Below is the list of ports and URLs that our products use to communicate with BSN.cloud services. All services are used in both BSN.cloud Control Cloud and BSN.cloud Content Cloud modes, except Device Snapshots, which requires 'bsncloud-dssp.s3.amazonaws.com' and 'sqs.us-east-1.amazonaws.com'.
Player Access Requirements
All access rules must be defined for outgoing connections only.
Domain | Ports & Protocols | Control Cloud | Content Cloud |
443: HTTPS | Optional (for B-Deploy) | Optional (for B-Deploy) | |
provision.bsn.cloud | 443: HTTPS | Optional (for B-Deploy) | Optional (for B-Deploy) |
handlers.bsn.cloud | 443: HTTPS | Optional | Required |
ws.bsn.cloud | 443: HTTPS, WSS | Required | Required |
certs.bsn.cloud | 443: HTTPS | Required | Required |
443: HTTPS | Required | Required | |
80, 123: HTTP, NTP | Required | Required | |
*.mc.bsn.cloud | 443:HTTPS | Optional (player hotfixes) | Optional (player hotfixes) |
443: HTTPS | Required | Required | |
80: HTTP 443: HTTPS | Required | Required | |
443: HTTPS | Optional (for On Device Setup) | Optional (for On Device Setup) | |
443: HTTPS | Not Required | Required | |
443: HTTPS | Not Required | Required | |
443: HTTPS | Not Required | Optional (for Remote Snapshot) | |
443: HTTPS | Optional (for activation by QR) | Optional (for activation by QR) | |
443: HTTPS | Optional (for activation by QR) | Optional (for activation by QR) | |
443: HTTPS | Optional | Optional |
BrightAuthor:connected Desktop Client Access Requirements
All access rules must be defined for outgoing connections only.
Domain | Ports & Protocols | Control Cloud | Content Cloud |
bsn.cloud | 443: HTTPS | Required | Required |
www.bsn.cloud | 443: HTTPS | Required | Required |
oa.bsn.cloud | 443: HTTPS | Required | Required |
443: HTTPS | Required | Required | |
provision.bsn.cloud | 443: HTTPS | Required | Required |
ws.bsn.cloud | 443: HTTPS | Required | Required |
api.bsn.cloud | 443: HTTPS | Required | Required |
rp.bsn.cloud | 443: HTTPS | Not required | Required |
analytics.bsn.cloud | 443: HTTPS | Required | Required |
443: HTTPS | Not required | Optional (for presentation import from BSN.com) | |
443: HTTPS | Required | Required | |
443:HTTPS | Not required | Optional (for presentation import from BSN.com) | |
443: HTTPS | Optional | Optional | |
*.netsuite.com | 443: HTTPS | Required | Required |
www.brightsign.biz | 443: HTTPS | Required | Required |
docs.brightsign.biz | 443: HTTPS | Required | Required |
*.launchdarkly.com See https://docs.launchdarkly.com/home/advanced/public-ip-list and Domain list for additional information. | 443: HTTPS | Required | Required |
Note for customers using TLS-terminating proxies
Requests to the following HTTPS URLs are authenticated using a client certificate. If the TLS session is terminated in the proxy to allow for payload filtering, the client certificate will not match and the request will fail with a 401 status code. The proxy must be configured such that requests to any URL in the list below are handled transparently without TLS termination.
https://certs.bsn.cloud/features/api/v1/exchange-refresh-token
https://certs.bsn.cloud/features/api/v1/get-activation-token
https://certs.brightsignnetwork.com/features/api/v1/exchange-refresh-token
https://certs.brightsignnetwork.com/features/api/v1/exchange-reg-token
https://certs.brightsignnetwork.com/features/api/v1/get-activation-token
https://certs.brightsignnetwork.com/features/api/v1/failsafe
https://certs.brightsignnetwork.com/features/api/v1/bsn-reg-token
https://certs.brightsignnetwork.com/features/api/v1/user-access-token
https://certs.brightsignnetwork.com/features/api/v1/bsn-groups
Requests to the following URLs use the WebSockets protocol. These do not require the client certificate but, if the proxy supports only HTTPS, it may be necessary to configure these URLs to bypass the proxy as well.
wss://ws.bsn.cloud/
Requests to the following URLs must be permitted by the ACL but do not otherwise require special handling:
https://bsncloud.s3.amazonaws.com/public/FirmwareManifest.json
http://bsnm.s3.amazonaws.com/public/FirmwareCompatibilityFile.xml
https://handlers.bsn.cloud/bs/recovery/recovery_runsetup_ba.brs
https://services.brightsignnetwork.com/bs/checkforcontent.ashx
https://services.brightsignnetwork.com/bs/devicedownload.ashx
https://services.brightsignnetwork.com/bs/devicedownloadprogress.ashx
https://services.brightsignnetwork.com/bs/trafficdownload.ashx
https://services.brightsignnetwork.com/bs/batteryCharger.ashx
https://services.brightsignnetwork.com/bs/recovery/recovery.ashx
https://services.brightsignnetwork.com/bs/recovery/recovery_runsetup_ba.brs
http://api.brightsignnetwork.com/BrightAuthor/Service/v201312/BNMServices.asmx
https://bsncloud-dssp.s3.amazonaws.com/DeviceScreenShots/Incoming/
https://sqs.us-east-1.amazonaws.com/965175186373/bsn-cloud-dssp
The default value for the setup time server is http://time.brightsignnetwork.com. However, BrightAuthor and BrightAuthor:connected let the user enter a value for the time server. The associated scripts then set the time server to the value entered by the user.