Pulse One Appliance Architecture

Overview

Pulse Workspace is part of the Pulse One runtime environment, but it has a unique networking and security profile due to its communication with the mobile devices.

The following diagram shows a completely equipped Pulse Secure implementation that includes Pulse One with Workspace (appliance edition). Workspace initiates conversations with mobile devices by sending a "phone home" notification to the devices. Every primary mobile vendor (Apple, Google, Microsoft) has their own proprietary push notification network. The firewall settings must be checked to ensure that the outbound ports and endpoints noted below are not blocked.

This diagram includes Pulse Workspace operations.

This diagram does not include information for a Software Defined Perimeter implementation. If you want to use Pulse One to configure and use Software Defined Perimeter (SDP), refer to the Software Defined Perimeter documentation.

Pulse One/Workspace uses several ports when communicating. Firewalls must be configured to support calls on these ports. In addition to push notifications, Pulse Workspace makes calls to both Apple and Google application stores. These are standard HTTPS web-service calls with no authentication. Pulse Workspace calls these to lookup application searches performed in the Pulse Workspace admin UI. Pulse Workspace also calls the Google EMM Cloud API which requires authenticated access.

To configure a pair of Pulse One appliances to operate as an Active/Passive cluster, refer to Configuring an Active/Passive Cluster.