Opening up ports
This information is out-of-date. Please note that we're creating a new knowledge base on support.mydre.org. This Help MyDRE website will be decommisioned in the next weeks.
Feature details
Feature available to:
Owner, Accountable, Privileged Member
In Shared Tenant for all accounts, currently restricted to @radboudumc.nl accounts
Core Support Team can assist for non @radboudumc.nl accounts
Short description:
The ability to self-service open/close ports OUTBOUND only for a specific VM in a Workspace
Static ip-address:port (e.g. 12.345.67.89:111)
Typical use cases:
Connecting to an external license server with static ip-address
Connecting to an external (data) repository with static ip-address
Connection to websites with static ip-address
Implications
Reduced auditability: data can be ingressed and egressed from a VM to external bypassing the standard audited Azure DRE workflows
Reduced security: it is possible that (accidental) installed services by a Workspace member pose a risk
Risk reducing measurements
Outbound only: VM must initiate the connection to the outside, external services cannot initiate connection to the inside of a VM
Advised risk reducing measurements
Inform and train all members of the Workspace
Be mindful when to use the self-service open ports feature
Close ports that are not needed, they can be reopened when you need it
Install a virusscanner/firewall
Instructions
Go to you workspace and find the tab: External Access
Select a VM
Create a new rule
Click the + button on the top left to create a new rule
Fill in the details and press Submit
Tip: within a workspace, all port rule names must be unique. If you need the same rule for multiple VMs, you can for example add the VM number to the port rule name (i.e., AnacondaRepo1, AnacondaRepo2, etc.)
Turn on a rule
Enable the rule by ticking the box next to the rule
Review Warning, accept the terms by ticking the box and press Submit
Turn off a rule
Untick the box
Castor Settings
Rule IP Port Reason
Castor443 87.233.198.102 443 Accessing Castor from within Workspace
Castor80 87.233.198.102 80 Accessing Castor from within Workspace
Within the VM, open the Chrome browser and go to: https://data.castoredc.com
Be aware that:
Castor might be a bit slow to load, this speeds up once signed in
Sign up must be done outside the Workspace
When exporting data as .csv file from Castor, it automatically saves the file on the C: drive. Transfer the file to the data drive to be sure that it is included in the daily snapshot of the data! Or: Change default download location