The Workspot Enterprise Connector (or simply Connector) is software that runs as a service on a Windows Server machine in the datacenter that integrates Workspot Control with your Active Directory (AD) server. The Enterprise Connector communicates with Workspot Control on an outbound HTTPS connection (port 443)
- Run the Connector service in an isolated VM - do not install any other connector or services that may consume resources.
- Server requirements for Connector:
- Windows Server 2012 or later.
- Member of the Windows domain.
- Minimum of 4 GB of memory (the Connector will use ¼ of the available free memory or 1GB, whichever is less).
- 250 MB of free disk space for installation and runtime usage.
- It is not recommended to install the Connector on the domain controller.
- The server machine must have an outbound connection over HTTPS on port 443 to:
- Connector requires the Java Runtime Environment.
- Workspot recommends Azul Zulu OpenJDK 8.
- Workspot also supports Oracle Java JRE 8 (Offline 64-bit for Windows).
- If you install Oracle Java, after installing jre you should run this command line before installing the Enterprise Connector: mklink /D C:\ProgramData\Oracle\Java\javapath "C:\Program Files (x86)\Common Files\Oracle\Java\javapath"
- Windows PowerShell 2.0 or above, available by default with Windows Server and higher.
- A domain account with admin privileges to install the Connector. The installer will ask for admin privileges if run as non-admin. This domain account will also be used to create the service account necessary to run the Connector.
- Create a service account in Active Directory and add the user account to the local administrator group of the Connector server.
- The password for this account must not contain spaces or non-printing characters.
- For permissions, see Setting Permission for the Service Account, below.
- For production installations, grant the Connector service account "Log on as a Service" rights via Group Policy. This will ensure that the account does not lose this privilege in the future and the Connector service will be able to start.
Setting Permissions for the Service Account
Permissions for the Workspot Enterprise Connector service account should be configured as follows:
- On the domain controller, login as a domain administrator and create a new domain user for the Connector service account.
- Open Command Prompt in "Run as Administrator" mode.
- In the following example, the domain is example.com.
- The base DN for the domain is dc=example,dc=com.
- The Connector service account is WSECservice.
- Add Replicating Directory Changes to the service account:
> dsacls "dc=example,dc=com" /g "example\WSECservice:CA;Replicating Directory Changes"
- Add Replication synchronization to the service account:
> dsacls "dc=example,dc=com" /g "example\WSECservice:CA;Replication synchronization"
- Add the List Contents and Return Property Deleted Object permissions
> dsacls "cn=deleted objects,dc=example,dc=com" /takeownership
- Then grant permissions for the EC service account as follows:
> dsacls "cn=deleted objects,dc=example,dc=com" /g example\WSECservice:LCRP
For more information on Dsacls see https://technet.microsoft.com/en-us/library/cc771151.aspx
Configuring and Installing the Workspot Enterprise Connector
To configure and install the Workspot Enterprise Connector:
- Log in as an administrator to the domain-joined server where the Connector will be installed.
- From this server, use a browser to sign into Workspot Control as an Administrator. If using a Microsoft browser, disabling enhanced mode temporarily may be necessary to allow you to login or download the Connector.
- Create the connector configuration: Go to Setup > Datacenter > Add Datacenter. Enter a Name for the configuration, in this example, "US Datacenter".
- Click on the name, "US Datacenter", to manage Configuration Integration Types.
- Select and copy the Integration Key and save it for later use during the connector installation.
- Click the Download Connector button to download the Enterprise Connector installer. Launch the Workspot Enterprise Connector Installer, "Workspot_Enterprise_Connector_220.127.116.11.exe" at this writing. Enter the Integration Key; the domain name; the service account created previously in Active Directory and added to this machine's local administrators group; and the account's password. Click on Next >.
Click on Finish.
- In Services, verify that the Workspot Enterprise Connector service is running
- Returning to your browser's Workspot Control tab, Go to Setup > Datacenter to check the connector status. If installed and configured correctly, the status will show Available and Connected as shown below.
- Add Configuration is now enabled.
- If errors occur during installation and setup, see: c:\ProgramData\workspot\setup.txt.
- If Connector doesn't seem to be running, start it in Services.
- If errors occur while Connector is running, see the log file in: C:\Program
- Configuration Guide for Active Directory Integration.
- For more information on Dsacls see https://technet.microsoft.com/en-us/library/cc771151.aspx.