Control Computer Firewall
The firewall protects the control computer by filtering incoming traffic to remove potential threats. The firewall is enabled by default to block all inbound connections. Keep the firewall enabled and allow outbound connections.
Endpoints depend on your region and instrument type and are categorized as required, recommended, or optional. You cannot connect to Illumina cloud platforms without the required endpoints. If you block recommended endpoints, delays when logging in or increased upload times can occur. Optional endpoints allow access to support materials from Illumina.
To get access to Illumina cloud-based offerings from the Universal Copy Service, do as follows.
1. | Identify the endpoints for your region and instance that are required to connect to BaseSpace Sequence Hub and Illumina Proactive. |
The following table shows the applicable endpoints for each instance in the Asia Pacific (Sydney) region.
Instance |
Endpoint |
---|---|
Basic and Professional |
api.aps2.sh.basespace.illumina.com aps2.platform.illumina.com aps2.sh.basespace.illumina.com aps2-sh-prd-seq-hub-data-bucket.s3.amazonaws.com aps2-sh-prd-seq-hub-data-bucket.s3.ap-southeast-2.amazonaws.com basespace.illumina.com stratus-gds-aps2.s3.amazonaws.com stratus-gds-aps2.s3.ap-southeast-2.amazonaws.com instruments.sh.basespace.illumina.com |
Enterprise |
<domain>api.aps2.sh.basespace.illumina.com aps2.platform.illumina.com <domain>aps2.sh.basespace.illumina.com aps2-sh-prd-seq-hub-data-bucket.s3.amazonaws.com aps2-sh-prd-seq-hub-data-bucket.s3.ap-southeast-2.amazonaws.com basespace.illumina.com stratus-gds-aps2.s3.amazonaws.com stratus-gds-aps2.s3.ap-southeast-2.amazonaws.com instruments.sh.basespace.illumina.com instruments.sh.basespace.illumina.com |
The following table shows the applicable endpoints for each instance in the Canada (Central) region.
Instance |
Endpoint |
---|---|
Basic and Professional |
api.cac1.sh.basespace.illumina.com cac1.platform.illumina.com cac1.sh.basespace.illumina.com cac1-sh-prd-seq-hub-data-bucket.s3.amazonaws.com cac1-sh-prd-seq-hub-data-bucket.s3.ca-central-1.amazonaws.com stratus-gds-cac1.s3.amazonaws.com stratus-gds-cac1.s3.ca-central-1.amazonaws.com instruments.sh.basespace.illumina.com |
Enterprise |
<domain>.api.cac1.sh.basespace.illumina.com cac1.platform.illumina.com <domain>.cac1.sh.basespace.illumina.com cac1-sh-prd-seq-hub-data-bucket.s3.amazonaws.com cac1-sh-prd-seq-hub-data-bucket.s3.ca-central-1.amazonaws.com stratus-gds-cac1.s3.amazonaws.com stratus-gds-cac1.s3.ca-central-1.amazonaws.com instruments.sh.basespace.illumina.com |
The following table shows the applicable endpoints for each instance in the Europe (Frankfurt) region.
Instance |
Endpoint |
---|---|
Basic and Professional |
api.euc1.sh.basespace.illumina.com euc1.platform.illumina.com euc1.sh.basespace.illumina.com euc1-prd-seq-hub-data-bucket.s3.amazonaws.com euc1-prd-seq-hub-data-bucket.s3.eu-central-1.amazonaws.com stratus-gds-euc1.s3.amazonaws.com stratus-gds-euc1.s3.eu-central-1.amazonaws.com instruments.sh.basespace.illumina.com |
Enterprise |
<domain>.api.euc1.sh.basespace.illumina.com euc1.platform.illumina.com <domain>.euc1.sh.basespace.illumina.com euc1-prd-seq-hub-data-bucket.s3.amazonaws.com euc1-prd-seq-hub-data-bucket.s3.eu-central-1.amazonaws.com stratus-gds-euc1.s3.amazonaws.com stratus-gds-euc1.s3.eu-central-1.amazonaws.com instruments.sh.basespace.illumina.com |
The following table shows the applicable endpoints for each instance in the Europe (London) region.
Instance |
Address |
---|---|
Basic and Professional |
api.euw2.sh.basespace.illumina.com eu-sh-euw2-prod-seq-hub-data-bucket.s3.amazonaws.com eu-sh-euw2-prod-seq-hub-data-bucket.s3.eu-west-2.amazonaws.com euw2.platform.illumina.com euw2.sh.basespace.illumina.com stratus-gds-euw2.s3.amazonaws.com stratus-gds-euw2.s3.eu-west-2.amazonaws.com instruments.sh.basespace.illumina.com |
Enterprise |
<domain>.api.euw2.sh.basespace.illumina.com eu-sh-euw2-prod-seq-hub-data-bucket.s3.amazonaws.com eu-sh-euw2-prod-seq-hub-data-bucket.s3.eu-west-2.amazonaws.com euw2.platform.illumina.com <domain>.euw2.sh.basespace.illumina.com stratus-gds-euw2.s3.amazonaws.com stratus-gds-euw2.s3.eu-west-2.amazonaws.com instruments.sh.basespace.illumina.com |
The following table shows the applicable endpoints for each instance in the Japan (Tokyo) region.
Instance |
Endpoint |
---|---|
Basic and Professional |
api.apn1.sh.basespace.illumina.com apn1.platform.illumina.com apn1.sh.basespace.illumina.com apn1-sh-hub-data-bucket.s3.amazonaws.com apn1-sh-hub-data-bucket.s3.ap-northeast-1.amazonaws.com apn1-sh-prd-seq-hub-data-bucket.s3.amazonaws.com apn1-sh-prd-seq-hub-data-bucket.s3.ap-northeast-1.amazonaws.com stratus-gds-apn1.s3.amazonaws.com stratus-gds-apn1.s3.ap-northeast-1.amazonaws.com instruments.sh.basespace.illumina.com |
Enterprise |
<domain>.api.apn.1.sh.basespace.illumina.com apn1.platform.illumina.com <domain>.apn1.sh.basespace.illumina.com apn1-sh-hub-data-bucket.s3.amazonaws.com apn1-sh-hub-data-bucket.s3.ap-northeast-1.amazonaws.com apn1-sh-prd-seq-hub-data-bucket.s3.amazonaws.com apn1-sh-prd-seq-hub-data-bucket.s3.ap-northeast-1.amazonaws.com stratus-gds-apn1.s3.amazonaws.com stratus-gds-apn1.s3.ap-northeast-1.amazonaws.com instruments.sh.basespace.illumina.com |
The following table shows the applicable endpoints for each instance in the US East (N. Virginia) region.
Instance |
Endpoint |
---|---|
Basic and Professional |
api.basespace.illumina.com basespace-data-east.s3.amazonaws.com basespace-data-east.s3.us-east-1.amazonaws.com basespace-data-east.s3-external-1.amazonaws.com ica.illumina.com instruments.sh.basespace.illumina.com login.illumina.com platform.login.illumina.com stratus-gds-use1.s3.amazonaws.com stratus-gds-use1.s3.us-east-1.amazonaws.com use1.platform.illumina.com |
Enterprise |
<domain>.api.basespace.illumina.com basespace-data-east.s3.amazonaws.com basespace-data-east.s3.us-east-1.amazonaws.com basespace-data-east.s3-external-1.amazonaws.com <domain>.basespace.illumina.com instruments.sh.basespace.illumina.com login.illumina.com platform.login.illumina.com stratus-gds-use1.s3.amazonaws.com stratus-gds-use1.s3.us-east-1.amazonaws.com use1.platform.illumina.com |
2. | Identify the endpoints for your instrument. |
Each instrument includes specific endpoints that are categorized as either required, recommended, or optional. These endpoints are used for the following purposes:
• | Authorizing certificates |
• | Displaying fonts |
• | Telemetry |
• | Accessing Illumina support material |
• | Sending IDAT files or data to ICA |
The following table shows the applicable endpoints for the iScan.
Endpoint |
Category |
Purpose |
---|---|---|
ica.illumina.com |
Required |
Send IDAT files to ICA |
o.ss2.us |
Required |
Certificate authorization |
ocsp.digicert.com |
Required |
Certificate authorization |
ocsp.pki.goog/gsr2 |
Required |
Certificate authorization |
ocsp.rootca1.amazontrust.com |
Required |
Certificate authorization |
ocsp.rootg2.amazontrust.com |
Required |
Certificate authorization |
ocsp.sca1b.amazontrust.com |
Required |
Certificate authorization |
fonts.gstatic.com |
Required |
Display fonts |
fonts.googleapis.com |
Recommended |
Display fonts |
cdn.walkme.com |
Recommended |
Telemetry |
cdn3.userzoom.com |
Recommended |
Telemetry |
dpm.demdex.net |
Recommended |
Telemetry |
illuminainc.demdex.net |
Recommended |
Telemetry |
illuminainc.tt.omtrdc.net |
Recommended |
Telemetry |
smetrics.illumina.com |
Recommended |
Telemetry |
google.com |
Recommended |
Telemetry |
google-analytics.com |
Recommended |
Telemetry |
stats.g.doubleclick.net |
Recommended |
Telemetry |
illumina.com |
Optional |
Access Illumina support material |
The following table shows the applicable endpoints for the iSeq.
Endpoint |
Category |
Purpose |
---|---|---|
o.ss2.us |
Required |
Certificate authorization |
ocsp.digicert.com |
Required |
Certificate authorization |
ocsp.pki.goog/gsr2 |
Required |
Certificate authorization |
ocsp.rootca1.amazontrust.com |
Required |
Certificate authorization |
ocsp.rootg2.amazontrust.com |
Required |
Certificate authorization |
ocsp.sca1b.amazontrust.com |
Required |
Certificate authorization |
fonts.gstatic.com |
Required |
Display fonts |
fonts.googleapis.com |
Recommended |
Display fonts |
cdn.walkme.com |
Recommended |
Telemetry |
cdn3.userzoom.com |
Recommended |
Telemetry |
dpm.demdex.net |
Recommended |
Telemetry |
illuminainc.demdex.net |
Recommended |
Telemetry |
illuminainc.tt.omtrdc.net |
Recommended |
Telemetry |
smetrics.illumina.com |
Recommended |
Telemetry |
google.com |
Recommended |
Telemetry |
google-analytics.com |
Recommended |
Telemetry |
stats.g.doubleclick.net |
Recommended |
Telemetry |
illumina.com |
Optional |
Access Illumina support material |
The following table shows the applicable endpoints for the MiniSeq.
Endpoint |
Category |
Purpose |
---|---|---|
o.ss2.us |
Required |
Certificate authorization |
ocsp.digicert.com |
Required |
Certificate authorization |
ocsp.pki.goog/gsr2 |
Required |
Certificate authorization |
ocsp.rootca1.amazontrust.com |
Required |
Certificate authorization |
ocsp.rootg2.amazontrust.com |
Required |
Certificate authorization |
ocsp.sca1b.amazontrust.com |
Required |
Certificate authorization |
fonts.gstatic.com |
Required |
Display fonts |
fonts.googleapis.com |
Recommended |
Display fonts |
cdn.walkme.com |
Recommended |
Telemetry |
cdn3.userzoom.com |
Recommended |
Telemetry |
dpm.demdex.net |
Recommended |
Telemetry |
illuminainc.demdex.net |
Recommended |
Telemetry |
illuminainc.tt.omtrdc.net |
Recommended |
Telemetry |
smetrics.illumina.com |
Recommended |
Telemetry |
google.com |
Recommended |
Telemetry |
google-analytics.com |
Recommended |
Telemetry |
stats.g.doubleclick.net |
Recommended |
Telemetry |
illumina.com |
Optional |
Access Illumina support material |
The following table shows the applicable endpoints for the MiSeq and MiSeqDx.
Endpoint |
Category |
Purpose |
---|---|---|
o.ss2.us |
Required |
Certificate authorization |
ocsp.digicert.com |
Required |
Certificate authorization |
ocsp.pki.goog/gsr2 |
Required |
Certificate authorization |
ocsp.rootca1.amazontrust.com |
Required |
Certificate authorization |
ocsp.rootg2.amazontrust.com |
Required |
Certificate authorization |
ocsp.sca1b.amazontrust.com |
Required |
Certificate authorization |
fonts.gstatic.com |
Required |
Display fonts |
fonts.googleapis.com |
Recommended |
Display fonts |
cdn.walkme.com |
Recommended |
Telemetry |
cdn3.userzoom.com |
Recommended |
Telemetry |
dpm.demdex.net |
Recommended |
Telemetry |
illuminainc.demdex.net |
Recommended |
Telemetry |
illuminainc.tt.omtrdc.net |
Recommended |
Telemetry |
smetrics.illumina.com |
Recommended |
Telemetry |
google.com |
Recommended |
Telemetry |
google-analytics.com |
Recommended |
Telemetry |
stats.g.doubleclick.net |
Recommended |
Telemetry |
illumina.com |
Optional |
Access Illumina support material |
The following table shows the applicable endpoints for the NextSeq 550 and NextSeq 550Dx.
Endpoint |
Category |
Purpose |
---|---|---|
o.ss2.us |
Required |
Certificate authorization |
ocsp.digicert.com |
Required |
Certificate authorization |
ocsp.pki.goog/gsr2 |
Required |
Certificate authorization |
ocsp.rootca1.amazontrust.com |
Required |
Certificate authorization |
ocsp.rootg2.amazontrust.com |
Required |
Certificate authorization |
ocsp.sca1b.amazontrust.com |
Required |
Certificate authorization |
fonts.gstatic.com |
Required |
Display fonts |
fonts.googleapis.com |
Recommended |
Display fonts |
cdn.walkme.com |
Recommended |
Telemetry |
cdn3.userzoom.com |
Recommended |
Telemetry |
dpm.demdex.net |
Recommended |
Telemetry |
illuminainc.demdex.net |
Recommended |
Telemetry |
illuminainc.tt.omtrdc.net |
Recommended |
Telemetry |
smetrics.illumina.com |
Recommended |
Telemetry |
google.com |
Recommended |
Telemetry |
google-analytics.com |
Recommended |
Telemetry |
stats.g.doubleclick.net |
Recommended |
Telemetry |
illumina.com |
Optional |
Access Illumina support material |
The following table shows the applicable endpoints for the NextSeq 1000/2000.
Endpoint |
Category |
Purpose |
---|---|---|
o.ss2.us |
Required |
Certificate authorization |
cm.everesttech.net |
Recommended |
Telemetry |
smetrics.illumina.com |
Recommended |
Telemetry |
illuminainc.demdex.net |
Recommended |
Telemetry |
dpm.demdex.net |
Recommended |
Telemetry |
illuminainc.demdex.net |
Recommended |
Telemetry |
The NovaSeq X Series instrument uses ica.illumina.com to send data to ICA. This endpoint is required.
The following table shows the applicable endpoints for the NovaSeq 6000.
Endpoint |
Category |
Purpose |
---|---|---|
o.ss2.us |
Required |
Certificate authorization |
ocsp.digicert.com |
Required |
Certificate authorization |
ocsp.pki.goog/gsr2 |
Required |
Certificate authorization |
ocsp.rootca1.amazontrust.com |
Required |
Certificate authorization |
ocsp.rootg2.amazontrust.com |
Required |
Certificate authorization |
ocsp.sca1b.amazontrust.com |
Required |
Certificate authorization |
fonts.gstatic.com |
Required |
Display fonts |
fonts.googleapis.com |
Recommended |
Display fonts |
cdn.walkme.com |
Recommended |
Telemetry |
cdn3.userzoom.com |
Recommended |
Telemetry |
dpm.demdex.net |
Recommended |
Telemetry |
illuminainc.demdex.net |
Recommended |
Telemetry |
illuminainc.tt.omtrdc.net |
Recommended |
Telemetry |
smetrics.illumina.com |
Recommended |
Telemetry |
google.com |
Recommended |
Telemetry |
google-analytics.com |
Recommended |
Telemetry |
stats.g.doubleclick.net |
Recommended |
Telemetry |
illumina.com |
Optional |
Access Illumina support material |
3. | Combine the regional cloud platform and instrument specific endpoints into the allow list for your firewall. |