Workspot Clients initiate location detection using "beacons" (internal web servers) as defined in the Workspot Control Location Detector configuration. The location detection configuration is found at Control::Setup->Settings::Location Detector (refer to Configuration section below). Workspot Control Administrators have the ability to specify up to three (3) internal web servers to use as beacons.
This feature helps the client systems quickly detect if it is connected to the internal corporate network or on the public network. The Workspot Client attempts sends a status check to the internal web servers to determine the location of the device. If the client can reach any of the specified servers, then it will treat its location as "inside" the corporate network, and the internal VPN and RDGateway configurations will be bypassed.
(*) This feature will be supported in future releases of the client. Please check the release notes of the specific client platform.
- Internal beacon requirements:
- At least one web server that is reachable ONLY from inside the corporate network.
- The specified web page must not redirect to another page or URL, and it must not require authentication. The Workspot client during location detection looks for a normal (code 200) response.
- A certificate must be trusted by the client if HTTPS is utilized. If an attempt to connect to a server with a self-signed certificate occurs, the location detection process will fail for that URL.
- While FQDN configuration is supported, Workspot strongly recommends using the web server's IP address when configuring the feature. Many ISPs for home networks will "hijack" DNS requests that are not resolvable to an internal address, and may return an advertising page for that URL. The Workspot Client will receive this response and, falsely, determine that it is inside the corporate network.
- Go to Setup->Settings
- Enter the URI of internal sites that will play the role of "beacons" and hit "Save".
(Maximum of three (3) Sites/Web Servers.)
- What type of webserver should I use?
- Many companies have Microsoft Windows Servers, these servers can be configured to be a web server (IIS) fairly easily.
- What type of security should the IIS server have?
- No additional security is necessary. The Location Detector service is looking for a response from the server. If incoming connection requests require authentication first, the location detection response from that server will return as false.
- What ports are supported by the Location Detector?
- The Location Detector supports common web ports: 80, 443. Other ports may work, but have not been tested.
- What data or content is sent to and from the server participating in the Location Detector service?
- No web content is sent to and from the server. When the client communicates with the server, the client is looking for a response of “200 OK”.
- What order should I place the servers in?
- There is no preference as to which server is selected. The feature will attempt to solicit a response from up to 3 servers. Once a response is received from any of the servers, the Workspot client continues launching the selected application. Subsequent responses from the server are discarded.
- Do the servers need to be available on the internet?
- No, the servers defined for the Location Detector service should specifically not be available for access from the internet. This would negate the Location Detector purpose. Our best practices for this feature call for Control to be configured with an IP address, (instead of a FQDN). The reason is that many companies use non routable addresses (ie: 10.x.x.x) in their internal networks, this helps ensure the servers are internal to the companies network.