Access Restrictions CIDR (IP Address) Rules

IP address access policy (CIDR Rules) for access to the Rescale platform can be configured. There are two scenarios:

  1. At the Organization level, Administrators can define CIDR (IP address) Rules to allow access to the Rescale Platform (e.g., login page, load web jobs list, user profiles, access via API or CLI functionality, etc). In other words, users would be allowed to use the platform only from connections that match the organization’s Access Restriction CIDR rule(s). Typically, an administrator would define a range of IP addresses to allow access to the platform. 
  2. At the user level, for running jobs, workstations, and storage devices (i.e., any active cluster). This gives the user the ability to limit job access from their specific IP address when using SSH or NiceDCV access to running clusters. For example, if they only connect from one or two locations (e.g., their work office or their home office), they can configure that preference. User changes to CIDR Access rules are propagated immediately to all running instances. 

Per Rescale security policy, the rule is blocklisted (not allowed); this includes ‘quad 0’ and derivatives. 

1. Organization Level: Platform Web UI Access Policy

At the organizational level, a platform administrator can define the CIDR rules to allow access to the Rescale platform. See this Admin article: How can an organization admin enable Rescale access from a new IP address?

2. User Level: Access Restrictions for Running (Active) Jobs (via SSH and Remote NiceDCV Sessions)

At the User Profile level: Any authenticated user can go to their User Profile > Job Settings (drop-down from upper right-hand corner in the platform UI) and modify their Access Restriction (CIDR) setting for SSH access to jobs and workstations. And also access to remote workstations via NiceDCV web and client connections. 

  • “My Current IP” would restrict SSH and DCV access only from the IP address of the active user connection. This is the most restrictive and secure option (as it only allows access from one place). 
  • If users need to connect to Rescale from multiple authorized locations (e.g., from the office and home office), users can define a Custom comma-separated IP range list:

    If undefined, the user may not be able to complete an SSH connection. In the case of a NiceDCV session, the user will be prompted to specify the CIDR rule preference. 

    User changes to CIDR Access rules are propagated immediately to all running instances. 

How to find your current IP Address for CIDR Rules

We recommend 2 ways to find your IP address:

  1. Select “My Current IP” which will tell you the current IP address of your computer
  2. Go to:

Entering a CIDR Rule

When entering a CIDR rule, you must use CIDR notation, which includes a slash after your IP address. You must use the lowest IP address in the subnetwork, which is typically /32.

CIDR notation (“/” followed by a number) defines the size of a network or subnet in IP addressing. The number after the slash represents the number of bits used for the network portion of the address, with the remaining bits used for host addresses within that network. Common CIDR notations and their implications:

  • /32: Single IP address (IPv4). In IPv6, typically used for an individual interface.
  • /24: 256 IP addresses (IPv4), a standard “Class C” size network.
  • /16: 65,536 IP addresses (IPv4), a “Class B” size network.
  • /8: 16,777,216 IP addresses (IPv4), a “Class A” size network.
  • /0: Represents the entire IPv4 or IPv6 address space.

Example of Finding an IP and Entering a CIDR Rule into the “Custom” field

Let’s say I have 3 networks I use to access local SSH. I can use the “My Current IP” to find the address at each of those locations and add a custom comma-separated CIDR rule:

  1. Home Office:
  2. Work:
  3. Rescale Workstation:

We can take all of these addresses and put them into a CIDR custom rule:,,

If you would like to automatically add CIDR rules upon job submission, contact your Rescale representative.