# PHOENIQS Model Service

This document provides an overview of the architecture, security controls, tenant isolation mechanisms, data processing principles, and data protection measures implemented within the PHOENIQS Model Service (Model as a Service) platform.

The information is intended to address requirements related to:

• Architectural diagrams and deployment concepts
• Tenant isolation and separation
• Encryption controls
• Data processing and transaction handling
• Network segmentation
• Data residency and processing location requirements

The PHOENIQS Model Service platform provides secure access to AI models through API-based services hosted within Switzerland.

Logical Architecture

Customer Applications
        │
        ▼
    AI Gateway
(Authentication, Authorization,
Tenant Isolation, Audit, Policies)
        ├── Governance & Audit Layer
        ├── Guardrails & Security Controls
        │
        ▼
    AI Model Services
(KServe / Model Serving)
        ├── Model Routing Layer
        └── AI Model Services
        │
        ▼
Access to AI Models
Model Runtime Infrastructure
        │
        ▼
Swiss-Based Infrastructure & Storage

Deployment Model The platform supports:

• Shared Environment
  • Multiple customers consume centrally managed model services.
  • Logical tenant isolation is enforced at all layers.
  • Customer data remains isolated from other tenants.
• Dedicated Environment (Optional)
  • Dedicated infrastructure and model-serving resources can be provisioned for customers requiring enhanced isolation.
  • Dedicated environments provide additional segregation of workloads, compute resources, and operational controls.

The PHOENIQS Model Service platform uses the LiteLLM AI Gateway as the central access and policy enforcement layer for all model interactions. The gateway provides logical tenant isolation, access control, routing, governance, and monitoring capabilities across the platform.

Tenant Isolation Through LiteLLM AI Gateway

• Dedicated Customer Authentication
  • Each customer is assigned dedicated API credentials.
  • All requests are authenticated by the LiteLLM AI Gateway before access to any model service is granted.
  • Customer-specific access policies ensure that only authorized models and services are accessible.
• Request and Session Isolation
  • The LiteLLM AI Gateway processes requests on behalf of authenticated tenants and enforces separation between customer workloads.
  • Requests are handled independently and are not shared across customers.
  • Customer prompts and model responses remain isolated within the context of the originating tenant.
• Policy-Based Access Control
  • The gateway enforces tenant-specific policies, including:
    • Authentication and authorization
    • Model access restrictions
    • Usage limits and quotas
    • Audit and monitoring controls
  • Customers cannot access another customer's models, configurations, requests, or responses.
• Data Isolation
  • Customer data submitted for inference remains logically separated from other tenants.
  • The platform does not expose customer prompts, responses, or usage data across tenant boundaries.
  • Model inference processing is performed within the security context of the authenticated tenant.
• Audit and Traceability
  • All requests passing through the LiteLLM AI Gateway are logged and traceable.
  • Audit records include authentication events, API usage, model access activities, and administrative actions.
  • Logs support security monitoring, compliance requirements, and incident investigations.

Encryption in Transit All communications with the PHOENIQS Model Service platform are protected using industry-standard TLS encryption. This includes:

• Customer-to-LiteLLM AI Gateway communication
• LiteLLM AI Gateway-to-model service communication
• Internal service-to-service communication
• Administrative access channels These controls ensure that data transmitted across networks is protected against unauthorized interception and tampering.

Data Storage Protection The PHOENIQS Model Service platform minimizes the storage of customer data and applies access-control mechanisms to protect operational data stored within platform databases. Where platform data is stored:

• Access is restricted to authorized services and personnel only.
• Database access requires authenticated credentials.
• Access permissions are granted according to the principle of least privilege.
• Administrative access is controlled and audited.
• Access to stored data is logged and monitored.

Credential Management Database credentials and service credentials are managed through controlled operational processes and are accessible only to authorized personnel and platform components requiring access for service operation.

Data Protection Controls Customer data submitted for model inference is processed within the PHOENIQS Model Service platform and protected through:

• Strong authentication and authorization controls
• Tenant isolation enforced by the LiteLLM AI Gateway
• Network segmentation
• Controlled administrative access
• Security monitoring and audit logging These controls help ensure that access to customer data is restricted to authorized users, services, and operational processes.

The PHOENIQS Model Service platform implements layered network segmentation to isolate customer access, model-serving infrastructure, and management services.

PHOENIQS Model Service Architecture

Segmented Architecture

• Access Layer
  • Customer traffic terminates at the LiteLLM AI Gateway.
  • The gateway serves as the single controlled entry point to the PHOENIQS Model Service platform.
• Application Layer
  • LiteLLM AI Gateway
  • Governance services
  • Authentication and authorization services
  • Monitoring and audit services
• Model Serving Layer
  • OpenShift AI Model Services
  • KServe model endpoints
  • Model runtimes (vLLM, TGI, Triton, ONNX Runtime)
• Infrastructure Layer
  • GPU and compute resources
  • Storage services
  • Platform infrastructure

Communication between layers is restricted through network policies, firewall controls, and least-privilege access principles.

The PHOENIQS Model Service platform applies multiple layers of security controls to protect customer data and AI workloads.

Security Architecture The LiteLLM AI Gateway acts as the primary security enforcement point for model access and tenant separation. Security functions include:

• Customer authentication
• Authorization enforcement
• Tenant isolation via teams
• API key management
• Request routing
• Usage control and quotas
• Audit logging
• Security monitoring

Additional Security Controls

• Role-Based Access Control (RBAC)
• Encryption in transit and at rest
• Network segmentation
• Vulnerability management
• Security patch management
• Continuous monitoring and alerting
• Governance and compliance controls

Administrative Security Administrative access is restricted according to the principle of least privilege and is limited to authorized personnel. All privileged activities are logged and monitored.

Processing Only in Switzerland The PHOENIQS Model Service platform is operated in accordance with the requirement that customer data is processed exclusively within Switzerland.

Commitment The provider, including any approved subcontractors involved in service delivery, processes customer data only within Switzerland. This includes:

• Compute resources
• Storage systems
• Model-serving infrastructure
• Operational processing activities

Access Restrictions

• Automated access from outside Switzerland is prohibited.
• Manual access from outside Switzerland is prohibited.
• Exceptional emergency situations are governed by established security and compliance procedures and are subject to strict controls and approval processes.

Data Transfers Customer data is not routinely transferred outside Switzerland for processing, storage, or operational purposes.

The PHOENIQS Model Service platform provides:

• Secure AI model access through managed APIs
• Strong tenant isolation and customer separation
• Encryption in transit and at rest
• Network segmentation and layered security controls
• Auditability and governance capabilities
• Processing and storage of customer data exclusively within Switzerland

These controls support regulatory, security, and data protection requirements for organizations operating in regulated environments, including the financial sector.