1. Workstation on premise

Osokey AWS Account

Osokey code


Encrypted in transit

Customer AWS Account

SEG-Y & application data

Encrypted at rest

Osokey API Access

Encrypted in transit | https:// API Endpoint | API Key & Usage Plan

Token obtained after Single Sign On | Token Authentication


Send data (read only)

Direct Connect

On Premise

Workstation running Petrel

2. Workstation in cloud

Osokey AWS Account

Osokey code


Encrypted in transit

Customer AWS Account

SEG-Y & application data

Encrypted at rest

AWS Storage Gateway

Osokey API Access

Encrypted in transit | https:// Private API Endpoint | API Key & Usage Plan

Token obtained after Single Sign On | Token Authentication


Send data (read only)

PrivateLink VPC Connection

Customer AWS Account

Workstation on EC2

Runnning Windows Server 2016, Petrel & NICE DCV server (custom TCP port number)

Access to Private API Endpoint | Access to AWS Storage Gateway via Private S3 Endpoint

No internet access | Inbound / outbound from Direct Connect IP range

NICE DCV | Send display / receive mouse and keyboard | Encrypted in transit

Petrel | Request license

Direct Connect

On Premise

Petrel license server

Workstation running NICE DCV client


Separation of code and customer data


Data encrypted at rest and in transit


Data replication and backup


Temporary credentials

Security overview

1. Connection

Modern web browsers only

HTTPS enforced

Unique URL

2. Firewall

Cross-site scripting (XSS) protection

Distributed Denial of Service (DDoS) protection

Optional: whitelisting/blacklisting of IPs/countries

3. User Login

Authorised end-users only

Email addresses verified

Optional: Single Sign On integration

Optional: multi-factor authentication

4. Successful login

Time-limited access to web application

Temporary credentials following principle of least privilege

Authenticated requests only

Admin. interface

Data & usage management

Optional: user management

6. Access seismic data

Data encrypted at rest and in transit

Optional: watermarking

5. Access surveys on web map

Data encrypted at rest and in transit

Time-limited access to seismic sections