DNS Overview for External Workflow 2.0 Email Notification Approval
In today’s post, we would like to talk about a topic that is getting a lot of discussion regarding the Workflow Actions and what you can include in your workflow email notifications. Lately, a lot of customers are setting this up to get the Approve and Reject actions in their notification, but getting this to work, there’s a general lack of knowledge on how you can click the Approve button to approve the document from anywhere in the world, not just when you’re connected to your local network.
First, we must determine if the hostname that you enter in the Workflow Settings of your GP Web Services works from outside the network. The approval will work if the port is open and the hostname is publicly resolvable. If you only enter the NETBIOS name of the Web Services server, the approval will only work while connected to the internal network.
In this post, we are going to cover the components needed to set up a hostname publicly resolvable for use with Web Services.
The first thing to talk about is Domain Name Servers (DNS). DNS is how IP addresses are assigned to web addresses. DNS servers are the backbone of any business network and the public Internet. When a website address is written in the browser bar, that request goes to a public DNS server that responds with the appropriate IP address of the server where the website is hosted. Once your browser knows the IP, it can connect and display the site.
It works the same in the internal networks, the only difference being that Active Directory has its own DNS server that is used to assign IP addresses to computers on the network. When opening a file through a network drive, the DNS server of your local network provides the proper IP address of the file you’re accessing. If a local DNS server cannot resolve a request, it will forward the request to another DNS server until it reaches a server that can provide the IP, otherwise, a 404 error is returned.
Another concept to consider is the Web Services, which are required to approve an email. During the Web Services installation, you are not allowed or prompted to change the hostname in which the service is bound. The configuration files are written using the NETBIOS name of the server on which it is installed. NETBIOS name resolution requires being connected to the same domain and share the same DNS server as the Web Services server.
“Flat” network example:
In the Workflow configuration, a URL is requested to access the web services. In a flat environment, simply enter the NETBIOS name of the server. In order for the links to be resolved from the outside of the domain (where the resolution of the NETBIOS name doesn’t work), you will have to configure something differently. You must set up a PTR record in your own domain to forward that PTR traffic to the static IP of your network’s firewall. Then you must open and forward to the web services server the traffic from port 48620.
The external request now looks like this:
For the NETBIOS name resolution to work, there needs to be an A Record in DNS on the domain to map the local IP to the NETBIOS name. Automatically this record is created when a computer joins the domain. Any machine that joins the domain can be reached at their NETBIOS name or their FQDN, which is “NETBIOS.DOMAIN.COM”. In other words, if you want the request to be approved from outside your domain, you cannot use a NETBIOS name. Public DNS servers don’t have NETBIOS name records for a local machine on your private network, this is where having a public domain name purchased via a public registrar is required. Once you own the public domain name space, then you can either just use the label for the entire domain Web Services, instead of taking the entire domain, most would want to use a PTR record to make the traffic flow via label.domain.com. You may want your website on domain.com and web services on web.domain.com.
The final concept to mention is to merge the service itself with SSL since the traffic would be routing via the public internet. We recommend doing this, and the detail process can be found in the following link: https://goo.gl/8MxAeo
Follow the instructions in the above link to bind your public hostname certificate to your service, and then enter this hostname into Workflow Setup and check the “Use SSL” option.