Network and Device Security
Rapta’s premises AI solutions are powered by an encrypted and secure Linux operating system and is completely self-contained and isolated from all other networks.
Deployment
Rapta will deploy an Applied AI service in three configurations, each of which carry applicable service charges:
- With an edge router that allows secure connectivity to the internet via customer networks
- With a mobile hotspot that connects the infrastructure to the Rapta Service network
- Completely self-isolated
The service network is described via the following facets:
- Service components: these are atomic self-contained modules that interoperate with other services via the network and advanced programming interfaces.
- Device discovery: all service components discover the relevant components needed to fulfill a servicing request.
- Rapta Edge Router: provides system connectivity and enables the Rapta Maintenance Network
- Maintenance network: Rapta operates a VPN-like network to connect to devices for same-day servicing and support of equipment; this network is only used when an optional Rapta Edge Router is configured.
- Rapta Datalake: our database server is maintained by a SOC-2 compliant cloud provider and stores operator metrics.
Security
Rapta utilizes hardware-backed two factor authentication on all devices distributed to customers as well as services used in development. We use strong FIDO2 compatible cryptography and utilize an encrypted peer to peer backend to optionally communicate with devices as needed – any internet support requires express consent from the customer, Rapta will default to completely isolated deployments into customer spaces by default. All devices are configured with security best practices and the operating system is hardened with the NSA operation system guidelines. All of our development resources are stored on SOC2-compliant cloud vendor networks.
Self-contained deployments
- No outside connectivity, completely self-contained
- Software updates will be performed via a “USB Update key”
- Multi-tiered customer support
Rapta Edge Router deployments
- Service fees may apply
- Multi-tiered customer support
- Provides connectivity to public networks via a router
- Allows traffic from the Rapta Network to the Rapta Maintenance Network
- Forwards operator performance metrics to the Rapta Datalake for analytics
- No device discovery traffic will leave the Rapta Network
Rapta Mobile deployments
- Service fees apply
- Multi-tiered customer support
- Provides connectivity to public networks via a mobile hotspot; mobile deployments do not connect to your network
- Allows traffic from the Rapta Network to the Rapta Maintenance Network
- Forwards operator performance metrics to the Rapta Datalake for analytics
- No device discovery traffic will leave the Rapta Network
Service Components
A Rapta network is comprised of multiple independent service nodes, each of which has a specific type and name that can be discovered by other service components as dictated by the Rapta business logic configuration. A business logic configuration can be customized based on the type of environment and Rapta Applied AI application.
Services generally configure a single discovery service on the network that allows for the dynamic configuration and lock-in of the payload service. Most services that are used for our Applied AI & Neural Network operations will dynamically create a streaming pipeline between each component to provide Machine Learning Operations at scale.
Since the Rapta network is self-contained, these service components do not communicate outside of the Rapta network via an optionally configured Rapta Edge Router.
Rapta Edge Router
A Rapta Edge Router can optionally be installed to provide access to the equipment via the internet. This is optional and not required for any Rapta application.
Installing an edge router with the Applied AI solution will allow the Rapta service team same day access to all deployed systems for support and software updates.
The Rapta Edge Router maintains a basic configuration to provide a firewall that contains all Rapta traffic within the boundaries of the Rapta Network and only allows and enables communication to the Rapta Maintenance Network.
Maintenance Network
The Rapta Maintenance Network is enabled for those devices that are deployed with a Rapta Edge Router. It enables the Rapta support team to provide same-day support and software updates to all Rapta systems deployed.
A Rapta Maintenance Network is protected by strong cryptographic keys and is monitored by the Rapta team. The Rapta Maintenance Network is configured to allow access to compute hardware within the Rapta Network for OTA updates and to simplify support requests.
Rapta Datalake
The Rapta Datalake is an optional operator metrics store that provides analytics on operator performance with eventual consistency. While not immediate, operator performance will be uploaded via the Rapta Edge Router or the Rapta Mobile connection to the cloud. Access to the Rapta Datalake is facilitated via a secure authenticated app interface and private webportal.