PromptQuorumPromptQuorum
主页/本地LLM/How to Build a Secure Offline Local LLM Workflow
Privacy & Business

How to Build a Secure Offline Local LLM Workflow

·9 min·Hans Kuepper 作者 · PromptQuorum创始人,多模型AI调度工具 · PromptQuorum

For maximum privacy, build an air-gapped workflow: LLM server offline (zero network), data transfer via encrypted USB. As of April 2026, this is required for high-security environments (legal discovery, healthcare genetic data, classified research). Setup takes 1–2 days; operational overhead is moderate.

关键要点

  • Air-gapped = no network. Ethernet unplugged, WiFi disabled in BIOS, cellular disabled.
  • Data in: User encrypts documents on connected machine (GPG), transfers via USB to air-gapped server.
  • Inference: Run LLM locally on air-gapped machine. Output encrypted, saved to USB.
  • Data out: USB returned to connected machine, decrypted, reviewed, approved for release.
  • Hardware: Dedicated machine (cannot be shared). Standard office PC is fine.
  • Setup: 1–2 days (OS hardening, firmware patching, key generation).
  • Operational overhead: ~30 min per inference job (data staging, encryption, decryption, review).
  • Cost: $1,000–2,000 hardware + $0 software (open-source).
  • vs VPN approach: Air-gapped is paranoid but impenetrable. VPN is convenient but network-risk remains.

Air-Gapped Architecture

Machines:

1. Connected machine (admin): Has internet, antivirus, firewall. For GPG key storage, document preparation.

2. Air-gapped inference server: Zero network, USB port only. Runs LLM, processes sensitive data.

3. Optional: removable media (USB): Encrypted, air-gapped storage for data transfer.

Network setup:

- Air-gapped server on isolated power strip (can be killed quickly if needed).

- Connected machine on standard network.

- No shared filesystem, no Bluetooth, no network cable.

- Physical separation (different rooms recommended).

Data Transfer Workflow

  1. 1User prepares: Document to analyze saved locally on connected machine.
  2. 2Encrypt: `gpg --encrypt --recipient admin@company.com document.txt` → `document.txt.gpg`.
  3. 3Transfer: Copy `document.txt.gpg` to USB drive. Eject USB from connected machine.
  4. 4Physical handoff: USB delivered to air-gapped machine location (human courier, locked envelope).
  5. 5Decrypt & ingest: `gpg --decrypt document.txt.gpg` → plain text file. Delete .gpg file.
  6. 6Inference: Prompt: "Analyze this document: [CONTENT]". Generate response.
  7. 7Encrypt output: Encrypt response.txt with same GPG key.
  8. 8Physical return: USB returned to admin. Admin decrypts and reviews before sharing.
  9. 9Disposal: Securely wipe USB (DBAN or shred).

Encryption & Key Management

GPG (GNU Privacy Guard): Industry standard for data encryption at rest.

Key setup: Generate 4096-bit RSA key on air-gapped machine. Export public key to connected machine.

Storage: Private key on air-gapped machine only (never leave the machine, even on USB).

Password: Private key protected by strong passphrase (20+ characters, stored in password manager locked in safe).

Key rotation: Every 1–2 years, generate new key. Old key archived but not destroyed (may need to decrypt old data).

Output Handling & Hardcopy

After inference:

1. Digital output: Encrypted file on USB, returned to admin.

2. Hardcopy option: Print LLM response on airgapped printer (USB-connected only, no network).

3. Hardcopy security: Document classified (e.g., "CONFIDENTIAL" header/footer). Stored in locked cabinet.

4. Destruction: Shred hardcopy after 6 years (HIPAA) or per org policy. Digitally-signed destruction log.

5. Audit: Every document processed logged with timestamp, user, content hash (not plaintext).

Supply Chain Security (Hardware)

Purchase: Buy off-the-shelf PC (avoid pre-installed software, proprietary firmware).

BIOS hardening: Disable USB boot, Ethernet boot, wireless. Password-protect BIOS.

OS hardening: Minimal install (Linux, no GUI). Remove all network drivers.

Firmware updates: Apply latest OS patches before any classified work.

Physical inspection: Check for tamper seals on case. Verify no hidden devices (wiretaps, USB keysloggers).

Common Failures

  • Connecting air-gapped machine to internet "just once" for OS update. Once connected = compromised. Use manual patching (USB).
  • Reusing the same USB for multiple transfers without wiping. Old data may be recoverable.
  • Printing classified output and leaving hardcopy on desk. Hardcopy must be under physical control (locked drawer).

FAQ

Can I use air-gapped for everyday work or just sensitive docs?

Just sensitive. Air-gapped is slow (manual USB transfers). Use for high-security projects only.

What if the air-gapped server breaks?

Data is encrypted on USB. Use backup air-gapped machine (same setup). Private key allows decryption on any air-gapped system.

Can I connect peripherals (printer, monitor) to air-gapped machine?

Printer: yes (USB only, no network). Monitor: yes (passive). Keyboard/mouse: risky if wireless (can be intercepted). Use wired.

How do I test that the air-gapped machine is truly offline?

Physical inspection: no Ethernet cable, no WiFi antenna, BIOS firmware shows network disabled. Behavioral: `ping 8.8.8.8` = no response.

Is air-gapped overkill for HIPAA-compliant healthcare?

Not overkill for genetic data or psychiatric records. Overkill for routine patient intake. Use VPN + encryption for routine work.

How do I handle multi-file inference (10 documents)?

Batch mode: encrypt all 10 docs, transfer via USB, process one-by-one on air-gapped, encrypt results, return USB.

Sources

  • GnuPG official documentation: encryption and key management
  • NIST SP 800-111: Guidelines for Management of Information Security
  • Air-gapped system best practices: NSA/CISA Cybersecurity Technical Reference Architecture

使用PromptQuorum将您的本地LLM与25+个云模型同时进行比较。

免费试用PromptQuorum →

← 返回本地LLM

Secure Offline LLM Workflow: Air-Gapped Setup, Zero Network, Data Handling | PromptQuorum