Email is used for product update announcements, password resets, initial user invitations, and interactions with the Pulsara support team.
Permit all incoming email from *@*.pulsara.com in your email system. Prevent email from *@*.pulsara.com from being tagged as spam. Because Pulsara relies on a third party for email services, if you filter incoming emails by IP address, please ensure your systems are looking up our SPF record to obtain a list of IP addresses from which we send mail.
Firewall and Network
Pulsara systems utilize dynamic load balancing to automatically distribute incoming application traffic across a web server cluster. Additionally, to support System Continuity best-practices, our systems leverage multiple geographically separated data centers.
-
Consequently, to ensure continuity of service, we recommend configuring your firewall using host names rather than IP addresses. If you implement allowlist by IP, we cannot guarantee continuity of service.
Please permit traffic originating on your network to the destination hosts and specified ports in the tables below.
-
Use of Pulsara requires only egress rules on a firewall - traffic originating from within your network. (We do not require the implementation of ingress firewall rules.)
-
Ensure that your firewall allows return traffic to the client on the specified ports.
-
Modern stateful firewalls like Palo Alto, Cisco ASA, Juniper SRX (flow mode), etc. provide this functionality by default when you create rules allowing egress traffic.
Pulsara
|
Destination Host |
Ports |
Description |
|
*.pulsara.com |
TCP/443 |
For API traffic from Pulsara iOS and Android clients. For the Pulsara browser app screens, assets, and API traffic. |
Audio-Video Conferencing
If "Video Calling" has been enabled for your account, your Pulsara users can participate in secure Voice or Voice+ Video conference calls.
Zoom
Pulsara uses the Zoom platform for synchronous voice, video, and conferencing capabilities.
|
Destination Host |
Ports |
Description |
|
*.zoom.us |
TCP/80 TCP/443 TCP/8801 TCP/8802 |
For voice and video communications. |
|
*.zoom.us |
UDP/3478 UDP/3479 UDP/8801-8810 |
To provide the highest quality voice and video communication capabilities. UDP is highly recommended for better quality audio and video. The protocol favors timeliness over reliability which is consistent with human perception. |
After configuring your firewall, preliminary Zoom testing can be conducted using the instructions here: https://zoom.us/test
If you are able to participate in the Zoom test conference, Pulsara App users on the same network should also be able to participate in Zoom-based conferences.
Specific network and firewall settings for Zoom are available here: https://support.zoom.us/hc/en-us/sections/201740166-Network-and-Firewall
Additional Zoom Security Information: https://zoom.us/docs/en-us/privacy-and-security.html
Native Mobile Device Capabilities
Mobile App Downloads and Updates
Pulsara’s mobile apps and mobile app upgrades are distributed through the Apple App Store and the Google Play Store.
Either
-
-
Configure your MDM for Pulsara apps, or
-
Configure your firewall to allow access to the Apple App Store and/or Google Play Store to install and upgrade mobile apps, including Pulsara.
-
Push Notifications
Pulsara uses Push Notifications for its delivery of alerts. iOS devices use Apple Push Notification Service (APNS) for this purpose. Android devices use Google Firebase Cloud Message for the delivery of push notifications.
After configuring your firewall(s), we recommend sending and testing push notifications on devices of both types connected to your organization’s network(s) to which devices will be connected. This can be accomplished through the Pulsara mobile apps.
Apple Push Notification Services (APNS)
|
Destination Host |
Ports |
Description |
|
17.0.0.0/8 |
TCP/5223 |
Used by iOS devices to receive push notifications from APNS. The APNS servers use load balancing, so your devices won't always connect to the same public IP address for notifications. It's best to allow access to these ports on the entire 17.0.0.0/8 address block, which is assigned to Apple. |
For further information, see this article entitled If you Apple devices aren't getting Apple push notifications.
Google Firebase Cloud Messaging (FCM)
Pulsara uses Google FCM to deliver push notifications to Android devices.
Because receiving push notifications is critical for Android users, Pulsara strongly recommends following Google’s guidelines available here:
FCM Ports and Your Firewall, and summarized below:
-
-
Google recommends that the ports in Table 1 (below) be whitelisted without IP restrictions.
-
If IP restrictions are required, Google provides an up-to-date list of their IPs here: https://www.gstatic.com/ipranges/goog.json that must be updated in your firewall at least once per month.
-
For additional information, see IP addresses for default domains.
|
Destination Host |
Ports |
Description |
|
Per Google’s guidelines:
|
TCP/443 TCP/5228 TCP/5229 TCP/5230 |
Used by Android devices to receive push notifications via Firebase Cloud Messaging. Per Google’s guidelines: If your network implements Network Address Translation (NAT) or Stateful Packet Inspection (SPI), implement a 30 minute or larger timeout for our connections over ports 5228-5230. This enables reliable connectivity while reducing the battery consumption of your users' mobile devices. |
Browser Notifications
Pulsara HQ uses native browser notification services to send primary notifications for new patients. To allow these services to send push notifications, you may need to allow the following through your firewall.
|
Destination Hosts |
Description |
|
|
"*.wns.windows.com" "*.notify.live.net" |
Notification services for Windows Edge browser |
|
|
Destination Hosts |
Description |
|
|
Per Google's guidelines: https://firebase.google.com/docs/cloud-messaging/concept-options#messaging-ports-and-your-firewall |
Notification services for Chrome browser |
|
Mobile App Analytics, Crash Detection, and Problem Resolution
Pulsara’s mobile apps have the capability of reporting crashes, other errors, and analytics. Pulsara uses these reports to proactively correct issues or problems as quickly as possible (sometimes even before impacting customers) and to improve app usability. We use Google Firebase for this purpose.
ePHI is never transmitted to Google Firebase.
Pulsara clients will function properly even when devices are unable to access Google Firebase for the purpose of sending analytics and crash data.
Google does not publish domains or firewall-allow list guidance for Firebase Crashlytics or Firebase Analytics. As such, Table 2 (below) is provided strictly for informational purposes.
|
Destination Host |
Ports |
Description |
|
cm.googleapis.com android.apis.google.com *.google-analytics.com app-measurement.com *.firebase.com *.firebaseio.com *.fabric.io *.crashlytics.com crashlyticsreports-pa.googleapis.com firebasecrashlyticssymbols.googleapis.com |
TCP/443 |
Used for analytics, crash detection, and problem resolution. |
Geolocation
Pulsara's mobile apps use location services provided by Android and iOS to calculate and update ETA for inbound EMS patients. For EMS organizations, ensure that each device can detect the current location using Apple Maps on iOS or Google Maps on Android.
SSL Certificate Pinning
Pulsara uses certificate pinning in our mobile apps in order to protect HIPAA data from "Man in the Middle" (MITM) attacks. If your facility is using a proxy to intercept SSL/TLS traffic, the Pulsara app will not be able to correctly verify that the certificate being provided belongs to Pulsara and will halt further network activity from the app. Additional proxy configuration may be necessary in order for Pulsara to operate correctly.
Federated Authentication
Pulsara provides an Open ID Connect (OIDC)-compliant federated authentication integration. This integration lets customers link their OIDC-compliant identity platform (such as Azure or Okta) to Pulsara to handle all authentication protocols. With this integration, all sign-in requirements (such as MFA, duration, password expiration, etc.) are delegated to your iDP, giving you control over the login experience. For more information on our federated authentication integration, please contact help@pulsara.com.
Mobile Device and Browser Requirements
Ensure your organization's personnel are using browsers and/or devices supported by Pulsara and listed here: https://www.pulsara.com/faqs/which-web-browsers-and-mobile-devices-can-we-use
WIFI Considerations:
If Wi-FI is to be used for Internet connectivity, determine which Wi-FI network name (a.k.a "SSID") will be used with staff mobile devices, and obtain Wi-Fi passwords or have your IT department configure this for you.
Wi-Fi must have a persistently active connection, must not require staff members to repeatedly log back onto the system, and must have excellent coverage throughout applicable facilities.
Prior to testing, a comprehensive connectivity audit should be completed to identify any Wi-Fi or cellular connectivity issues.
Please consider the following:
-
Are there any known dead spots?
-
What is the pathway for reporting and resolving a connectivity issue?
-
For those who may experience repeated connectivity challenges, we recommend enabling the Rollover-to-Page Feature. You can find additional information on the Rollover-to-Page Feature in our Knowledge Base Article: https://knowledge.pulsara.com/technical/alerts/what-is-the-rollover-to-page-feature
Cellular Data:
It is our recommendation, as best practice for system continuity, that devices used by mission critical functions, such as ED nursing stations, have a cellular data plan as a backup method of connecting to the Internet.
iOS Devices:
If your facility will use hospital-provided iOS device(s) for Pulsara outside of an MDM, then identify the Apple ID that will be used on the device(s) for the installation of the Pulsara application. This Apple ID may be required to authenticate with the Apple App Store for future upgrades of the Pulsara app.
Mobile Device Management:
Does your facility use/plan to use an MDM (Mobile Device Management) system? If so, contact your Pulsara Project Manager so that the appropriate testing can take place prior to implementation. The IT department should be engaged at the inception of the project. Pulsara can help with this process.
See this MDM Checklist for more information: https://www.pulsara.com/faqs/mobile-device-management
Additional Information
-
What Data is Stored on the Mobile Device?
-
Device Provisioning
Pulsara does not provide hardware. Please work with your Pulsara regional team to determine the appropriate devices for use at your organization.
A list of supported devices is available here: https://knowledge.pulsara.com/en/which-web-browsers-and-mobile-devices-can-we-use
-
Account Provisioning
-
Pulsara Status Page
For information regarding Pulsara system status, please visit our status page here: status.pulsara.com
This page displays the status of the Pulsara platform. You can also sign up for status notifications by clicking on "Subscribe to Updates".
-
Automatic Updates
Pulsara releases updates to its mobile applications frequently. To optimize your experience with the Pulsara platform, it is highly recommended that you enable auto-updates on your devices.
Pulsara fully tests each release for regressions against all supported devices with the use of manual and automated testing sequences. In advance of an update, release notes will be provided with timeline, scope, and details of the release.