Tech Brief – empower® AI

Required Permissions: IT Admin

The following table provides an overview of all technology requirements and specifications for empower^® AI:

Technology

Frontend (Web): React, TypeScript

Backend: .NET10, Docker, Kubernetes

Hosting: Azure

Monitoring: Azure Monitor, Prometheus, Grafana

AI:

Browser Support

Chrome: Latest

Safari: Latest (voice input is not supported)

Microsoft Edge: Latest

Cloud Platform and Security

The empower^® Backend and Web Components are hosted on Microsoft Azure Resources (Azure VMs, Azure Kubernetes Service, Azure SQL, etc.).

Data is stored inside the Azure Platform (PaaS).

Microsoft Azure is certified with ISO 27001 and PCI DSS among other.

For more information regarding Microsoft Azure security and compliance, see Microsoft Trust Center.

Microsoft Azure provides SLA of 99,95% (website and API) and 99,99% for data storage.

For further information regarding Microsoft SLA, see Service Level Agreements (SLA) for Online Services.

Scaling

The empower^® Backend uses containerization and Azure Kubernetes Service for on-demand scaling and reliability.

Geofencing

empower^®  is hosted in the Germany West Central region of Azure.

Azure ensures backups will not leave the geographical region of the tenant by employing paired data centers within the same geography.

For further information, see Azure region pairs and nonpaired regions.

This means all backup data stored in a different region also remains inside the EU. 

Data Storage

All data is stored in Azure SQL databases and Azure Storage with regular backups enabling point-in-time restore if necessary. 

Temporary cache data is stored on Azure VMs.

Guest and Data Isolation

Data at rest is isolated at the storage level, e.g. by using separate databases per tenant.

At the service level, our robust multi-tenant architecture ensures no data can cross tenant boundaries.

Encryption

All communication between the empower^® Backend and clients is SSL encrypted (TLS version 1.2/1.3).

All data at rest (databases, storage and VMs/disks) is encrypted by Azure platform-managed encryption at rest (AES-256 bit).

Open Source Components

A selection of secure and qualified open source components is used and is constantly monitored for patches and security vulnerabilities.

Data Processing Agreement

Our general data processing agreement can be accessed under DPA.

For further information regarding data, privacy and security for Azure AI, see Data, privacy, and security for Models sold by Azure in Microsoft Foundry.

Authentication

With the exception of first-time setup and recovery scenarios, empower does not act as an identity provider.

Instead, empower uses OpenID Connect to leverage third-party identity providers for user authentication.

Currently, only Microsoft Entra ID is supported as an identity provider.

User Provisioning

empower^®  supports SCIM for provisioning user accounts.

Single Sign-On

As empower does not control the user authentication process (see Authentication above), the SSO experience depends on the identity provider in use.

Generally, Microsoft Entra ID supports semi-automatic (one-click) single sign-on for users which have an active session unless configured otherwise.

IT Security Certificates of empower^® as an Organization

We possess an ISO 27001 certification.

Our certificate can be viewed under the following link:

View Certificate

Logging

Successful and failed logins are captured by the identity provider used by the customer.

Privileged administrative operations by the empower^®  Operations Team are logged within Azure and our external monitoring system.

Ports Used for Communication between Device and Application

HTTPS (443) Port Only