Available for: Windows clients.
Open Mobile can be configured to detect when a user is connected to a corporate or campus network at a given venue. Corporate network detection (CND) is important if you want Open Mobile to apply security or other corporate policies. For example, there might be different policies applied when a user is connected to the corporate network instead of just being connected to the Internet.
You can enable any number of different test methods for corporate networks. Multiple tests can improve the chances of making a successful detection of the corporate network. The complexity and number of tests used will depend upon the size and uniqueness of the corporate network being detected.
In some cases, a combination of tests is required to accurately determine whether Open Mobile detects a corporate network. For example, in the course of connecting, a user could receive a DHCP IP address within your normal DHCP IP range. However, because public addressing is used, the same user could receive the same DHCP IP address on a different network. By adding a second corporate network detection method, such as by DNS Server address, you can ensure that corporate networks are more accurately detected.
CND tests come in two types, local and remote.
Each test is assigned a score from 1 to 100, which represents the weight given to the test to determine corporate network connectivity. A positive result for the test means the score for that method will be included in the determination. (There are no partial scores.) For example, if the Assigned IP Address method is used with a score of 50, and the user matches the specified IP address, then the score of the Assigned IP Address will be 50.
In order for a location or venue to be identified as a corporate network, the scores of all tests with positive results must be greater than the Minimum Qualifying Score for the location venue. For example, if a venue has a Minimum Qualifying score of 80, then the Assigned IP Address method in the example above (with a score of 50) would not qualify even if it were a positive result, and would not be used to determine whether the venue was part of a corporate network.
Because of processing time, network traffic and other factors, CND tests can affect on the performance of the Open Mobile client. Configure as few methods as possible to get optimal results. When possible, use local CND tests, as opposed to remote tests. Local tests will not affect network traffic.
Note: configuring too many corporate network detection methods can significantly affect the performance of the Open Mobile client. You should use as few methods as possible to get the optimal performance results for your users.
The following CND tests are available to configure:
| Test | Type | Test is Positive If… | Notes |
|---|---|---|---|
| Domain | Local | Machine belongs to the specified domain. | The machine is checked to see if it is attached to the domain and connected to the domain network. For example, If the machine is in the corp.example.com domain, and if the machine is connected to the corporate network then CND will detect the corporate network.Note: Windows does not always return the correct value for the connected domain. It is recommended that you use another CND test in conjunction with this one. |
| Assigned IP Address | Local | Result matches a single IP address | Use of IP addresses can be effective if registered IP addresses are in use, and might be the only detection method needed. If public addressing is used, then this detection method may still be helpful to use along with some other methods, but it will likely not be usable on its own. |
| Registry Entry | Local | Registry entry found | (Windows machines only.) Some VPN products change a Windows registry value when the VPN tunnel is established. Some firewall products have a location detection capability that may also set a registry value. In these instances, checking a specific registry value can be a valuable method in network detection. |
| Service Set Identifier (SSID) | Local | Specified SSID is detected | A wireless network station name (SSID) can be configured as a detection method. This method is optimal for determining if a user is connected by Wi-Fi to the corporate network, and can be conclusive for Wi-Fi if the SSID in use is a unique name. |
| Virtual Adapter | Local | Specified virtual adapter is enabled | Some VPN products utilize a virtual adapter for VPN connectivity. When the VPN has established a connection, the virtual adapter is enabled. When the VPN connection is not established, the virtual adapter becomes disabled. To determine the virtual adapter name and URI, when the VPN is connected, at the command line, run ipconfig/all and check for the VPN client adapter description. |
| DNS Server Address | Local | Result matches DNS server IP address | A DNS server address can be configured as a factor in network detection, especially in circumstances where the DNS server addresses are not part of a commonly used public addressing (10.1.1.1, 192.168.1.1, etc.). This can be a very effective method when a company has a master set of DNS servers with unique IP addresses. |
| DNS Hostname Test | Remote | Result matches the hostname with its IP address | Configure a hostname that is only resolvable on your internal DNS server. Note: Of the remote tests, this test offers the quickest detection. |
| DHCP Server Address | Local | Result matches a DHCP server IP address | A DHCP server address can be configured as a factor in network detection, especially in circumstances where the DHCP server addresses are not part of a commonly used public addressing (10.1.1.1, 192.168.1.1, etc.). In large networks where there are dozens (or hundreds) of DCHP servers, this method may require a significant configuration effort. |
| Gateway Address | Local | Result matches gateway address | Best used in very flat network architectures where there are few default gateway addresses. |
| Network Device Reachable | Remote | Specified network device is reachable by PING | In environments where no other tests can be used and where ICMP traffic is not filtered, this can be an effective method in determining corporate network detection. If using this method, it is advisable to configure more than one IP address or device, to handle cases where the primary device checked is not available. Because this method generates network traffic and will require a few seconds to make a determination, avoid using this method unless no other methods will work for that network. |
| Network Printer Reachable | Remote | Specified network printer is reachable by PING | Because this method generates network traffic and will require a few seconds to make a determination, avoid using this method unless no other methods will work for that network. |
| Network Share Reachable | Remote | Specified network share is reachable by PING | Because this method generates network traffic and will require a few seconds to make a determination, avoid using this method unless no other methods will work for that network. |
| URL Reachable | Remote | Specified URL is reachable by PING | Because this method generates network traffic and will require a few seconds to make a determination, avoid using this method unless no other methods will work for that network. |
To add a new corporate network for detection: