FAQ - SaaS

• Network requirements for Medulla SaaS
• Client Accounts (Status & Visibility)
• Deployment (broadcasting)
• Packages
• Remote Maintenance & Getting Started

Network requirements for Medulla SaaS

 Medulla / All Versions / SaaS / Infrastructure

1. Are there any technical prerequisites for using Medulla in SaaS mode?

For the shared SaaS offering, no hardware or software prerequisites are required.

The only requirement is to allow two outbound network connections from your workstations to the Medulla platform.

---

2. Which ports must be open on the Internet?

Shared SaaS

Only two ports need to be allowedWorkstations → Medulla Server:

• TCP 2002: primary communication between the Medulla agent and the server

• TCP 5222: XMPP channel used to orchestrate actions and establish secure tunnels

No other ports should be open on the Internet.

---

3. Why only two ports?

Because:

• All operations requiring additional ports (VNC, RDP, WinRM, inventory, package deployments) automatically pass through an OpenSSH tunnel established between the Medulla server and the agent on the workstation.

• This tunnel is initiated and managed by the XMPP service.

You therefore do not need to expose sensitive ports to the Internet.

4. Which ports are required for the dedicated SaaS offering?

In addition to the ports required for the shared SaaS offering:

• TCP 55415: used for backup functions

All other ports continue to pass through the OpenSSH tunnel and do not need to be opened.

5. Why are certain ports (UDP 67, 69, 111, 2049) no longer listed in SaaS mode?

Because they arenot used in SaaS mode:

• No PXE or DHCP over the Internet →UDP 67 / 69 are unnecessary

• No NFS exposed → 111 / 2049 unnecessary

• No low-level services are exposed in the Medulla cloud

6. Do I need to open incoming ports on my firewall?

No.

No incoming traffic is required in Medulla SaaS mode.

Your firewall simply needs to allow the following outbound traffic for the agents to communicate:

• TCP 2002

• TCP 5222

  (+ TCP 55415 if dedicated SaaS)

7. Quick Summary

Offer	Required Data Flows Workstations → Server	Notes
Shared SaaS	TCP 2002, TCP 5222	All other ports go through the OpenSSH tunnel
Dedicated SaaS	TCP 2002, TCP 5222, TCP 55415	Optional backup enabled
Incoming traffic	None	Everything is initiated by the workstation

Client Accounts (Status & Visibility)

Why do some devices appear offline even though they are powered on?

• Check the medullaagent and medullanetnotify services on the offline devices. If the services are indeed "running" but the device appears offline on the interface (grayed-out), please contact Support or your Administrator.
  
• If there are errors in the agent logs (on the device) "C:\Program Files\Medulla\var\log\xmpp-agent-machine.log," report them to Support or your Administrator.

Why are the inventory reports or reported information incomplete or incorrect?

• Make sure the MAC address of the device that is not reporting its inventory is not already in use. To check if a device is having trouble reporting its inventory, note that it is impossible to deploy to the device—even if it appears online on the interface (blue computer icon)—as the deployment icon for the device in the "Actions" menu will be grayed out.

Deployment (broadcasting)

Why are my deployments stuck in Pending?

• The "Pending" status indicates that deployments will be processed shortly. If the issue persists, please contact Support or your Administrator.

Why are my deployments stuck in "Deployment Start"?

• The "Deployment Start" status indicates that deployments will be processed shortly. If the issue persists, please contact Support or your Administrator.

What should I do if I encounter a deployment error: "Abort Package Execution"?

• You should check the script associated with the package; the error indicates that it is not executing correctly. You can try running the script manually on your machine.
  
• Check the feedback provided by the deployment audit; this may offer clues as to the cause of the error.

What to do if a deployment error occurs: Transfer Failed?

• Your computer cannot retrieve the package due to Rsync. Please check the Rsync permissions on several folders for the pulseuser account; the permissions should be set as follows:

C:\Progra~1\Pulse\var\tmp\packages BUILTIN\Users:(OI)(CI)(F)
                                   NT SERVICE\TrustedInstaller:(I)(F)
                                   NT SERVICE\TrustedInstaller:(I)(CI)(IO)(F)
                                   NT AUTHORITY\SYSTEM:(I)(F)
                                   NT AUTHORITY\SYSTEM:(I)(OI)(CI)(IO)(F)
                                   BUILTIN\Administrators:(I)(F)
                                   BUILTIN\Administrators:(I)(OI)(CI)(IO)(F)
                                   BUILTIN\Users:(I)(RX)
                                   BUILTIN\Users:(I)(OI)(CI)(IO)(GR,GE)
                                   CREATOR OWNER:(I)(OI)(CI)(IO)(F)
                                   APPLICATION PACKAGE AUTHORITY\ALL APPLICATION PACKAGES:(I)(RX)
                                   APPLICATION PACKAGE AUTHORITY\ALL APPLICATION PACKAGES:(I)(OI)(CI)(IO)(GR,GE)
                                   APPLICATION PACKAGE AUTHORITY\ALL RESTRICTED APPLICATION PACKAGES:(I)(RX)
                                   APPLICATION PACKAGE AUTHORITY\ALL RESTRICTED APPLICATION PACKAGES:(I)(OI)(CI)(IO)(GR,GE)

C:\Users\pulseuser\.ssh NT AUTHORITY\SYSTEM:(I)(OI)(CI)(F)
                        BUILTIN\Administrators:(I)(OI)(CI)(F)
                        MACHINE_NAME\pulseuser:(I)(OI)(CI)(F)

C:\Users\pulseuser\.ssh\authorized_keys MACHINE_NAME\pulseuser:(F)
                                        NT AUTHORITY\SYSTEM:(F)

Why aren't my deployments starting, or why are they taking a long time to start?

• If your deployments are taking a long time to start, it is possible that your queued deployment is being slowed down by the current load on the SaaS platform.
  
• If your deployments remain stuck, please contact Support or your Administrator.

How do I stop a deployment?

• You can use the "Stop Deploy" button in the deployment audit to stop the current deployment.

How do I view the results of my deployment?

• In the "Audit" view, you can find a list of all your deployments. Click the " " action button to view your deployment details.

How do I restart a deployment?

• In the "Audit" view, locate the row corresponding to the deployment you want to restart, then click the action button to restart the deployment.

   

Packages

I can't add a file to my package.

• Once you have added a file to your package, it is pending; don’t forget to click “Submit pending package.”

I created a package but it’s not available for deployment—why?

• If your package isn't visible in the package list, or isn't visible when you try to deploy it, then it's waiting to be synchronized with the relays; please wait a few moments before it appears in the "Package List."

Why isn’t my package available on the Kiosk package addition page?

• Your package must have an associated inventory to be visible in the list of packages available for the Kiosk.

Remote Maintenance & Getting Started

What should I do if remote access (VNC/RDP/PMAD) isn't working?

• Check the TightVNC service on the affected machines.
• Remote access is not available if the computer appears offline (grayed out); if this is the case, check the status of the medullaagent service on the machine.