Connectivity Requirements

The following article outlines what is required for connectivity to the LOD Hosted Labs environment.

To launch and use a lab, the following requirements must be met:

  1. Use a supported operating system:
    1. Windows 7 or later
    2. Ubuntu 14.04 or later (or comparable distribution)
    3. macOS 10.12 or later
  2. Have a supported browser. IE, Edge, Chrome, Firefox, Safari.
    1. The latest version is preferred, but full support details can be found below
    2. Chromium-based browsers such as Opera or Vivaldi can connect, but default hotkeys they set may interfere with lab inputs
  3. Be connected to a network that allows at least one of the following:
    1. Secure Web sockets on HTTPS port 443 and 43443
    2. RDP over port 21xxx or 443 (Enhanced control)
    3. For more information see Browser/Controller Support below
  4. Have administrative rights on the local machine if installing the Enhanced control (Hyper-V w/RDP only).

Bandwidth Requirements

In addition to the software requirements above we recommend the following:

  1. Minimum 200kbps consistent bandwidth with 1mbps burst per student
    1. Machine controller bandwidth consumption is based on the rate of onscreen content changes, some scenarios (i.e. web browsing inside the lab) may require more
    2. For optimal experience, we recommend at least 1mbps per student
  2. When utilizing the instructions interface, bandwidth needs may increase based on what features are utilized, examples include:
    1. Embedded audio
    2. Embedded video
    3. Large numbers of embedded images
    4. Bandwidth usage is highly dependent on the media being used. An embedded MP3 may fit into 1mbps burst capacity, while a 1080P video can require up to 10mbps for its duration
  3. When using Cloud Slice labs where the target environment is a website additional bandwidth may be required
    1. For the Azure and AWS management portals, we recommend at least 512kbps per student

Firewall Exception Rule Information

For those that need to create a firewall exception rule to allow connectivity to the Lab on Demand servers (this isn’t common), the following information can be used to create a limited destination rule to only allow the above protocols and ports from your network to the Lab on Demand cloud.

  • Domain Names:
    • *
    • *
    • *
    • *
    • *
    • *
  • IP Range:
    •, –

The Lab on Demand system is a cloud platform that automatically provisions and connects the learner with private sandboxed resources. There is no way to predict which IP address in the cloud the learner will connect to for the provisioning of their virtual machines. Therefore, we provide a range of IP addresses and only a second-level domain name.

For Hyper-V and Hyper-V w/RDP only labs, the domains, and IP addresses in the table below may also be required as firewall exceptions. We strongly encourage using names, and not IP addresses, for firewall and proxy configuration if possible, as the IP addresses may change without warning (and without documentation update). This allows access even in-network failover and future geographic targeting scenarios.

If specific IP addresses are required, use the following table as a guide for IP addresses:

DNS name IP Address 1 IP Address 2

Launch the Lab Orientation & Connectivity Check

Click the following link to launch a test lab: Launch the Lab Orientation & Connectivity Check. This will allow you to see if you are able to connect and function within the lab environment.

Speed Test

If you are experiencing frequent disconnects or lag when controlling your machines, you may run a speed test. This page allows you to run a connection assessment test. A connection assessment test is a very deep and thorough test that measures throughput speed, capacity, and packet quality to assess the user experience of a connection to their respective data center. This includes efficiency, data loss, recovery, duplication of data, retransmissions, and even corruption.

When Connections Traverse a Proxy

When connecting to a lab instance via a proxy, certain configuration requirements must be met for each remote controller. For more information, please review the Proxy Requirements article.

When Using Windows Server Operating Systems

When connecting to Learn on Demand Systems Training Management Systems (TMS) portals with a computer having Windows Server operating systems on it, you may experience difficulty in connecting to the sign-in page or clicking on some buttons. Steps to remediate can be found here.

In-Lab Software Whitelisting Information for Lab Developers

Software that communicates with remote servers outside of the lab environment may need addresses whitelisted with the vendor to work. The below address ranges are used by NAT internet access labs.

  • IP addresses/scopes:
  • IP Ranges: –,,, –

The below ranges are used by Public IP internet access labs. – – – –, –

Browser Support

The majority of VM or container-based labs can be accessed via HTML5 WebSocket controllers. vSphere, Hyper-V, and Docker1 labs all utilize this technology. Some labs may require an alternate Enhanced controller available only for Internet Explorer which requires the installation of a plugin.

1 Docker labs that expose an external service port do so over ports 41952-65534. Connection requirements are dependent on the exposed service.

Custom Integrations and iFrames:

If a lab uses an iframe integration, 3rd party cookies must not be blocked by the web browser used to access the lab. If 3rd party cookies are blocked, an Access Denied message will be displayed when launching the lab. Most web browsers do not block 3rd party cookies by default. If your browser is blocking 3rd party cookies, please check with the browser’s vendor to learn more about how third-party cookies may be blocked.

Labs that do not explicitly require the Enhanced controller:

All connections utilize secure WebSockets connections over port 443. No plugin installation is required.

Browser Version
Chrome 16+
Firefox 11+
Internet Explorer 10+1
Microsoft Edge 1+

1 Microsoft has announced IE 10 will be End of Life on January 31, 2020

Labs that require the Enhanced controller:

Virtual Machine Control Browser Version Protocol Ports
Enhanced Internet Explorer 8+1 VMRDP 21xxx or 443 2

1 IE 8 and 9 are End of Life and are listed here for legacy purposes

2 The 21xxx value depends on which host server in the cloud the lab is running on. If the connection on port 21xxx fails, the Enhanced client will roll over and attempt the connection on port 443.


Both Flash and Silverlight legacy controllers will be or have been, removed on November 6th, 2020.