Describes the operational requirements for the Onsite product
This article is for IT and security professionals
Technical
Onsite is a mobile application delivered as a store app through Google Play and the Apple App Store.
Devices
Onsite is designed to be run on mobile phones and supports Android and iOS. While it will also run on Android and iOS tablets, the UI is optimized for phone.
Onsite is designed for mobile phones, but it can also run on similarly spec’d tablets.
- Android phone, running Oreo (API 26) or later; or
- iPhone 6s or later, running iOS 11 or later
Architecture
The Onsite application requires additional APIs installed on-premise near the Pulse database.
- Users download the Onsite application onto their mobile devices running iOS or Android
- Inside settings, users will need to enter the server name and port number
- Users will also enter their Pulse username and password.
- The Onsite API is a standard .NET Web API 2 interface which is designed to run on the client’s installation of IIS and supports HTTP (80) and HTTPS (443). This instance of IIS can be shared with other Pulse products (e.g. Contractor Web) but we recommend that apps from other companies are not hosted on this server.
- For the greatest level of security, we recommend that this server does not accept connections from outside the local network. In this model, devices are connected to the corporate network directly and do not route through the Internet to reach the Onsite API server. This model does not require that the API for Onsite be open outside of the enterprise. This can be done through a number of mechanism, such as:
- Joining mobile devices to enterprise Wi-Fi
- Securing Wi-Fi connections with client certificates and/or MDM
- Mobile VPN solutions
- For the greatest level of security, we recommend that this server does not accept connections from outside the local network. In this model, devices are connected to the corporate network directly and do not route through the Internet to reach the Onsite API server. This model does not require that the API for Onsite be open outside of the enterprise. This can be done through a number of mechanism, such as:
- The Onsite API server directly accesses the Pulse database.
The client-server model that Pulse was built around was very popular before prevalence of web applications. This model assumes that the database, the servers, and all the clients are running on a private local network. These assumptions determined the design of client-server architectures especially with respect to performance and security. This model is not suitable for Internet delivery. FMI does not recommend nor license Pulse for Internet or cloud deployments. While Onsite may run outside of local networks without the performance problems of client-server, for security reasons, FMI does not recommend using Onsite unless on the same local network as Pulse.