Kamba — Symphony Deployment Architecture

Symphony AWS VPC · Single-container deployment

Kamba — Symphony
Deployment Architecture

Kamba operates exclusively within Symphony's approved infrastructure perimeter — isolated from Symphony's own internal systems, and isolated from the outside world. Nothing enters. Only user-initiated, allowlisted data queries leave.

Fully contained within Symphony's approved VPC Isolated from Symphony's internal systems No access to anything outside Symphony's perimeter Zero inbound connections Ephemeral — no data persistence CloudWatch · CloudTrail full audit

Deployment model

Single container · ECS / EC2

Perimeter

Fully within Symphony's approved VPC

Internal isolation

No access to Symphony core systems

Inbound connections

Zero — none accepted

Data persistence

None — ephemeral only

Dual Isolation

Fully contained within Symphony's approved perimeter — isolated on both sides

Kamba operates exclusively inside Symphony's AWS VPC — the same infrastructure Scotiabank has already reviewed, approved, and deployed. It is isolated in two directions simultaneously: inward, with no lateral access to Symphony's own databases, services, or core infrastructure; and outward, with no access to any system outside Symphony's VPC except user-initiated, explicitly allowlisted data provider endpoints. Kamba cannot reach Scotiabank's internal network, the public internet, or any other environment independently. It accepts zero inbound connections. All egress is user-initiated, governed by Symphony's own network controls, and fully logged.

01 · System Architecture

Single-container deployment inside
Symphony's AWS VPC.

Symphony Platform

Symphony Messaging

Chat interface & bot framework. Kamba connects here to receive and respond to user queries.

WebSocket connection

↑

Kamba-initiated
WSS:// · outbound

Symphony AWS VPC Region: us-east-1 (configurable)

Private Subnet — Kamba Dedicated

Docker Host (ECS / EC2)

Container: kamba:latest

Kamba Engine

AI-powered financial analysis platform

Symphony WS Client

LLM Orchestration Layer

Query Parser & Router

Data Provider Connectors

Response Synthesizer

ⓘ LLM-agnostic — works with any approved model. The LLM interprets queries only. No data is ever shared with the LLM.

Container Local Filesystem

Ephemeral Storage

Transient scratch space for intermediate processing during each request.

No data persists beyond a single request lifecycle. All scratch files, query data, and intermediate results are wiped automatically. No external volumes or persistent storage attached.

Request → Process → Wipe

Data Connectors

Internal Sources

Data Lakes & Warehouses

Snowflake · Redshift · BigQuery · S3

OutboundRead-onlyAdmin-provisioned

Documents & Files

PDFs · Excel · CSV · Research docs

OutboundRead-onlyAdmin-provisioned

Internal Systems

Portfolio systems · Emails · Feeds

OutboundRead-onlyAdmin-provisioned

External Sources

ⓘUser-connected: external providers are selected and activated only by the user. No external endpoint is reachable without explicit user-initiated configuration.

Outbound only · TLS 1.2+

Licensed Data Providers

FactSet · Bloomberg · Refinitiv

HTTPSOutboundUser-connected

Public APIs

SEC EDGAR · regulatory filings

HTTPSOutboundUser-connected

Web Search

configurable provider

HTTPSOutboundUser-connected

02 · Security Controls

Four layers of network enforcement —
by design, not by configuration.

Security Groups

No inbound rules
Outbound: port 443 allowlist only

Network ACLs

Allowlisted provider
endpoints only

Subnet Isolation

No lateral access to
Symphony core infrastructure

CloudWatch / CloudTrail

Full audit logging
of all network traffic

03 · Data Flow & Security Posture

Isolated inward. Isolated outward.
Contained entirely within Symphony's perimeter.

Data Flow

Kamba-initiated WebSocket — within Symphony

Kamba Engine opens an outbound WebSocket (WSS) to Symphony Messaging to receive and respond to user queries. This connection stays entirely within Symphony's VPC. No inbound connections are accepted by the container.

All external data calls are user-initiated and allowlisted

The only traffic that leaves Symphony's VPC is outbound HTTPS to data providers explicitly selected and connected by the user. No external endpoint is reachable without user-initiated configuration. Every connection is governed by Symphony's Security Group and Network ACL controls.

Zero data persistence

Transient storage is scoped to individual request lifecycles. No PII, query data, or results survive beyond a single message. Nothing is written to external storage.

Key Security Properties

Dual isolation — the complete picture

Kamba is isolated from Symphony's own internal systems (no lateral access to Symphony databases, services, or core infrastructure) and from everything outside Symphony's VPC. The container exists in its own sealed subnet with no path in or out except what is explicitly defined and user-initiated.

Internal connectors are read-only and admin-provisioned

Access to internal data sources — data lakes, warehouses, portfolio systems, files — is read-only and must be provisioned by a Scotiabank administrator before any user can query it. No user can self-connect to internal infrastructure.

LLM-agnostic — data never shared with the model

Kamba works with any institutionally approved LLM. The model receives only the user's query — never the underlying data. Data retrieval, validation, and synthesis happen entirely within Kamba's engine. The LLM interprets intent; it never sees or processes client data.

04 · Why data is safe inside Symphony's environment

Symphony is the financial industry's most
trusted secure messaging infrastructure.

Symphony Communications is purpose-built for regulated financial institutions — banks, asset managers, broker-dealers — where data confidentiality is non-negotiable. Scotiabank has already completed its vendor due diligence and approved Symphony as a vendor. Kamba runs entirely within that approved perimeter, inheriting its security architecture by design.

🏦

Built for regulated finance

Symphony was architected from day one for banks, not adapted for them. Every security property — encryption, isolation, access controls, audit logging — was designed with financial regulatory requirements as the baseline, not an afterthought.

✅

Already an approved vendor at Scotiabank

Scotiabank has assessed and approved Symphony as a vendor. Kamba runs inside that same approved infrastructure — within the same perimeter, subject to the same controls. The trust chain is already established.

🔒

Bank-grade encryption everywhere

Symphony enforces end-to-end encryption with customer-managed keys. The institution controls its own encryption keys — Symphony itself cannot access message or data content. This is the gold standard for financial data confidentiality.

1,000+

Financial institutions on Symphony globally

500,000+

Financial professionals using Symphony daily

Tier 1

Banks — including Scotiabank — approved & deployed

SOC 2 T2

Independently audited security certification

Kamba — SymphonyDeployment Architecture

Kamba — Symphony
Deployment Architecture