Skip to main content

Self-Hosted Questionnaire

As you prepare for a self-hosted installation of Credo AI you may wish to seek guidance from our engineering team regarding special technical cases or restrictions.

The following questions are a helpful start for us to learn more about your infrastructure and lifecycle management so we can better guide you.

Please limit answers to the scope of the target infrastructure for deploying instances of Credo AI.

Network Infrastructure

  • Credo AI recommends using a managed kubernetes distribution service. Which service do you use (eg. EKS, AKS, OpenShift) and how do you typically expose applications to users? If you do not use a managed kubernetes service please include information about your selected network ingress implementation.

  • The Credo AI application exposes a TLS-secured web UI and api. How will you be connecting users to these services? Include details about your typical user workstation connectivity (eg tunneling, VPN, proxy), TLS configurations and what browsers you intend to use.

  • Does the hosting infrastructure have outbound internet access? Do outbound connections require a proxy? Are there IP or hostname filters on outbound connections?

  • If the environment has no outbound internet access, do machines in a DMZ have direct network access to the air-gapped infrastructure, or do release artifacts need to be copied to physical media for installation?

Application Dependency Infrastructure

  • Do you anticipate using a self-hosted or managed PostgreSQL database platform?

  • The Credo AI application uses object storage for user document uploads and downloads. Can you use AWS S3 for object storage?

  • The Credo AI application sends emails to users for events. Do you have access to an SMTP server or a compatible managed service (eg Amazon SES)?

  • Credo AI application requires Single sign on (SSO) for user authentication. The application natively supports OIDC identity providers (IdP). Do you use a cloud hosted service like Okta/Auth0 that can fill this requirement? If not, do you have a SAML IdP? The Credo AI application can be configured with an adaptor to support SAML if necessary.

Software Provenance and Distribution

  • Can your infrastructure pull container images from the public internet, or do you require images to be stored in an private registry?

  • If you use a private image registry, which registry product do you use?

  • If you scan images hosted in your private container image registry, please share your compliance requirements.

Change Management

  • How do you test new releases of COTS software, in this case Credo AI? Do you have a UAT or Staging environment?

  • How often do you like to receive planned (non-critical) software updates? Quarterly? Monthly? As often as possible? Do you have change management requirements that will impact the frequency of updates? Please detail.

  • For critical updates, what is your target deployment time for new patches? Do you have a requirement for how quickly patches are made available after a vulnerability is announced?

Live Support

  • If there is an issue causing downtime in the on-prem application, would you be willing to give the Credo AI team direct access (eg kubectl) to the cluster?