Opening up ports

This information is out-of-date. Please note that we're creating a new knowledge base on support.mydre.org. This Help MyDRE website will be decommisioned in the next weeks.

Feature details

Feature available to:

Short description:

  • The ability to self-service open/close ports OUTBOUND only for a specific VM in a Workspace

  • Static ip-address:port (e.g. 12.345.67.89:111)

Typical use cases:

  • Connecting to an external license server with static ip-address

  • Connecting to an external (data) repository with static ip-address

  • Connection to websites with static ip-address

Implications

  • Reduced auditability: data can be ingressed and egressed from a VM to external bypassing the standard audited Azure DRE workflows

  • Reduced security: it is possible that (accidental) installed services by a Workspace member pose a risk

Risk reducing measurements

  • Outbound only: VM must initiate the connection to the outside, external services cannot initiate connection to the inside of a VM

Advised risk reducing measurements

  • Inform and train all members of the Workspace

  • Be mindful when to use the self-service open ports feature

  • Close ports that are not needed, they can be reopened when you need it

  • Install a virusscanner/firewall

Instructions

  • Go to you workspace and find the tab: External Access

  • Select a VM

Create a new rule

  • Click the + button on the top left to create a new rule

  • Fill in the details and press Submit

Tip: within a workspace, all port rule names must be unique. If you need the same rule for multiple VMs, you can for example add the VM number to the port rule name (i.e., AnacondaRepo1, AnacondaRepo2, etc.)

Turn on a rule

  • Enable the rule by ticking the box next to the rule

  • Review Warning, accept the terms by ticking the box and press Submit

Turn off a rule

  • Untick the box

Castor Settings

Rule IP Port Reason
Castor443 87.233.198.102 443 Accessing Castor from within Workspace
Castor80 87.233.198.102 80 Accessing Castor from within Workspace

Within the VM, open the Chrome browser and go to: https://data.castoredc.com

Be aware that:

  • Castor might be a bit slow to load, this speeds up once signed in

  • Sign up must be done outside the Workspace

  • When exporting data as .csv file from Castor, it automatically saves the file on the C: drive. Transfer the file to the data drive to be sure that it is included in the daily snapshot of the data! Or: Change default download location

Requesting to TURN ON/OFF RULES for Owners not having @radboudumc.nl address