Mobile App Setup Helper

On live environments, the myCommunity software (currently the framework myApprovals and myInspections applications) would be installed in the DMZ at your site so the app can be used by users anywhere in the world. We’d recommend using the eSuite server to install the myCommunity application as that server is likely already in the DMZ. Port 443 would need to be open between the Application Server and myCommunity server in the firewall. This is a two-way communication. We recommend a similar test mobile/web server be configured in the DMZ to allow for testing of environment equality before go-lives.

If the mobile server is a new machine and eSuite is not licensed at your site, an SSL certificate is required on the mobile server to be bound to the Default Website in Internet Information Services manager (IIS). It is a good practice to add a host header mapping to the HTTPS binding in IIS that corresponds to the name the certificate will resolve to in DNS. This ensures when you browse to a site in IIS that is served by that certificate, that you won’t get a certificate error.

A diagram of recommended server topology for mobile products is displayed below.

Note: On-premise clients own their hardware and the security of their hardware, including eSuite and myCommunity. Tyler Technologies can provide information about making eSuite and myCommunity accessible to the public and recommend that SSL certificates are used; however, the client needs to make the determination and devise a security solution that works for their organization and its needs.

To enable the Apple push notifications (currently for the myInspections app), some firewall considerations need to be be addressed. Please follow the directions below and more information can be found here: https://developer.apple.com/library/archive/technotes/tn2265/_index.html

1. To send notifications, you will need to allow inbound and outbound TCP packets over port 443 for the HTTP/2 provider API or port 2195 for the binary provider API.
2. To reach the feedback service, you will need to allow inbound and outbound TCP packets over port 2196.
3. Devices and computers connecting to the push service over Wi-Fi will need to allow inbound and outbound TCP packets over port 5223, or port 443 for a fallback when devices can’t reach APNs on port 5223.
4. OS X systems will also need to allow inbound and outbound TCP traffic over port 80.

Note: The IP address range for the push service is subject to change; the expectation is that providers will connect by hostname rather than IP address. The push service uses a load balancing scheme that yields a different IP address for the same hostname. However, the entire 17.0.0.0/8 address block is assigned to Apple, so you can specify that range in your firewall rules.

To assist in testing connectivity between the mobile server and application server for myInspections, there is a test that you can run from the mobile server. Utilize the below URL and replace HOSTHEADERMAPPING with the name the certificate of the mobile server resolves to in DNS. When the site loads, users can attempt to login and this will emulate use from the myInspections application.

https://HOSTHEADERMAPPING/CD.WebAPI.Inspections/logos/myinspectionstest/loginpage

To assist in testing connectivity between the mobile server and application server for myApprovals, there is a test that you can run from the mobile server. Utilize the below URL and replace HOSTHEADERMAPPING with the name the certificate of the mobile server resolves to in DNS. When the site loads, users can attempt to login and this will emulate use from the myInspections application. Logging in with a valid account will display a success message if the web server can appropriately connect to the application server.

Failures will also display (shown below) if there is a connectivity issue between the servers.

https://HOSTHEADERMAPPING/mobileapprovals.webapi.external/mobileapprovalstest/loginpage

Please refer to https://check.tylertech.com/ for hardware requirements. To log in, use your personal email address with a password of Tyler. For mobile, please look at the web server requirements on the site by answering yes to the “Will you be utilizing eSuite or the myCommunity applications?” question.