This article is for:
- IT Groups and Administrators
When using the Workiva platform, including Wdata, there is important technical information to ensure things run smoothly. This guide outlines network settings to optimize your performance and experience. You can forward this information to your IT Department to ensure allowing domains and SSL Inspection Bypass are established.
In this guide we'll cover the following:
- Allow domains and network policy
- SSL inspection
- Latency testing
If at any point you run into problems while walking through this guide, or think there is an issue, please contact email@example.com.
Step 1: Review domains and network policy
First, review which domains you allow on your network. This contains a table of domains and emails to allow to ensure that Workiva and its services are not being blocked.
For whitelisting domain details, see Allow hosts and emails.
Step 2: Bypass SSL inspection
Bypassing SSL Inspection for Workiva can enhance performance and the overall user experience.
What is SSL inspection?
SSL Inspection is used to unlock encrypted sessions, check the encrypted packets, identify and block threats. It can also be referred to as; SSL Decryption, SSL Interception, HTTPS Inspection, HTTPS Scanning, and is part of the CASB (Cloud Access Security Broker) solution.
More and more public websites are moving to HTTPS, which means communications and data sent between the web server and client (i.e. an end user browsing the internet) are encrypted.
Wdesk and SSL inspection service or appliance
SSL Inspection services are known to cause performance issues with the Workiva platform. In order to remedy this, the wdesk.com domain and all wdesk.com subdomains need to bypass the SSL inspection policy. If SSL Inspection is not bypassed for all wdesk.com subdomains, it is likely the end user will experience slowdowns or connections issues.
Workiva currently uses two deep subdomains, example calc.app.wdesk.com. If the SSL Inspection equipment is capable of wildcard entry for the domains, that is a recommended method.
Check for SSL inspection
Checking if SSL Inspection is running can be completed by checking the web certificate being used when logged into Workiva.
- Go to https://app.wdesk.com.
- In the top URL bar, click on the padlock icon (next to the URL bar in Chrome, in Internet Explorer padlock is on the opposite side of the URL bar). Then click Certificate.
- A new Certificate window will display. Take a screenshot of the General tab.
- Next, click on the Details tab. Scroll down to the bottom and click on Thumbprint. This can be captured as a screen shot for future diagnosis
- Compare the Clients certificate to the ones listed below. If the certificate does not match the one below, please notify your IT department.
|SHA-1: "DE A8 1B E7 5C 01 E2 EC 01 C4 18 8E FE AC FE 1D 4F ED B0 38"|
|SHA-256: "C4 46 92 BC AE 9B AF 59 AD 16 1F 8F 41 FA F4 9E 29 0B 71 CB 87 45 3E 29 77 79 64 F2 13 31 DE D7"|
|SHA-1: "12 39 CF 9A 6A D9 10 C6 D2 11 B6 D6 E6 B7 2E 6E 56 50 5B 4E"|
|SHA-256: "92 FC 85 00 34 1A DD A6 B9 62 86 AE 70 62 19 63 EE 1C D5 1A B0 01 1F B6 63 C5 93 1D 7B 81 06 35|
|SHA-1: "E2 46 99 48 BE 89 41 08 F7 AE 6A 24 01 B8 E3 54 3C A8 43 1B"|
|SHA-256: "8D FD 93 4F 0E A6 AC 75 B1 35 07 06 A5 74 9E 6B2A15 02 E9 15 FR 3F 4A0E 6E 20 4D 70 E8 EA 39"|
Note: As a general best practice, we do not support certificate pinning. Web certificates are renewed frequently and depending on the certificate registration schedule, certificate pinning can lead to connection issues when renewal occurs. Please work with your IT Department to ensure Certificate Pinning is not taking place.
In addition, you can verify that Workiva subdomains have been set to bypass SSL Inspection. Click the the URL below or go to the canary report and check the certificate.
If the Wdesk logo shows up, the SSL Bypass for Wdesk and Wdesk Subdomains has been implemented correctly. If the logo doesn't show up, or there is an error, SSL Inspection is still blocking the connection, or Whitelisting has not been properly implemented. Contact Support for additional assistance.
Step 3: Test latency
Note: Only for those using app.wdesk.com. If users are connecting to eu.wdesk.com, do not run this test.
You can now test the speed and latency to Amazon servers which are located in the United States. These tests should only take 2-3min to complete. Please run them one at a time, as running them simultaneously will flag errors.
Testing will ping servers that are geographically separated in different parts of the region. If the Latency is showing more that 250+ ms for servers tested, Wdesk performance will most likely be hindered.
Amazon Web Services Network Test
Click the link to access the CloudHarmony test for AWS. Capture a screenshot and record any errors if needed. Select your test based on your region.
Google Cloud Platform Network Test
Click the link to access the CloudHarmony test for GAE. Capture screenshot and record any errors if needed. Select your test based on your region.
- North America: GAE CloudHarmony Test
- Europe: GAE CloudHarmony Test
- Asia Pacific: GAE CloudHarmony Test
Local Internet Service Provider (ISP) Testing
It's also helpful to test the bandwidth coming from your local ISP. An easy test can be run by clicking on this link. Speedtest URL
If their results show speeds less than 25 Mbps download and 3 Mbps upload, there could potentially be performance issues. If you were able to walk through these tests and no issues arose, there shouldn't be any issues from a Networking standpoint when using Workiva's next generation Platform.
If you think there may be a potential issue, please contact firstname.lastname@example.org.