The Workspot Client attempts to discover where it is relative to your organization's network resources. This is called location detection (not to be confused with geolocation, which is different.) The purpose of location detection is to discover if the Client is connected to the same network as the Workspot desktops/apps, in which case a direct connection probably gives the greatest performance.
How it Works
One method is for the Workspot Administrator to define beacons: Web servers on the organization's internal network that are not accessible externally. Others are described below.
- If any beacon can be reached (without using the VPN or RD Gateway defined in Workspot Control), the Client attempts a direct connection.
- If no beacon is defined and a VPN is defined, if the Client cannot reach the VPN, attempts a direct connection.
- Otherwise, the Client is assumed to be outside the internal network and no direct connection is attempted.
- Internal beacon requirements:
- At least one web server that is reachable ONLY from inside your organization's network.
- The specified web page must not redirect to another page or URL, and it must not require authentication. The Workspot Client is looking for a normal (code 200) response.
- A certificate must be trusted by the client if HTTPS is used. If an attempt to connect to a server with a self-signed certificate occurs, the location detection process will fail for that URL.
- Address requirements:
- While FQDN configuration is supported, Workspot recommends using the web server's IP address. Many ISPs for home networks will hijack DNS requests that are not resolvable to an internal address, and may return an advertising page for that URL. The Workspot Client will falsely interpret this to mean it is inside the corporate network.
- Go to "Setup > Cloud > Configuration > Location Detector"
- Enter the URI of internal sites that will play the role of "beacons" and hit "Save".
(Maximum of three Sites/Web Servers.)
- What type of webserver should I use?
- Many companies have Microsoft Windows Servers, these servers can be configured to be a web server (IIS) fairly easily.
- What type of security should the IIS server have?
- None. The Location Detector service is looking for a response from the server. If incoming connection requests require authentication first, the location detection response from that server will return as false.
- What ports are supported by the Location Detector?
- The Location Detector supports common web ports: 80, 443. Other ports may work but have not been tested.
- What data or content is sent to and from the server participating in the Location Detector service?
- No web content is sent to and from the server. When the client communicates with the server, the client is looking for a response of “200 OK”.
- What order should I place the servers in?
- There is no preference as to which server is selected. The feature will attempt to solicit a response from up to three servers. Once a response is received from any of the servers, the Workspot client continues launching the selected application. Subsequent responses from the server are discarded.
- Do the servers need to be available on the internet?
- No! the servers defined for the Location Detector service should specifically not be available for access from the internet. This would negate the Location Detector purpose. Our best practices for this feature call for Control to be configured with an IP address, (instead of a FQDN). The reason is that many companies use non-routable addresses (ie: 10.x.x.x) in their internal networks, this helps ensure the servers are internal to the companies network.