Security

Network Security

Managed identities: LLMGW leverages Azure managed identities throughout the platform to eliminate credential management across Azure services, providing secure, automatic authentication between components while reducing administrative overhead and potential security vulnerabilities associated with stored credentials.

Network isolation: The platform operates with no public internet access by default, ensuring all LLMGW services communicate exclusively through private Azure networks and secure endpoints to minimize exposure to external threats and unauthorized access.

Selective exposure: When public access is required, LLMGW can be exposed through Azure Application Gateway with Web Application Firewall (WAF) capabilities, providing controlled access while maintaining protection against web-based attacks and comprehensive traffic monitoring.

Access Control

Zero trust model: LLMGW implements a zero-trust security approach where every connection and request is authenticated and authorized regardless of source location, ensuring no implicit trust is granted based on network position or previous authentication.

Network restrictions: Access to LLMGW services is limited to pre-approved IP address ranges and virtual networks as defined by organizational security policies, providing network-level security that prevents unauthorized access from untrusted locations.

Identity integration: The platform integrates with Azure Active Directory (Entra ID) for enterprise authentication and role-based access control (RBAC), enabling organizations to use existing identity infrastructure while maintaining granular permission control across all components.