Introduction
Organizations using HP Insights Windows Application (also referred to as Windows Agent) for HP Workforce Experience Platform (WXP) must ensure proper proxy and firewall configurations to ensure secure and uninterrupted communication between devices and cloud services. These configurations enable critical platform functions, such as device enrollment, software updates, telemetry data transmission, and web portal access.
This article provides guidance on configuring network settings to support integration for iOS, macOS, Android, and Windows devices. It outlines specific domain and port requirements for AMS and EU data centers and highlights necessary adjustments for various platform components. Key configuration areas include:
HP Workforce Experience Platform and HP Insights Agent
SSL inspection software between client and server
IP addresses
Web Portal
Users must configure the proxy or firewall to work with the platform for iOS, macOS, Android, and Windows devices. Firewall changes depend on the type of plans and products purchased.
Target Audience
Primary audience:
IT administrators and support personnel who set up and manage the platform (All roles).
HP Partners who use the platform to manage their customers.
Internal and external developers who integrate with the platform.
Secondary audience: Decision-makers, such as Product Managers, Sales team, and C-suite executives.
HP Workforce Experience Platform and HP Insights Agent
The domains listed apply to:
HP Insights Windows Application version 3.19.357 and above
HP Insights Analytics version 4.1.4.2960 and above
HP may update the domain list at any time. When changes occur, firewall settings must be adjusted. Consider using a wildcard with the fully qualified domain names listed. For example: https://workforceexperience.hp.com
AMS datacenter
Domain | Ports | Description |
HTTPS/443 | HP Insights Agent endpoint to enroll devices to the entitled company | |
HTTPS/443 | Client software distribution endpoint | |
HTTPS/443 | Client software distribution endpoint | |
HTTPS/443 | HP Insights Analytics endpoint to upload telemetry data securely to the HP Cloud | |
HTTPS/443 | HP Insights Agent endpoint to do discovery of device subscriptions and device region | |
HTTPS/443 | Device gateway for any communication between the platform and HP Insights Agent | |
Optional | ||
HTTPS/443 | Endpoint provides geolocation service to HP Insights agent | |
HTTPS/443 | HP Insights Agent utilizes an endpoint for uploading BSOD information | |
HTTPS/443 | Softpaq downloads from HP | |
HTTPS/443 | HP data files for Policy data | |
HTTPS/443 | Windows Update downloads for BIOS Update Policies. | |
EU datacenter
Domain | Ports | Description |
HTTPS/443 | HP Insights Agent communicates to this endpoint for devices in the EU region to discover and enroll to the entitled company. HP Insights Agent prohibits TLS/SSL inspection by any intermediate software/ application or proxy server. | |
HTTPS/443 | Client software distribution endpoint | |
HTTPS/443 | Client software distribution endpoint | |
HTTPS/443 | HP Insights Analytics endpoint to upload telemetry data securely to the HP Cloud | |
HTTPS/443 | HP Insights Agent communicates to this endpoint for devices to discover device subscriptions and device region | |
HTTPS/443 | Device gateway for any communication between the platform and HP Insights Agent | |
Optional | ||
HTTPS/443 | Endpoint provides geolocation service to HP Insights agent | |
HTTPS/443 | HP Insights Agent Utilizes an endpoint for uploading BSOD information | |
HTTPS/443 | Softpaq downloads from HP | |
HTTPS/443 | HP data files for Policy data | |
HTTPS/443 | Windows Update downloads for BIOS Update Policies. | |
HP Insights Agent prohibits TLS/SSL inspection by intermediate software applications or proxy servers.
SSL inspection software between client and serve
SSL Inspection tool is used to manage the endpoints. When inspecting SSL traffic with software, users must whitelist the following endpoints to ensure uninterrupted data flow. According to Microsoft's guidance, network devices and services that perform traffic interception, SSL decryption, deep packet inspection, and content filtering should bypass Optimize endpoints to prevent disruptions. This recommendation specifically applies to the following domains
This could apply to both fleet-level and device-level settings.
IP addresses
The platform is a cloud-based, Software-as-a-Service application. It uses load balancers to manage incoming traffic to the communication endpoints and can scale up or down based on need. Except for api.skyhookwireless.com, all the URLs are hosted in the cloud with Amazon Web Services (AWS). Communication endpoints are domain-based (For example, hpdaas.com, downloads.hpanalytics.com, etc.) and rely on DNS lookups to route to the correct IP. IP addresses therefore are dynamic, not static. HP does not supply IP addresses for customers to use in whitelists.
Web Portal
When having trouble accessing the web portal, configure the proxy or firewall to allow communication for domains through the following ports:
AMS datacenter
Domain | Ports | Description |
614310738423-usprodms-asset-export.s3.us-west-2.amazonaws.com | https | Portal: Uploading CSV while importing devices |
614310738423-usprodms-asset-import-errors.s3.us-west-2.amazonaws.com | https | Portal: Download error CSV for errors in asset import |
614310738423-usprodms-daas-foreground-report.s3-us-west-2.amazonaws.com | https | Portal: Download reports |
614310738423-usprodms-daas-logs-lambda.s3.us-west-2.amazonaws.com | https | Portal: Export logs from the logs tab |
614310738423-usprodms-idm-asset-lambda.s3.us-west-2.amazonaws.com | https | Portal: Import assets using CSV |
614310738423-usprodms-idm-asset-unenroll-lambda.s3.us-west-2.amazonaws.com | https | Portal: Import assets to un-enroll using CSV |
614310738423-usprodms-idm-device-remove-lambda.s3.us-west-2.amazonaws.com | https | Portal: Import assets to remove from the portal |
c614310738423-usprodms-idm-user-import-lambda.s3.us-west-2.amazonaws.com | https | Portal: Import users to add |
614310738423-usprodms-logs-export.s3.us-west-2.amazonaws.com | https | Portal: Export logs |
https | Cookie content pops up on the welcome page. | |
https | Microfront end for common UI components in Portal | |
https | This is an HP domain used for user authentication | |
https | HPID Login Page - Privacy content UI | |
https | HPID Login Page - ReCAPTCHA | |
https | HPID Login Page | |
https | HPID Login Page | |
https | HPID Login Page | |
https | HPID Login Page | |
https | HPID Login Page | |
https | Google Analytics collection is anonymous, and the site will function even if turned off. | |
https | ||
https | ||
https | ||
https | HPID Login page - Google Analytics | |
https | Supports Microsoft AAD login for users | |
https | Supports Microsoft AAD login for users | |
https | Microfront end for common UI components in Portal | |
https | Host for APIs, HP domain | |
https | HP domain | |
https | Launchdarkly is used to control our release of UI as well as Server features to the production environment. It helps us do Canary/Blue Green type deployments. Access to launch darkly is critical for functionality. | |
https | ||
https | Windows Update downloads for BIOS Update Policies. |
EU datacenter
Domain | Ports | Description |
614310738423-euprodms-asset-export.s3.us-west-2.amazonaws.com | https | Portal: Uploading CSV while importing devices |
614310738423-euprodms-asset-import-errors.s3.us-west-2.amazonaws.com | https | Portal: Download error CSV for errors in asset import |
614310738423-euprodms-daas-foreground-report.s3-us-west-2.amazonaws.com | https | Portal: Download reports |
614310738423-euprodms-daas-logs-lambda.s3.us-west-2.amazonaws.com | https | Portal: Export logs from the logs tab |
614310738423-euprodms-idm-asset-lambda.s3.us-west-2.amazonaws.com | https | Portal: Import assets using CSV |
614310738423-euprodms-idm-asset-unenroll-lambda.s3.us-west-2.amazonaws.com | https | Portal: Import assets to un-enroll using CSV |
614310738423-euprodms-idm-device-remove-lambda.s3.us-west-2.amazonaws.com | https | Portal: Import assets to remove from the portal |
c614310738423-euprodms-idm-user-import-lambda.s3.us-west-2.amazonaws.com | https | Portal: Import users to add |
614310738423-euprodms-logs-export.s3.us-west-2.amazonaws.com | https | Portal: Export logs |
https | Cookie content pops up on the welcome page. | |
https | Microfront end for common UI components in Portal | |
https | This is an HP domain used for user authentication | |
https | HPID Login Page - Privacy content UI | |
https | HPID Login Page - Recaptcha | |
https | HPID Login Page | |
https | HPID Login Page | |
https | HPID Login Page | |
https | HPID Login Page | |
https | HPID Login Page | |
https | Google Analytics collection is anonymous, and the site will function even if turned off. | |
https | ||
https | ||
www.gstatic.com | https | |
https | Supports Microsoft AAD login for users | |
https | HPID Login page - Google Analytics | |
https | Supports Microsoft AAD login for users | |
https | Microfront end for common UI components in Portal | |
euprod.hpdaas.com | https | Host for APIs, HP domain |
https | HP domain | |
https | Launchdarkly is used to control our release of UI as well as Server features to the production environment. It helps us do Canary/Blue Green type deployments. Access to launch darkly is critical for functionality. | |
https | ||
https | Windows Update downloads for BIOS Update Policies. |
Related Resources
Prerequisites for Installing HP Insights Windows Application
Configuring Proxy and Authentication for HP Insights Windows Application
Contact Us
For any assistance, create a support case or email [email protected]