Enterprise IT

VIKTOR is a low-code application development platform based on Python. This guide outlines the prerequisites to use VIKTOR within an enterprise IT environment.

Device settings

In order to develop applications on the VIKTOR platform the machine of a developer needs to meet the following requirements:

• The machine runs a Windows or Linux operating system.
• Python 3.9 - 3.12 (64-bit) is available or can be installed by the developer.
• An Integrated Development Environment (IDE) is available or can be installed by the developer.
• The machine has internet access (TCP over port 443, TLS >= v1.2).
• The developer should have administrator rights for the installation of the VIKTOR worker. This application is shipped as Microsoft Installer (.msi) files.

Network / proxy settings

The CLI is used to connect local application code (hosted on the machine of the developer) to a cloud-based development workspace. This requires an internet connection with network settings specified below.

Domains

The following domains should be accessible on the machine of the developer in order to be able to use VIKTOR.

• *.viktor.ai (viktor.ai and all of its subdomains)
• *.amazonaws.com (all subdomains of amazonaws.com)

If you want to be more restrictive, it is possible be more selective on the allowed urls, note these domains are subject to change, so we strongly recommend to whitelist all subdomains of viktor.ai & amazonaws.com

Do replace <region> with one of eu1 for Frankfurt, ap1 for Australia, eu2 for London, us1 for the US.

Also do <company> with your viktor subdomain (e.g. acme for acme.viktor.ai).

• addons.viktor.ai (used in environments in Frankfurt)

• addons.<region>.viktor.ai (for the other regions)

• api-<company>.viktor.ai (still used but deprecated, for environments in Frankfurt)

• api-<company>.<region>.viktor.ai (still used but deprecated, for environments in other regions)

• cloud.viktor.ai

• community.viktor.ai

• <company>.viktor.ai (for environments in Frankfurt, for example acme.viktor.ai)

• <company>.<region>.viktor.ai (for environments in other regions, for example acme.eu2.viktor.ai)

• connect.viktor.ai (deprecated, used in some environments in Frankfurt)

• connect.<region>.viktor.ai

• developers.viktor.ai (for environments in Frankfurt)

• developers.<region>.viktor.ai (for environments in other regions)

• docs.viktor.ai

• errors.viktor.ai

• sys.viktor.ai (for environments in Frankfurt)

• sys.<region>.viktor.ai (for environments in other regions)

• viktor.ai

• viktor-storage.s3.amazonaws.com (still used but deprecated, for environments in Frankfurt)

• viktor-storage-<region>.s3.amazonaws.com

• viktor-system.s3.amazonaws.com

Furthermore, installation of third-party Python packages requires access to:

• files.pythonhosted.org
• pypi.org
• pypi.python.org

SSL certificates

If a proxy is configured in such a way that the SSL certification chain is modified by replacing the root CA's certificate by a self-signed certificate, additional steps are required before the developer is able to use Python. By default Python does not use the system certificate store but uses a bundled CA certificate store to establish secure connections for the installation of dependencies. Because the certificate of the proxy is not present in the bundled CA certificate store an error will occur. It is possible to solve this problem in two ways:

Windows

1. Pip (the Python package manager) has introduced a feature (truststore) to use the system certificate store for Python versions >= 3.10. VIKTOR uses this feature automatically when you use a Python version that supports it. Therefore, the easiest solution is use a supported Python version if you run into any SSL errors while installing apps. The solution depends on the selected isolation mode:
   • venv: install a supported Python version and configure this version for developing apps with the command viktor-cli configure.
   • docker: change the Python version to a supported version in the viktor.config.toml file.
2. (isolation mode venv only) Export CA certificates (including the proxy root certificate) from the system certificate store and save the bundle to a file. Subsequently, set the environment variable CURL_CA_BUNDLE with the path to this file when installing your app (e.g. run the command viktor-cli install -e CURL_CA_BUNDLE="path/to/bundle"). If this variable is set, Python will use the certificates from the file instead of the bundled certificates.

Linux (or WSL2)

1. Pip (the Python package manager) has introduced a feature (truststore) to use the system certificate store for Python versions >= 3.10. VIKTOR uses this feature automatically when you use a Python version that supports it. Therefore, the easiest solution is use a supported Python version if you run into any SSL errors while installing apps. The solution depends on the selected isolation mode:
   • venv: install a supported Python version and configure this version for developing apps with the command viktor-cli configure.
   • docker: change the Python version to a supported version in the viktor.config.toml file.
2. (isolation mode venv only) Set the environment variable CURL_CA_BUNDLE with the path to the system certificate bundle when installing your app (e.g. run the command viktor-cli install -e CURL_CA_BUNDLE="/etc/ssl/certs/ca-certificates.crt"). If this variable is set, Python will use the certificates from the system instead of the bundled certificates.

For more information please have a look at the documentation of pip.