Osher Digital delivers AI assistants and automation systems that can run securely in either your own infrastructure or ours. This article explains the security requirements and expectations for both hosting models so you can choose the approach that best fits your organisation.
Two Hosting Models
Osher Digital supports two secure hosting options:
- Osher Digital hosted: We deploy the system for you on a private, isolated VPS that we manage. This is our preferred option and the one most clients choose.
Self hosted: Your organisation provides a private VPS or cloud instance where the solution runs.
Both approaches use the same security principles and are designed to protect your data and maintain reliable performance.
Core Security Expectations for Any Deployment
Regardless of where the system is hosted, all deployments require the following baseline controls:
A private VPS or isolated cloud instance
Docker installed for containerised deployment
Encrypted administrative access via SSH
Firewalls configured to allow only essential traffic
Outbound internet access restricted unless required for specific APIs
Separate staging and production environments when needed
MFA or 2FA for all administrative access
Regular security patching and updates
These controls ensure that your assistant operates in a stable and secure environment.
Security Requirements for Self Hosted Deployments
A self hosted deployment gives you full ownership of infrastructure, data location and access policies. To support this model, your team will need to manage several responsibilities.
Secure VPS environment
Your VPS should be:
Private and not shared with other workloads
Located in a region that meets your compliance requirements
Sized appropriately for expected workload and scaling needs
Docker and container support
All Osher Digital systems are deployed using Docker. Your environment must be able to run and maintain containers without restriction.
Network and firewall configuration
Outbound network access should be limited to the services required by your assistant. Examples include:
OpenRouter or other LLM providers
Your internal APIs
Email or notification services
Blocking everything except required endpoints significantly reduces the attack surface.
Access management
Your internal IT team remains responsible for:
Managing SSH access
Enforcing MFA
Maintaining user accounts
Applying operating system patches
Controlling who can access the VPS
Local vector database hosting
We recommend hosting your vector database (for example Qdrant) on your own VPS. This ensures that embeddings and indexed content never leave your environment.
Security Requirements for Osher Digital Hosted Deployments
If you prefer Osher Digital to host your assistant, we manage the infrastructure on your behalf. This includes:
VPS provisioning and configuration
Security hardening and firewall rules
Log retention and system monitoring
Patch management and updates
Uptime monitoring and alerting
Your responsibilities are simple:
Provide access to your internal systems and APIs
Review any required security documentation
Approve specific hosting variations if needed
This model is suitable for clients who want to reduce their infrastructure burden while maintaining strong security.
Data Handling in Both Models
Regardless of hosting approach:
Only required data is processed
Vector embeddings remain on the VPS
Chat logs are stored only if required for memory or functionality
Credentials are stored securely in a vault
LLM interactions use non training modes
Clients can request data deletion at any time
Both models meet the same privacy and confidentiality standards.
Choosing the Right Hosting Model
A self hosted deployment is ideal if your organisation:
Has strict internal security requirements
Requires full control over data residency
Wants to manage infrastructure internally
An Osher Digital hosted deployment suits organisations that prefer:
More convenient setup
Managed infrastructure and monitoring
Lower internal operating overhead
We will assist you to determine the best option during the discovery phase.
Our Commitment
Whether hosted by you or by us, the security of your data and systems remains the highest priority. Both models follow the same security principles, and both give you confidence that your AI assistant is running on a secure, stable and compliant foundation.
Was this article helpful?
That’s Great!
Thank you for your feedback
Sorry! We couldn't be helpful
Thank you for your feedback
Feedback sent
We appreciate your effort and will try to fix the article