Skip to main content
Click here if you are having trouble viewing this site
Older versions of Internet Explorer will not support certain site features. Chrome, Safari, Firefox, and Edge will provide the best experience.
Resources
Spok

Preparing for Spok Go

  1. Last updated
  2. Save as PDF
This article includes an implementation checklist to prepare your site for Spok Go, including requirements for the supported integrations, on-premises gateway, load balancer, SSL certificate, encryption, and single sign-on.

Overview

Before deploying Spok Go, make sure you have the following resources and information ready to ensure a smooth set up.  

Integrations with Existing Spok Products

If existing Spok products, such as MediCall, Smart Suite, Spok Console, or Spok Messenger, will be integrated with Spok Go, ensure the following requirements are met. These integrations require an on-premises gateway, load balancer, and SSL certificate.

Overview

The on-premises gateway provides the secure, encrypted connection to Spok Go from on-premises systems including Spok products like Smart Suite, Spok Console, MediCall and Spok Messenger as well as other systems like EHRs and nurse call systems. The gateway is a thin application that moves data from the on-premises systems to the cloud. The gateway requires a minimum of three VMs (virtual machines) behind the customer's firewall. The VMs are then clustered for high-availability, redundancy and resiliency.

The gateway is deployed as a cluster of 3 redundant VMs and because it is the “thin application” that was mentioned before, it can continue functioning even after the possible loss of 2 VMs. To help ensure better resiliency in the event of unforeseen issues, the VMs on which the gateway is installed can reside on different virtualization servers so that the loss of a server does not affect all of a Gateway’s VMs. To further insulate the gateway’s continued operation from the unexpected, the virtualization servers that are used can even exist in different data centers (provided there is little-to-no network latency between the data centers that are involved).

You can add additional gateways if a site has multiple data centers or needs high throughput for messaging. A tenant can have multiple gateways, but a gateway can point to only one tenant. However, to allow the virtual machines to create a server cluster, there must be an odd number of virtual machines. An even number of machines will not allow a leader machine for the server cluster. Spok recommends one gateway (set of three virtual machines) per data center or console/middleware system. 

Each virtual machine should be allocated the recommended disk space, memory, and processor. To help ensure performance and throughput, ensure other applications on the VM do not use or limit these resources.

Gateway Requirements

The customer must provide the following for the gateway:

Requirement Details
Virtualization Software/Hypervisor

VMWare

The on-premises Gateway’s installation package is distributed as an OVA file using the OVA standard. While VMWare is the only Virtualization Software/Hypervisor that has been tested thus far, any Virtualization Software/Hypervisor that supports installations via the OVA standard resulting in Ubuntu VMs should suffice.
Virtual Machines

A minimum of 6 (3 for production tenant and 3 for the test tenant) with the following:

  • Internet access
  • 40 GB of disk space
  • 4 GB of RAM
  • 2 CPUs
Load Balancer A load balancer such as HAProxy is needed to manage the traffic for both production and test gateways. For more information, see Preparing for Spok Go > Load Balancer.

Gateway Software 

The table below lists the software that is included with the gateway:

Software Details
Operating System Ubuntu1 
Gateway Components2 Containerized software components for connectors that enable integration with on-site systems. These include Spok systems such as MediCall, Spok Messenger, Spok Console, and Smart Suite,  as well as other on-site systems like EHRs, Lab and Radiology systems, Nurse Call systems, and similar.
  1. This operating system is included as part of the gateway installation and does not need to be provided by the customer. Spok will automatically install and perform any security or maintenance updates to the operating systems on the virtual machines on a weekly basis. The security and maintenance packages that are installed are retrieved directly from Ubuntu’s default package repositories. In order to ensure uptime, these packages are applied to one virtual machine at a time so that if a restart of a service or a virtual machine is necessary, the other two instances of the Gateway will continue to be available to service any message, alarm or other Gateway traffic.
  2. Spok will automatically install and perform any updates to the Gateway components on an as-needed basis. The updates that are installed are retrieved directly from the Spok Go Platform in AWS. In order to ensure uptime, these updates are applied to one virtual machine at a time so that if a restart of a service or a container is necessary, the Gateway software that is running on the other two instances of the Gateway will continue to be available to service any message, alarm or other Gateway traffic.

Gateway Requirements

The customer must provide the following for the gateway:

Requirement Details
Virtualization Software/Hypervisor

VMWare

The on-premises Gateway’s installation package is distributed as an OVA file using the OVA standard. While VMWare is the only Virtualization Software/Hypervisor that has been tested thus far, any Virtualization Software/Hypervisor that supports installations via the OVA standard resulting in Ubuntu VMs should suffice.
Virtual Machines

A minimum of 6 (3 for production tenant and 3 for the test tenant) with the following:

  • Internet access
  • 40 GB of disk space
  • 4 GB of RAM
  • 2 CPUs
Load Balancer A load balancer such as HAProxy is needed to manage the traffic for both production and test gateways. For more information, see Preparing for Spok Go > Load Balancer.

Spok strongly recommends using a DHCP server with the VM server to assign an IP address to each instance of the gateway/virtual machine and to access the internet. If a DHCP server is not available, additional configuration of the on-premises gateway is required to assign the static IP addresses.

Gateway Software 

The table below lists the software that is included with the gateway:

Software Details
Operating System Ubuntu1 
Gateway Components2 Containerized software components for connectors that enable integration with on-site systems. These include Spok systems such as MediCall, Spok Messenger, Spok Console, and Smart Suite,  as well as other on-site systems like EHRs, Lab and Radiology systems, Nurse Call systems, and similar.
  1. This operating system is included as part of the gateway installation and does not need to be provided by the customer. Spok will automatically install and perform any security or maintenance updates to the operating systems on the virtual machines on a weekly basis. The security and maintenance packages that are installed are retrieved directly from Ubuntu’s default package repositories. In order to ensure uptime, these packages are applied to one virtual machine at a time so that if a restart of a service or a virtual machine is necessary, the other two instances of the Gateway will continue to be available to service any message, alarm or other Gateway traffic.
  2. Spok will automatically install and perform any updates to the Gateway components on an as-needed basis. The updates that are installed are retrieved directly from the Spok Go Platform in AWS. In order to ensure uptime, these updates are applied to one virtual machine at a time so that if a restart of a service or a container is necessary, the Gateway software that is running on the other two instances of the Gateway will continue to be available to service any message, alarm or other Gateway traffic.

Load Balancer

  • A load balancer is required to help route traffic to the on-premises gateway. A load balancer, such as HA Proxy, can be used. Simple round-robin load balancing between the three virtual machines for the gateway is sufficient.
  • Any HTTPS traffic should pass through the load balancer, with the SSL termination occurring in the on-premises gateway. It is not necessary to load the SSL certificate on the load balancer.
  • The on-premises gateway's virtual machines must also be added the load balancer's configuration (sometimes known as a "Resource Pool").
  • Verify the FQDN or IP address of the load balancer (ex: loadBalancerVM.HospitalName.com) is added to the customer’s DNS. The FQDN also is needed for creating the SSL certificate as well as integrating Spok Messenger. 
  • Health checks of the gateway’s virtual machines should be directed to https://<ip address of each vm>/health-check?verbose=false and must target HTTP 1.0 or higher (ex: GET /health-check?verbose=false HTTP/1.0). Valid health checks will return a 200 response with 'HealthCheck: OK' in the body of the response. Be sure to also note that these health checks aren’t checking the overall health of the Gateway but rather the viability of each of the VMs that make up the Gateway.

SSL Certificate

A SSL certificate is needed to enable HTTPS between the on-site systems and the on-premises gateway. A customer-provided signed PKCS12 (PFX) X509 SSL certificate is required and it should follow the guidelines below.  

  • A certificate should be generated for the on-premises gateway and the certificate's origin should be traced to a trusted root certificate authority.
    • A x.509 *PFX archive (a container that included both the certificate and the private key) with the password with which it was encrypted. The .PFX archive will be imported onto the on-premises gateway. By using the *.PFX file and the password, the on-premises gateway will have all the necessary public/private components that apply to the certificate.
    • A .*PEM public key that can be generated from the .PFX file.  (A  *.PEM file is a version of a certificate that is recognized by a Linux operating system, like Ubuntu.) The *.PEM public key needs to be added to the Smart Suite application server to enable WCTP via HTTPS.
    • A *.CER certificate that can also be generated from the *.PFX file. (A *.CER is the same as a *.PEM except that Windows recognizes only *.CER files.) The *.CER certificate needs to be added to the Spok Messenger server's trusted stored to allow Spok Messenger to use HTTPS to connect with the load balancer.
  • Because Spok does not embed a private key in the gateway, this certificate and its private key must be provided by the customer and should be available when the gateway is installed.

  • The certificate should use the Fully Qualified Domain Name (FQDN) or IP address of the load balancer.

  • The corresponding root and/or public version of the certificate should also be recognized as a trusted certificate in the operating systems of any on-premises systems, including (Smart Suite and Spok Messenger) that are communicating with the gateway.

MediCall Integration

  • Verify MediCall version 11.12 or higher is installed.

Smart Suite Integration

  • Verify Smart Suite version 7.1.2 or higher has been installed.
  • If you will configure single sign-on, do the following:
    • Ensure each user has an email with the correct domain (name@besthospital.org). If the domain is incorrect, the user will not be able to sign in using single sign-on.
    • Ensure the display order for emails is set within Smart Center. Only the first email will be synchronized with Spok Go during the integration.

Spok Console Integration

  • Verify Spok Console version 7.11 or higher is installed.

Spok Messenger Integration

Nurse Call

Ensure you have the names/locations used for the units, rooms, and beds for the nurse call system. The names/locations within Spok Go must match these names for the alerts to be sent to the correct person. 

Escrow Key

All communication in Spok Go is securely transmitted. If you need to access the messages for any legal or administrative purposes, a key is needed. (You cannot decrypt or access any messages prior to setting up the key. ) Create and provide Spok with your public 4096-bit RSA key. The key has two sides: one is public and the other is private.

The private key must be stored securely at your site, preferably offline.  

A key can be created using Openssl or any other key generation utility. To create a key, follow the example below using Openssl. 

  1. Open a command line.
  2. To generate the private key, run the following command (replace "acme" with a filename of your choice.) This creates the private key of "acme.key". Keep this key safe.

    openssl genpkey -algorithm RSA -out acme.key -pkeyopt rsa_keygen_bits:4096
  3. To generate the public key, run the following command. 

    openssl rsa -in acme.key -outform PEM -pubout -out acmepublic.pem
  4. Review the key and ensure it starts with "-----BEGIN PUBLIC KEY-----". If it begins with "-----BEGIN PRIVATE KEY-----", it is the private key and it should not be sent to Spok.
  5. Send the public key to Spok.

Single Sign-On and User Accounts

  • Create a non-user service email account (for example, serviceaccount@besthospital.org) and provide this to Spok. This account is needed to allow a customer administrator to sign in and configure single sign-on. It can also be used as a general service account that is not tied to the single sign-on system. 
  • Identify any non-SSO accounts that may need to be created in Spok Go. These may be outside contractors or people with emails that do not match the domain of the SAML system.

Spok Go

Ensure your site has the supported operating systems, browsers, and devices. For more information, see Supported Operating Systems, Browsers, and Mobile Devices.

Spok Go Mobile Messaging - iOS

  • Ensure mobile users have the supported version of the iOS operating system.
  • Ensure mobile users download Spok Go to their mobile devices.
  • Ensure notifications are configured. 

Spok Go Mobile Messaging - Android

  • Ensure mobile users have the supported version of the Android operating system.
  • Ensure mobile users download Spok Go from Google Play to their mobile devices.
  • Ensure notifications are configured.