BSN.cloud Ports and URLs for Players and Software

Below is the list of ports and URLs that our products use to communicate with BSN.cloud services. All services are used in both BSN.cloud bsn.Control and bsn.Content modes, except Device Snapshots, which requires 'bsncloud-dssp.s3.amazonaws.com' and 'sqs.us-east-1.amazonaws.com'.

Player Access Requirements

All access rules must be defined for outgoing connections only.

Domain

Ports & Protocols

Control Cloud

Content Cloud

provision.brightsignnetwork.com

443: HTTPS

Optional (for B-Deploy)

Optional (for B-Deploy)

provision.bsn.cloud

443: HTTPS

Optional (for B-Deploy)

Optional (for B-Deploy)

handlers.bsn.cloud

443: HTTPS

Optional

Required

ws.bsn.cloud

443: HTTPS, WSS

Required

Required

certs.bsn.cloud

443: HTTPS

Required

Required

certs.brightsignnetwork.com

443: HTTPS

Required

Required

time.brightsignnetwork.com

80, 123: 

HTTP, NTP

Required

Required

*.mc.bsn.cloud

443:HTTPS

Optional (player hotfixes)

Optional (player hotfixes)

crashes.brightsignnetwork.com

443: HTTPS

Required

Required

services.brightsignnetwork.com

80: HTTP

443: HTTPS

Required

Required

bsncloud-dssp.s3.amazonaws.com

443: HTTPS

Not Required

Required

bsncloud.s3.amazonaws.com

443: HTTPS

Not Required

Required

sqs.us-east-1.amazonaws.com

443: HTTPS

Not Required

Optional (for Remote Snapshot)

api.qrserver.com

443: HTTPS

Optional (for activation by QR)

Optional (for activation by QR)

goqr.me

443: HTTPS

Optional (for activation by QR)

Optional (for activation by QR)

BrightAuthor:connected Desktop Client Access Requirements

All access rules must be defined for outgoing connections only.

Domain

Ports & Protocols

Control Cloud

Content Cloud

bsn.cloud

443: HTTPS

Required

Required

www.bsn.cloud

443: HTTPS

Required

Required

oa.bsn.cloud

443: HTTPS

Required

Required

provision.brightsignnetwork.com

443: HTTPS

Required

Required

provision.bsn.cloud

443: HTTPS

Required

Required

ws.bsn.cloud

443: HTTPS

Required

Required

api.bsn.cloud

443: HTTPS

Required

Required

rp.bsn.cloud

443: HTTPS

Not required

Required

analytics.bsn.cloud

443: HTTPS

Required

Required

api.brightsignnetwork.com

443: HTTPS

Not required

Optional (for presentation import from BSN.com)

bsncloud.s3.amazonaws.com

443: HTTPS

Required

Required

bsnm.s3.amazonaws.com

443:HTTPS

Not required

Optional (for presentation import from BSN.com)

api.twitter.com 

443: HTTPS

Optional

Optional

*.netsuite.com

443: HTTPS

Required

Required

www.brightsign.biz

443: HTTPS

Required

Required

docs.brightsign.biz

443: HTTPS

Required

Required

*.launchdarkly.com

See https://docs.launchdarkly.com/home/advanced/public-ip-list and Domain list for additional information.

443: HTTPS

Required

Required

Note for customers using TLS-terminating proxies

Requests to the following HTTPS URLs are authenticated using a client certificate. If the TLS session is terminated in the proxy to allow for payload filtering, the client certificate will not match and the request will fail with a 401 status code. The proxy must be configured such that requests to any URL in the list below are handled transparently without TLS termination.

 

 

 

Requests to the following URLs use the WebSockets protocol. These do not require the client certificate but, if the proxy supports only HTTPS, it may be necessary to configure these URLs to bypass the proxy as well.

  • wss://ws.bsn.cloud/

Requests to the following URLs must be permitted by the ACL but do not otherwise require special handling:

 

 

The default value for the setup time server is http://time.brightsignnetwork.com. However, BrightAuthor and BrightAuthor:connected let the user enter a value for the time server. The associated scripts then set the time server to the value entered by the user.Â