Security

The following section looks at security and configuration options within Aiimi Insight Engine. Aiimi Insight Engine supports a host of security options that allow you to secure your deployment. Both at the application and at the infrastructure level (defence in depth).

Concepts:

XPack

• An Elasticsearch module that secures Elasticsearch transport protocol and the HTTP protocol using SSL. This means all traffic between the cluster and to the cluster is encrypted. It also enforces the need for a username and password on all requests, which are too encrypted.

Source System Credentials

• The credentials used to discover and ingest content from the source systems. They act as a layer of security that controls what Aiimi Insight Engine can perform. For example, a read-only account meaning that Aiimi Insight Engine cannot write back.

HTTPS

• A secure form of HTTP used to communicate between the agents and web server to Elasticsearch and between users and the gateway.

Authentication

• All users and admins accessing the system must authenticate before accessing the apps.

Authorization

• All user requests go through a series of authorization steps. For example, governing what the apps and what data and documents they have access to.

Permissions Trimming

• This part of authorisation controls what users can and cannot see when performing a search or any other transaction in Aiimi Insight Engine.