Why Do We Need to Whitelist?
The SafeWork Platform leverages multiple online services to deliver the best possible experience for our customers. Many networks have unfettered access to the internet, just like you would see on a home internet connection.
Corporate environments often have limitations on the internet endpoints that can be connected to, for security purposes. These are frequently limited by the DNS name of the site, the port that each of these sites serves data on, or some other deep packet inspection techniques. Your IT Team will be able to assist with the setup and deployment options.
For the SafeWork Platform to function properly, access to all listed endpoints is critical. If your organization is engaged with only SafeWork Training or SafeWork Sensor, your IT will need to include that section as well as the SafeWork Dashboard section.
Note: Only outbound connections are required.
Email Communications
To receive all email communications from Strongarm, please whitelist these domains and addresses:
@strongarmtech.com @worklete.com @strongarmtech.zendesk.com
noreply@myabsorb.com noreply@lookermail.com
SafeWork Dashboard
The SafeWork Dashboard is the main hub for our SafeWork Platform, needed for both SafeWork Training and SafeWork Sensor. Zendesk is our platform for support tickets and end user platform guides.
| DNS/URL | Port(s) | Protocol |
| *.strongarmtech.com | 443 | TCP |
| strongarmtech.zendesk.com | 443 | TCP |
Note: For some sites the DNS resolver may need these CNAME records:
dock.strongarmtech.com resolves to d-6olvkds55e.execute-api.us-east-1.amazonaws.com
SafeWork Training
Absorb LMS is our chosen partner to provide training to our customers.
| DNS/URL | Port(s) | Protocol |
| *.myabsorb.com | 80, 443, 9999 | TCP |
Note: Port 9999 is used to showcase certain actions on the platform, such as "report generating". If closed, these messages will not appear.
SafeWork Sensor
Our SafeWork Sensors are Android-based. We leverage Workspace ONE UEM (Airwatch) as an MDM (Mobile Device Management) solution, Google's Firebase Cloud Messaging (FCM) for push communication and Pendo for analytics.
Android with FCM
| DNS/URL | Port(s) | Protocol |
| time.android.com | 123 | UDP |
| pool.ntp.org | 123 | UDP |
| googleusercontent.com | 443 | TCP |
| *.ggpht.com | 443 | TCP |
| *.gstatic.com | 443 | TCP |
| *.gvt1.com | 443 | TCP |
| *.googleapis.com | 443 | TCP |
| android.apis.google.com | 443 | TCP |
| android.clients.google.com | 443 |
TCP |
Pendo
| DNS/URL | Port(s) | Protocol |
| app.pendo.io | 443 | TCP |
| cdn.pendo.io | 443 | TCP |
| data.pendo.io | 443 | TCP |
Workspace ONE UEM (Airwatch)
| DNS/URL | Port(s) | Protocol |
| airwatch.airwatchsupport.com | 443 | TCP |
| api.na1.region.data.vmwservices.com | 443 | TCP |
| cn1506.awmdm.com | 443 | TCP |
| cn1506cip.awmdm.com | 443 | TCP |
| config.na1.data.vmwservices.com | 443 | TCP |
| ds1506.awmdm.com | 443 | TCP |
| eventproxy.na1.data.vmwservices.com | 443 | TCP |
| scapi.vmware.com | 443 | TCP |
| rm01.awmdm.com | 443 | TCP |
| rmsession01.awmdm.com | 443 | TCP |
| rmsession02.awmdm.com | 443 | TCP |
| rmsession03.awmdm.com | 443 | TCP |
| rmsession04.awmdm.com | 443 | TCP |
| rmsession05.awmdm.com | 443 | TCP |
| rmsession06.awmdm.com | 443 | TCP |
| signing.awmdm.com | 443 | TCP |
Note: For some sites the DNS resolver may need these CNAME records:
ds1506.awmdm.com resolves to cn1506.awmdm.com
SafeWork Sensor Data Upload
As SafeWork Sensors are worn, data is collected and stored in a local session file. Once a session is complete the file is uploaded to. our cloud provided, AWS, for analysis. This allows the information to come back to Strongarm where our algorithms are applied and the data is processed.
If a site is unreachable the SafeWork Sensor will remain in service, retaining the session files on the device until network connectivity is restored. Each sensor has the ability to use local, encrypted storage to store 10 or more sessions worth of data. If you would like to compute your usage, consider that the average session file size is 20MB.
| DNS/URL | Port(s) | Protocol |
| s3.amazonaws.com | 443 | TCP |
| sts.amazonaws.com | 443 | TCP |
Note: For sites that must also whitelist DNS for CNAMES, please include:
s3-1.amazonaws.com
s3-1-w.amazonaws.com
s3-2.amazonaws.com
s3-2-w.amazonaws.com