Domains to be whitelisted/allowlisted

version: 2022-11-01

updated: 2023-23-03

Introduction

This is a community effort, if you experience issues, see mistakes/updates, or have other applications that you do know what to allowlist, please send a ticket to your Support Team.
Together we can make it easier for all.

Attention 1:

Some applications require additional proxy configurations (see below).

Understand that domain allowlisting can allow egress of data that is not audited/logged by mDRE.

1. Inform your members what they can and cannot do.
   

For updates / upgrades OS

For CentOS VMs deployed before 2022-11-01 you'll need to manually configure the proxy configuration: Manual proxy configurations (mydre.org).

1. Windows
   
1. Nothing needed
2. CentOS
   
1. packages.microsoft.com
   
2. epel.mirror.wearetriple.com
3. ftp.nluug.nl
4. mirror.proserve.nl
5. centos.mirror.triple-it.nl
6. mirrors.fedoraproject.org
3. Ubuntu
   
1. azure.archive.ubuntu.com
   
2. packages.microsoft.com
   

Known applications

Anaconda / Miniconda

In addition: Proxy configurations Anaconda / Miniconda

1. conda.io
2. anaconda.org
3. anaconda.com
   

CBS OpenData

1. opendata.cbs.nl
   

Github

In addition: Connecting to GitHub

1. githubassets.com
2. github.com
3. githubusercontent.com
4. git-scm.com
   

GenomeStudio 2.0

No domain allow needed, but a modification of hosts to speed up the startup time. GenomeStudio doesn't need internet access, but will try to dial home and waits for time out to continue.

1. Open file explorer, go to: c:\windows\system32\drivers\etc
   
2. Open hosts with Notepad++
   
3. Add:
   127.0.0.1    www.illumina.com
4. Save

Health RI Opal server

• opal.health-ri.nl
  

Matlab

If your tenant does not offer a Matlab license via a license server (check with your local ST member), allowlist:

1. mathworks.com

Microsoft

1. General
   
1. microsoftonline.com
2. msauth.net
3. msauthimages.net

1. Office: activation with product key. 
   
1. From what we've gathered, it looks like the domains only need to be allowed during the activation of Office and potentially during reactivation. Therefore, after installing and activating Office, you can request to close the domains. This will be updated once we know more.
   
1. microsoftonline.com
   
2. office.com
   
3. msauthimages.net
   
4. msauth.net
   
5. live.com
   
6. cdn.office.net
   
7. microsoft.com
   

1. Sharepoint
   
1. sharepoint.com
   You might want to restrict it to a specific subdomain e.g.   <your organization>.sharepoint.com
   

Notepad++

1. notepad-plus-plus.org

NVIDIA GPU

1. microsoft.com
   
2. developer.download.nvidia.com
   

Nvivo

1. From what we've gathered, it looks like the domains only need to be allowed during the activation of Nvivo and potentially during reactivation. Therefore, after installing and activating Nvivo, you can request to close the domains. This will be updated once we know more.
1. mynvivo.com
   
2. qsrinternational.com
   
3. auth0.com
2. For additional NVivo functionality, the following domain may also be necessary:
1. *.subscription-suite.io

MAXQDA

1. maxqda.com
2. verbi.de
3. google.com
   

OpenAI (playground)

Please read carefuls: Terms of use (openai.com)

You'll be needing a key: https://platform.openai.com/docs/quickstart/build-your-application

1. openai.com
2. googleapis.com
3. google.com

PyPi

In addition: Proxy configurations Anaconda / miniConda

1. pypi.org
2. pythonhosted.org
   
3. python.org

Python

In addition: Proxy configurations Anaconda / miniConda

If you use just Python, set the following proxies via command line (as admin):
       set http_proxy="http://proxy.mydre.org:3128"
       set https_proxy="http://proxy.mydre.org:3128"

1. python.org
   

R / RStudio

In addition: Proxy configurations RStudio

1. r-project.org
   
2. posit.co
3. posit.co (new domain name for rstudio.com)
4. posit.co (new domain name for rstudio.org)
5. bioconductor.org
6. tu-dortmund.de
7. ac.at
   
8. rstudio.com (while installing packages redirects you to old domain)
9. rstudio.org (while installing packages redirects you to old domain)
   

Shiny

See the article: Shiny Server in a myDRE Workspace

2. r-project.org
3. rstudio.com
4. rstudio.org
5. ac.at
6. posit.co
7. azure.archive.ubuntu.com
8. packages.microsoft.com

Snapstore

1. snapcraft.io

1. snapcraftcontent.com

Support.mydre.org

1. support.mydre.org
2. zoho.eu
3. zoho.com
4. zohocdn.com
5. zohostatic.eu
   
6. zohopublic.eu

SURF Research Drive

(possibly you need to whitelist your Tenants domain as well)

1. <your organization>.data.surfsara.nl
2. <your organization>
3. surfconext.nl
4. surfsecureid.nl
5. surfconext.nl
   

Tensorflow

1. tensorflow.org
   
2. storage.googleapis.com

ZorgTTP

Proxy configuration: https://www.zorgttp.nl/pvm/nivel/handleiding_installatie_en_gebruik_pvm_nivel_5.1.pdf (see page 11)
host: proxy.mydre.org, port 3128, leave other fields empty

1. zorgttp.nl
   
2. ocsp.quovadisglobal.com
   
3. ocsp.digicert.com

• Related Articles

• Proxy configurations for connecting to a server or blob

  Version: 2022-11-02 Update: 2022-11-14 Introduction Domain allowlisting is a feature that is now available on myDRE. As the name implies, domains on the allowlist can be accessed from within the Workspace (you can request specific domain on the ...

• External access in your workspace

  Introduction By default myDRE workspaces do not have connection to the internet. This ensures that data within the workspace is secure and auditable - we know what comes in, and what goes out. However, sometimes you do need a connection to a web ...

• Connecting to GitHub

  1. Whitelisting GitHub domains Submit a ticket requesting the following domains to be whitelisted for a workspace . github.com . githubassets.com . git-scm.com .githubusercontent.com Windows VM Check that proxy settings are correct by navigating ...

• andrea-Ubuntu20

  This is an Linux Ubuntu 20 base image provided by anDREa.  This image is especially intended for being used in combination with a GPU virtual machine. Please read more about suitable virtual machine types here or ask your local support team member ...

• R/RStudio installation using domain allowlisting

  Introduction For general domain allowlisting setup, please read more here. Certain software might need manual proxy configurations to be set in the software settings, before the software is able to reach domains through a proxy. In this article we ...