This article is for:
- IT Groups and Administrators
- Next Generation Platform
When using the Workiva platform, including Wdata, there is important technical information to ensure things run smoothly. This guide outlines network settings to optimize your performance and experience. You can forward this information to your IT Department to ensure Whitelisting and SSL Inspection Bypass are established.
In this guide we'll cover the following:
- Whitelisting and Network Policy
- SSL Inspection
- Latency Testing
If at any point you run into problems while walking through this guide, or think there is an issue, please contact firstname.lastname@example.org.
Step 1: Review Whitelisting and Network Policy
First, review Domain Name Whitelisting. This contains a table of domains and emails to whitelist to ensure that Workiva and its services are not being blocked.
For whitelisting domain details, see Whitelist Hosts and Emails.
Step 2: Bypass SSL Inspection
Bypassing SSL Inspection for Workiva can enhance performance and the overall user experience.
What is SSL Inspection?
SSL Inspection is used to unlock encrypted sessions, check the encrypted packets, identify and block threats. It can also be referred to as; SSL Decryption, SSL Interception, HTTPS Inspection, HTTPS Scanning, and is part of the CASB (Cloud Access Security Broker) solution.
More and more public websites are moving to HTTPS, which means communications and data sent between the web server and client (i.e. an end user browsing the internet) are encrypted.
Wdesk and SSL Inspection Service or Appliance
SSL Inspection services are known to cause performance issues with the Workiva platform. In order to remedy this, the wdesk.com domain and all wdesk.com subdomains need to bypass the SSL inspection policy. If SSL Inspection is not bypassed for all wdesk.com subdomains, it is likely the end user will experience slowdowns or connections issues.
Workiva currently uses two deep subdomains, example calc.app.wdesk.com. If the SSL Inspection equipment is capable of wildcard entry for the domains, that is a recommended method.
Check for SSL Inspection.
Checking if SSL Inspection is running can be completed by checking the web certificate being used when logged into Wdesk.
- Go to https://app.wdesk.com.
- In the top URL bar, click on the padlock icon (next to the URL bar in Chrome, in Internet Explorer padlock is on the opposite side of the URL bar). Then click Certificate.
- A new Certificate window will display. Take a screenshot of the General tab.
- Next, click on the Details tab. Scroll down to the bottom and click on Thumbprint. This can be captured as a screen shot for future diagnosis
- Compare the Clients certificate to the one in the screenshot below. If the certificate does not match the one below, please notify your IT department.
In addition, you can verify that Workiva subdomains have been set to bypass SSL Inspection. Click the the URL below or go to the canary report and check the certificate.
If the Wdesk logo shows up, the SSL Bypass for Wdesk and Wdesk Subdomains has been implemented correctly. If the logo doesn't show up, or there is an error, SSL Inspection is still blocking the connection, or Whitelisting has not been properly implemented. Contact Support for additional assistance.
Step 3: Test Latency
Note: Only for those using app.wdesk.com. If users are connecting to eu.wdesk.com, do not run this test.
You can now test the speed and latency to Amazon servers which are located in the United States. These tests should only take 2-3min to complete. Please run them one at a time, as running them simultaneously will flag errors.
Testing will ping servers that are geographically separated in different parts of the region. If the Latency is showing more that 250+ ms for servers tested, Wdesk performance will most likely be hindered.
Amazon Web Services Network Test
Click the link to access the CloudHarmony test for AWS. Capture a screenshot and record any errors if needed. Select your test based on your region.
Google Cloud Platform Network Test
Click the link to access the CloudHarmony test for GAE. Capture screenshot and record any errors if needed. Select your test based on your region.
- North America: GAE CloudHarmony Test
- Europe: GAE CloudHarmony Test
- Asia Pacific: GAE CloudHarmony Test
Local Internet Service Provider (ISP) Testing
It's also helpful to test the bandwidth coming from your local ISP. An easy test can be run by clicking on this link. Speedtest URL
If their results show speeds less than 25 Mbps download and 3 Mbps upload, there could potentially be performance issues. If you were able to walk through these tests and no issues arose, there shouldn't be any issues from a Networking standpoint when using Workiva's next generation Platform.
If you think there may be a potential issue, please contact email@example.com.