Open Web UI (Lux GPT) - Secure Internal AI Platform
Enterprise Conversational AI with LDAP Authentication & MCP Tools Integration
Designed and implemented Open Web UI (Lux GPT), a standalone secure internal AI conversational platform that demonstrates advanced IAM skills through LDAP authentication, integrates with the Light LLM proxy for security guardrails and vector solutions, and extends functionality with custom MCP tools for real-time infrastructure management.
Client
Luxottica
Completion
4 months
Category
Automation & AI
Situation
The organization needed a secure, internal conversational AI tool capable of handling sensitive corporate data while providing seamless access to real-time infrastructure information. Existing solutions lacked proper IAM integration, custom tooling capabilities, and the ability to securely query Azure resources without persistent data storage. There was also a need to demonstrate enterprise-grade identity and access management capabilities through LDAP integration.
Task
Design and implement a secure, containerized AI front-end application that provides LDAP-based authentication, integrates with the Light LLM proxy for security guardrails and vector solutions, supports custom MCP tools for real-time infrastructure querying, and enables seamless workflows from data analysis to secure access.
Action
→Architected Open Web UI (Lux GPT) as a standalone secure internal AI application using Streamlit as middleware, extending functionality through MCP and API protocols
→Implemented LDAP authentication and user tracking, demonstrating advanced IAM skills and ensuring all interactions are traceable and accountable
→Certified the solution for containerized deployment, enabling portability and simplified SSL/TLS configuration
→Investigated and planned deployment within Azure Kubernetes Service (AKS), including acquisition of Nvidia A10 GPU machine in Azure non-prod DXE compartment for GPU-accelerated workloads
→Integrated with Light LLM proxy to leverage custom security guardrails, vector stores, and centralized AI governance
→Developed custom AZ Tools MCP integration leveraging Python AZ CLI authentication with Microsoft Device login and Multi-Factor Authentication (2FA) workflow to retrieve bearer tokens
→Implemented real-time Azure resource querying capability, successfully retrieving configuration data for 47 Virtual Machines across two Azure subscriptions
→Created seamless integration with Guacamole MCP tool, enabling end-to-end operational workflow: Analyze Infrastructure Data → Launch Secure Access Session
→Designed ephemeral data handling ensuring bearer tokens and sensitive infrastructure data are automatically erased upon conclusion of MCP discussions
→Demonstrated executive reporting capabilities by generating factually dense, real-time cybersecurity reports highlighting critical findings like outdated Red Hat versions
Results
✓Delivered a secure, enterprise-grade internal AI platform with full LDAP authentication and user tracking, demonstrating advanced IAM capabilities
✓Enabled seamless integration between knowledge retrieval, infrastructure analysis, and secure operational access through unified chat interface
✓Established a containerized, portable solution that simplifies deployment and SSL/TLS configuration
✓Provided real-time, factually accurate Azure infrastructure insights without persistent data storage, enhancing security posture
✓Created a scalable architecture ready for AKS deployment with GPU support for high-performance AI workloads
✓Demonstrated proof of concept for secure, internal AI management with custom tooling that can scale across the organization
✓Enabled executive-level reporting with real-time data, improving decision-making speed and accuracy
✓Reduced security risks through ephemeral data handling and comprehensive authentication workflows