# Networking

{% hint style="info" %}
A DBNL Deployment does not connect back to a hosted external Distributional cloud service. It is designed for enterprise use on potentially sensitive log data that cannot leave the enterprise environment. For more information see [Data Security](https://docs.dbnl.com/v0.29.x/platform/data-security).
{% endhint %}

## Ingress

### Requirements

The DBNL platform needs to be hosted on a domain or subdomain (e.g. dbnl-example.com or dbnl.example.com). It cannot be hosted on a subpath.

### HTTPS/SSL

It is recommended that the DBNL platform be served over HTTPS. Support for SSL termination at the load balancer is included.

## Egress

### Requirements

Currently, the dbnl platform cannot run in an air-gapped environment and requires a few URLs to be accessible via egress.

**Artifacts Registry**

Required to fetch the DBNL platform artifacts such as the Helm chart and Docker images for installation and upgrades.

* `https://us-docker.pkg.dev/dbnlai/`

**An Internal Object Store**

Required for services to access an object store, this data does not leave your environment.

* `https://{BUCKET}.s3.amazonaws.com/​` (if using S3)
* `https://storage.googleapis.com/{BUCKET}` (if using GCS)

**OIDC**

Required to validate OIDC tokens, if using a 3rd party OIDC provider.

* `https://login.microsoftonline.com/{APP_ID}/v2.0/` (if using Microsoft EntraID)
* `https://{ACCOUNT}.okta.com/` (if using Okta)

**(Optional) Integrations**

Required to use some integrations.

* `https://events.pagerduty.com/v2/enqueue`​ (if using PagerDuty)
* `https://hooks.slack.com/services/` (if using Slack)