Difference between revisions of "AWS Security"

From Lingoport Wiki
Jump to: navigation, search
(Restricted Access to the Lingoport Dedicated VM)
(HTTPS and IP Restrictions to the Lingoport Applications)
Line 25: Line 25:
 
== HTTPS and IP Restrictions to the Lingoport Applications ==
 
== HTTPS and IP Restrictions to the Lingoport Applications ==
 
[[File:AWS Security 4.PNG|500px]]
 
[[File:AWS Security 4.PNG|500px]]
  +
  +
The application on the AWS Lingoport Dedicated VM (the Dashboard or Jenkins) is only accessible when the following conditions are met:
  +
  +
The IP of the calling system is granted access, typically:
  +
* Customer IP range
  +
* Lingoport IP range
  +
  +
The application is secured by account and password over HTTPS.
  +
  +
In other words:
  +
  +
* No one outside the authorized range can reach the system
  +
* Only authorized accounts access / see the Dashboard
  +
* Data communication is over HTTPS
  +
 
== Secure Transfer of Resource Files to/from Translation ==
 
== Secure Transfer of Resource Files to/from Translation ==
 
[[File:AWS Security 5.PNG|500px]]
 
[[File:AWS Security 5.PNG|500px]]

Revision as of 22:01, 3 June 2019

Deploying the Lingoport Dedicated VM using AWS has many security advantages. This section develops some of the layers starting with a customer's network to the full implementation of the dedicated VM accessing the customer's network Git repositories.

The Customer Network without the Lingoport Suite

AWS Security 1.PNG

The customer network before any Lingoport dedicated VM. It is expected to be a secure environment.

The Lingoport Dedicated VM Restricted Access to the Repository

AWS Security 2.PNG

The first step in this deployment is to instantiate an AWS VM. The Customer IT adds only that VM to the list of specific IP's which can access the repositories. The only access provided is to version control systems such as Git (GitHub, Bitbucket, Gitlabs), TFS, or SVN.

No customer data or systems (credit card information, live databases, client data, etc.) are granted access to the Lingoport Dedicated VM.

Restricted Access to the Lingoport Dedicated VM

AWS Security 3.PNG

Conversely, only a restricted set of IP's are allowed to access the Lingoport Dedicated VM. For instance, a system has to be either in the Customer's network or in the Lingoport network to be granted access to the Lingoport Dedicated VM. It behaves as an extension of the customer's network. No other party can gain access to the Lingoport Dedicated VM.

Furthermore, access to the AWS Lingoport Dedicated VM is restricted by SSH key. A public key needs to be set on the Dedicated VM to access connections.

HTTPS and IP Restrictions to the Lingoport Applications

AWS Security 4.PNG

The application on the AWS Lingoport Dedicated VM (the Dashboard or Jenkins) is only accessible when the following conditions are met:

The IP of the calling system is granted access, typically:

  • Customer IP range
  • Lingoport IP range

The application is secured by account and password over HTTPS.

In other words:

  • No one outside the authorized range can reach the system
  • Only authorized accounts access / see the Dashboard
  • Data communication is over HTTPS

Secure Transfer of Resource Files to/from Translation

AWS Security 5.PNG