Physical Managed Gateways (Gateway Clusters)

  • Updated on Oct 30, 2024
  • Published on Jul 30, 2024
  • 2 minute(s) read
  • Robert Plamondon

Physical Managed Gateways are Workspot RD Gateways running on a bare-metal Windows Server device. They must be configured manually but after that operate as Workspot Managed Gateways, which means they are managed and monitored by Workspot Control and can be arranged in clusters for increased scalability and uptime.

This document covered features specific to Physical Managed Gateways. See Managed Gateways (Gateway Clusters) for general information.

Physical Gateways are listed in their own section in Workspot Control under “Setup > Gateways > Physical Gateway Clusters.” When the section is expanded it shows the same columns as Public Cloud Gateway Clusters.

Requirements

  • A dedicated bare-metal server running Windows Server 2019 or 2022.

  • Remote Desktop Services and RD Gateway roles installed.

  • This is a selective feature introduced in Workspot Control 18.5. Contact Workspot to have it enabled.

  • A valid DNS entry for the Gateway Server.

  • A valid certificate for the Gateway Server.

Limitations

  • Entra ID (Azure AD) Client authentication only. (Active Directory desktop/app authentication issupported.)

  • Currently not supported on VMs.

  • Imaging the Gateway from Control is not currently supported

  • Rebooting the Gateway from Control is not currently supported.

  • Certificate installation from Control is not currently supported.

Installation

Installing the Gateway Server

  1. Create your Gateway device using Windows Server 2019 or 2022.

  2. Install Remote Desktop Gateway Services.

  3. Restart the device.

  4. Upload valid certificates on Remote Desktop Gateway Manager.

  5. If you are creating a multi-Gateway cluster, repeat for the other servers.

Declaring the Gateway Cluster in Control

  1. Sign into Workspot Control.

  2. Go to “Setup > Gateways > Physical Gateway Clusters” and click the “Create Physical Gateway Cluster” button. The “New Gateway Cluster” screen appears.

  3. Fill in the Region and Cluster Name.

  4. (Optional) Add a description for the Cluster.

  5. Select Authentication Type used for Client authentication (currently, only “Azure Active Directory” (Entra ID) is supported

  6. Add Region, Name and Description for the Gateway Cluster.

  7. Authentication mode will default to “Azure Active Directory,” Which as of Control 18.5 is the only supported mode.

  8. Select a Gateway Policy under “Default Authorization Policy.” This is usually “Default Gateway Policy.”

  9. Press “Create.” The Gateway Cluster record will be created in Control with a status of “Preview.”

Declaring Individual Gateway Servers in Control

  1. “Setup > Gateways > Physical Gateways,” press the “Add Gateway” button under the entry for the Gateway Cluster you just declared.

  2. Add the hostname, URI, and MAC address for the Gateway Server. It will be shown on the list of Gateways as being in “Setup” mode.

  3. Repeat for any additional Gateway Servers in the Cluster.

  4. Press the “Agent Token” button under the Cluster and copy the Agent Token for use in registering the Workspot Gateway Agent on the Gateway devices.

Installing the Gateway Agent

  1. Sign into the Gateway device.

  2. Download the Workspot Gateway Agent Installer from https://download.workspot.com.

  3. Run the following command from the directory to which you downloaded the installer:

.\gateway_agent_installer_v2.4.0.ps1 [-token agent_token] [-companyIdentifier company_identifier] [-skipHardening]

  • Where

    • agent_token is the Agent Token you got from Control in the previous section.

    • company_identifier is your Company Identifier (shown in Control on “Setup > Configuration”).

    • -skipHardening disables some services that may interfere with Agent installation and operation.

  1. After the script runs successfully, the Gateway registers itself with Control and is set to Ready status.

  2. Change the state to “Enabled” from the Actions menu.

    • This will enable normal Gateway operation.

    • It will also cause the Agent to search for its DNS hostname. It should have a valid DNS record.

  3. Repeat for any other Servers in the Cluster.

  4. Assign the Gateway Clusters to desktop and application pools in the “Add Pool” or “Edit Pool” page under “Resources > Cloud Desktop Pools” or “Resources > Cloud App Pools.”