IT Configuration Requirements

Last Updated: 6/12/2024

 

Click Here to Subscribe to Updates

Email

Email is used for product update announcements, password resets, initial user invitations, and interactions with the Pulsara support team.

Permit all incoming email from *@*.pulsara.com in your email system. Prevent email from *@*.pulsara.com from being tagged as spam. Because Pulsara relies on a third party for email services, if you filter incoming emails by IP address, please ensure your systems are looking up our SPF record to obtain a list of IP addresses from which we send mail.

Firewall and Network

Pulsara systems utilize dynamic load balancing to automatically distribute incoming application traffic across a web server cluster. Additionally, to support System Continuity best-practices, our systems leverage multiple geographically separated data centers. 

  • Consequently, to ensure continuity of service, we recommend configuring your firewall using host names rather than IP addresses. If you implement allowlist by IP, we cannot guarantee continuity of service.

Please permit traffic originating on your network to the destination hosts and specified ports in the tables below. 

  • Use of Pulsara requires only egress rules on a firewall - traffic originating from within your network. (We do not require the implementation of ingress firewall rules.)

  • Ensure that your firewall allows return traffic to the client on the specified ports. 

  • Modern stateful firewalls like Palo Alto, Cisco ASA, Juniper SRX (flow mode), etc. provide this functionality by default when you create rules allowing egress traffic.

Pulsara

Destination Host

Ports

Description

*.pulsara.com

TCP/443

For API traffic from Pulsara iOS and Android clients.

For the Pulsara browser app screens, assets, and API traffic.

 

Audio-Video Conferencing

If "Video Calling" has been enabled for your account, your Pulsara users can participate in secure Voice or Voice+ Video conference calls.

Zoom

Pulsara uses the Zoom platform for synchronous voice, video, and conferencing capabilities.

Destination Host

Ports

Description

*.zoom.us

TCP/80

TCP/443

TCP/8801

TCP/8802

For voice and video communications.

*.zoom.us

UDP/3478

UDP/3479

UDP/8801-8810

To provide the highest quality voice and video communication capabilities.


UDP is highly recommended for better quality audio and video. The protocol favors timeliness over reliability which is consistent with human perception.

 

After configuring your firewall, preliminary Zoom testing can be conducted using the instructions here:  https://zoom.us/test

If you are able to participate in the Zoom test conference, Pulsara App users on the same network should also be able to participate in Zoom-based conferences.

Specific network and firewall settings for Zoom are available here:  https://support.zoom.us/hc/en-us/sections/201740166-Network-and-Firewall

Additional Zoom Security Information: https://zoom.us/docs/en-us/privacy-and-security.html

Native Mobile Device Capabilities

 
Mobile App Downloads and Updates

Pulsara’s mobile apps and mobile app upgrades are distributed through the Apple App Store and the Google Play Store.

Either

    1. Configure your MDM for Pulsara apps, or

    2. Configure your firewall to allow access to the Apple App Store and/or Google Play Store to install and upgrade mobile apps, including Pulsara.

Push Notifications

Pulsara uses Push Notifications for its delivery of alerts. iOS devices use Apple Push Notification Service (APNS) for this purpose. Android devices use Google Firebase Cloud Message for the delivery of push notifications.

After configuring your firewall(s), we recommend sending and testing push notifications on devices of both types connected to your organization’s network(s) to which devices will be connected. This can be accomplished through the Pulsara mobile apps.

Apple Push Notification Services (APNS)

Destination Host

Ports

Description

17.0.0.0/8

TCP/5223

Used by iOS devices to receive push notifications from APNS. The APNS servers use load balancing, so your devices won't always connect to the same public IP address for notifications. It's best to allow access to these ports on the entire 17.0.0.0/8 address block, which is assigned to Apple.

 

For further information, see this article entitled If you Apple devices aren't getting Apple push notifications.

Google Firebase Cloud Messaging (FCM)

Pulsara uses Google FCM to deliver push notifications to Android devices.

Because receiving push notifications is critical for Android users, Pulsara strongly recommends following Google’s guidelines available here:  

FCM Ports and Your Firewall, and summarized below:

    • Google recommends that the ports in Table 1 (below) be whitelisted without IP restrictions.

    • If IP restrictions are required, Google provides an up-to-date list of their IPs here: https://www.gstatic.com/ipranges/goog.json that must be updated in your firewall at least once per month.

For additional information, see IP addresses for default domains. 

Table 1: Google FCM for Push Notifications

Destination Host

Ports

Description

Per Google’s guidelines:

TCP/443

TCP/5228

TCP/5229

TCP/5230

Used by Android devices to receive push notifications via Firebase Cloud Messaging.


Per Google’s guidelines:

If your network implements Network Address Translation (NAT) or Stateful Packet Inspection (SPI), implement a 30 minute or larger timeout for our connections over ports 5228-5230. This enables reliable connectivity while reducing the battery consumption of your users' mobile devices.

Browser Notifications

Pulsara HQ uses native browser notification services to send primary notifications for new patients. To allow these services to send push notifications, you may need to allow the following through your firewall.

Table 1: Edge Browser Notifications

Destination Hosts

Description

"*.wns.windows.com"

"*.notify.live.net"

Notification services for Windows Edge browser

 

Table 2: Chrome Browser Notifications

Destination Hosts

Description

Per Google's guidelines:

https://firebase.google.com/docs/cloud-messaging/concept-options#messaging-ports-and-your-firewall

Notification services for Chrome browser

 

 

 

 

Mobile App Analytics, Crash Detection, and Problem Resolution 

Pulsara’s mobile apps have the capability of reporting crashes, other errors, and analytics. Pulsara uses these reports to proactively correct issues or problems as quickly as possible (sometimes even before impacting customers) and to improve app usability. We use Google Firebase for this purpose.

ePHI is never transmitted to Google Firebase.

Pulsara clients will function properly even when devices are unable to access Google Firebase for the purpose of sending analytics and crash data.

Google does not publish domains or firewall-allow list guidance for Firebase Crashlytics or Firebase Analytics. As such, Table 2 (below) is provided strictly for informational purposes.

Table 2: Google Firebase for Analytics and Crash Reporting

Destination Host

Ports

Description

cm.googleapis.com

android.apis.google.com

*.google-analytics.com 

app-measurement.com

*.firebase.com

*.firebaseio.com

*.fabric.io

*.crashlytics.com

crashlyticsreports-pa.googleapis.com 

firebasecrashlyticssymbols.googleapis.com

TCP/443

Used for analytics, crash detection, and problem resolution.

 

Geolocation

Pulsara's mobile apps use location services provided by Android and iOS to calculate and update ETA for inbound EMS patients. For EMS organizations, ensure that each device can detect the current location using Apple Maps on iOS or Google Maps on Android. 

SSL Certificate Pinning

Pulsara uses certificate pinning in our mobile apps in order to protect HIPAA data from "Man in the Middle" (MITM) attacks. If your facility is using a proxy to intercept SSL/TLS traffic, the Pulsara app will not be able to correctly verify that the certificate being provided belongs to Pulsara and will halt further network activity from the app. Additional proxy configuration may be necessary in order for Pulsara to operate correctly. 

 

Federated Authentication

Pulsara provides an Open ID Connect (OIDC)-compliant federated authentication integration. This integration lets customers link their OIDC-compliant identity platform (such as Azure or Okta) to Pulsara to handle all authentication protocols. With this integration, all sign-in requirements (such as MFA, duration, password expiration, etc.) are delegated to your iDP, giving you control over the login experience. For more information on our federated authentication integration, please contact help@pulsara.com.

Mobile Device and Browser Requirements

Ensure your organization's personnel are using browsers and/or devices supported by Pulsara and listed here: https://www.pulsara.com/faqs/which-web-browsers-and-mobile-devices-can-we-use

 

WIFI Considerations:

If Wi-FI is to be used for Internet connectivity, determine which Wi-FI network name (a.k.a "SSID") will be used with staff mobile devices, and obtain Wi-Fi passwords or have your IT department configure this for you. 

Wi-Fi must have a persistently active connection, must not require staff members to repeatedly log back onto the system, and must have excellent coverage throughout applicable facilities. 

Prior to testing, a comprehensive connectivity audit should be completed to identify any Wi-Fi or cellular connectivity issues. 

Please consider the following:

 

Cellular Data:

It is our recommendation, as best practice for system continuity, that devices used by mission critical functions, such as ED nursing stations, have a cellular data plan as a backup method of connecting to the Internet. 

 

iOS Devices:

If your facility will use hospital-provided iOS device(s) for Pulsara outside of an MDM, then identify the Apple ID that will be used on the device(s) for the installation of the Pulsara application. This Apple ID may be required to authenticate with the Apple App Store for future upgrades of the Pulsara app. 

 

Mobile Device Management:

Does your facility use/plan to use an MDM (Mobile Device Management) system? If so, contact your Pulsara Project Manager so that the appropriate testing can take place prior to implementation. The IT department should be engaged at the inception of the project. Pulsara can help with this process. 

See this MDM Checklist for more information: https://www.pulsara.com/faqs/mobile-device-management

Additional Information