        • Delete account
        • Get transactions
        • List root folders
        • Get user history
        • Change your subscription
        • Change your default storage location
        • Add billing information to your account
        • Security
          • Update email
          • Validate email
          • Update password
          • Reset password
          • Validate password
        • Access tokens
          • Create access token
          • Get your access tokens
          • Delete access token
        • External Layer
          • Add external layer
          • Delete external layer
          • Retrieve external layer
      • Users
        • Search users
        • Get user
        • Invite user
        • Contact user
      • Path
        • Get path
        • Search path
        • Move path
        • Rename path
        • Trash or recover a path
        • Hard delete path
        • Edit path public access
        • Edit path metadata
        • Favorite path
        • White list domains
        • Request access
        • Update hosting location
        • Export for download
          • Export layer or folder
          • Get exports
          • Download an export
        • Hashtags
          • Add hastag
          • Remove hashtag
          • Search for hashtag
        • Invites
          • Invite user to path
          • Revoke Invite
          • Accept invite
          • Get your invites
          • Get path invites
        • Path members
          • Get list of members
          • Remove member
          • Edit member
        • Path subscription plans
          • Add subscription plan
          • Get subscription plans
          • Delete Subscription
          • Subscribe to a path
        • Path Usage
          • Path active users
          • Path usage of user
          • Path aggregated processing units
        • Transfer ownership of path
          • Create transfer
          • Revoke transfer Invite
          • Get transfer invites
          • Accept/Reject transfer invite
      • Path/folder
        • Create new folder
        • List folder
        • Traverse folder
      • Path/vector
        • Create new vector layer
        • Timestamps
          • Add timestamp
          • Edit timestamp
          • Trash timestamp
          • Hard delete timestamp
          • Get timestamp bounds
          • Get feature changelog
          • Find features by ids
          • Search feature by extent
          • Search features by tiles
          • Get the compressed features list
          • List features
          • Location information
          • Vector Features
            • Add feature
            • Edit the features
            • Delete feature
            • Feature Versions
            • Feature Messages
              • Get messages on a feature
              • Get message image
              • Add message to a feature
              • Delete message
            • Feature Time Series
              • Get series
              • Get series info
              • Add series
              • Delete series
              • Series Changelog
          • Upload vector data
            • Upload vector file
            • Get uploads
            • Revert the upload
            • Delete failed upload
            • Download file
          • Export vector data
            • Export vector data
            • Get exports
            • Download an export
        • Styles
          • Add style
          • Edit Style
          • Delete Style
        • Vector Layer Properties
          • Add vector property
          • Delete vector property
          • Edit vector properties
        • Vector layer projections
          • Add a projection
          • Remove a projection
        • Edit filter
        • Edit saved data
      • Path/raster
        • Create new raster
        • Timestamps
          • Tile service
          • Stack rasters
          • Get raster
          • Analyse raster data
          • Location information
          • Add timestamp
          • Edit timestamp
          • Get timestamp bounds
          • Activate timestamp
          • Deactivate timestamp
          • Delete timestamp
          • Trash timestamp
          • Upload Raster
            • Upload raster file
            • Get uploads
            • Delete upload
            • Trash upload
            • Download file
          • Export raster data for download
            • Export raster data for download
            • Get exports
            • Download export
        • Styles
          • Add style
          • Edit style
          • Delete style
        • Edit Raster
        • Edit raster band
        • Raster layer projections
          • Add a projection
          • Remove a projection
      • Path/pointCloud
        • Create new point cloud
        • Timestamps
          • 3D tiles
          • Add timestamp
          • Edit timestamp
          • Get timestamp bounds
          • Activate timestamp
          • Deactivate timestamp
          • Delete timestamp
          • Trash timestamp
          • Point cloud uploads
            • Upload point cloud file
            • Get uploads
            • Delete upload
            • Trash upload
            • Download file
          • Export point cloud for download
            • Export point cloud data
            • Get exports
            • Download export
      • Path/file
        • Create new file
        • Download file
      • Path/bookmark
        • Create new bookmark
        • Fetch bookmark details
        • Update bookmark details
      • Path/setUpTasks
        • Add task
        • Get tasks
      • Path/process
        • Create new process
        • Update a process
        • Execute a process
        • Fetch your process jobs
        • Fetch proces jobs of a path
      • OGC Protocols
        • WMTS
        • OGC API - Features
        • TMS/XYZ
        • WMS
        • Processes API (INFORMATION FACTORY INSTANCE ONLY)
          • Landing
          • Conformance
          • Process list
          • Execute a process
          • Get job status
          • Get job results
        • WCS
        • STAC
          • Landing
          • Root Catalog
          • Folder Catalog
          • Layer Collection
          • Timestamp Item
          • Search
        • Terrain RGB
        • MVT
        • WFS
        • 3D tiles
      • Fast read
        • Vector data
        • Raster data
      • OAuth
        • Authorization
        • Authorization code variant
        • Refresh token variant
      • Ellipsis Drive Pricing
        • Public pricing
        • User pricing
      • Ellipsis Drive locations
        • Get locations
      • Top Up
    • πŸ”ŒPlugins & Packages
    • πŸ”Authentication Options
    • Backwards compatibility
      • Add vector style
      • Add raster style
  • Extra
    • πŸ›‘οΈCertification & Compliance
    • ❓Troubleshoot Issues
      • Failing to upload features with properties of type object or array
      • My raster data does not look good on low zoomlevel
      • Connecting webservice to QGIS and ArcGIS
      • Why don't all features show on every zoom level?
      • Failing to upload a .csv
      • Trouble with EPSG or CRS
      • Failing to upload a Shape file
      • Fix Visualisation Transparency
    • Creating a process
  • PRIVATE DEPLOYMENT
    • ℹ️Introduction
    • πŸ“ƒOverview
    • πŸ› οΈDeployment
      • πŸ”ŒIntegration with existing storage
      • πŸ’½Recommended hardware
      • πŸ“ˆManaging your instance
      • ♻️Backup and recovery
      • πŸ”Security and Compliance
      • ☁️Supported clouds
Powered by GitBook
On this page

Was this helpful?

  1. PRIVATE DEPLOYMENT
  2. Deployment

Security and Compliance

When choosing for a tenant private instance of Ellipsis Drive, the management of the servers will be done by our own team. The security settings will match with the public version of Ellipsis Drive.

When choosing to deploy Ellipsis Drive on your own infrastructure, we assume that the security settings for it will be managed by you to suit the needs of your internal organization.

Below we list the security related aspects of an Ellipsis Drive deployment. Each aspect describes the minimum permission needed. We recommend to use the principle of Least Privilege. So do not use higher permissions or lower settings then described below.

Root access

Ellipsis Drive machines are designed to be run in a docker environment. The processes require root access inside the docker container during deployment, but does not need them afterwards. No root access is needed to the host of the docker containers.

Networking

Strictly speaking, only the machines hosting the API require access to the public internet to function. Having public internet access does allow the machines to get software updates automatically.

All machines do need to be able to connect with each other. It is highly recommended to deploy them in an Amazon VPC or a similar service. Dividing it in further sub-networks is not necessary.

If deployed without an existing passive file storage, the file storage created by Ellipsis Drive is only accessible by itself.

SSH keys

Users of the system can access the docker containers through the host. They do not need separate SSH keys to directly SSH to the containers themselves.

How these users access the host is dependent on the infrastructure and organizational structure Ellipsis Drive is deployed on.

Secrets and credentials

By default, the secrets and credentials the application uses are stored in a config file that comes with the installation, as this is the most context independent approach. A script is provided that can be run to change the credentials on all servers. This script can also be used to rotate credentials automatically.

We recommend to use a managed service to store and rotate secrets for your application, such as AWS Secrets Manager.

Sensitive data

Aside from the secrets and credentials, the data uploaded by the users must be protected from unauthorized access. The original uploaded files are first stored in the temporary storage before uploaded to the passive, permanent storage. Derivative data of that file for active usage of that data are stored the active storage portions of the system.

Encryption of these data through your preferred method is supported.

Backups of the data is not managed by the Ellipsis Drive application itself. You should apply your own backup policies and procedures on the data. It is highly recommended to at least backup the passive storage. If the active storage is lost, it can be reconstructed from the passive storage.

emails and passwords

Each user of your Ellipsis Drive instance can login with his or her username/email and password. Users should update their password regularly.

Ellipsis drive never exposes a user email to another user, only the username.

PreviousBackup and recoveryNextSupported clouds

Last updated 3 months ago

Was this helpful?

πŸ› οΈ
πŸ”