Managed Gateway Patching Through Workspot Watch
This feature is supported for Managed Gateways deployed in Azure and GCP and not supported for AWS deployed Managed Gateways.
Gateway Patching:
The Workspot Gateway servers are updated monthly to maintain system security and stability. This patching process involves applying the latest security updates for the Windows operating system, released by Microsoft (MS). These updates are typically released on the second Tuesday of each month, commonly referred to as "Patch Tuesday."
Patching through Workspot Watch:
The Workspot Watch Operational APIs communicate with the Workspot Gateway Agent installed on the server to initiate Windows Update. By utilizing Workspot Watch, patches are deployed efficiently and consistently across Gateways, reducing the need for manual intervention and minimizing the risk of human errors.
Patching through Watch
Login to the Workspot Watch
Before initializing the patching on any gateway, please consider the following points:
One Gateway at a time from each cluster. Thus, another gateway can cater to users’ connections.
Reboot should be planned. Please make sure after the patch installation reboot the gateway when the user connection is Zero or very low.
Change mode from Maintenance to Enable: After reboot, change the mode to “Enable” thus gateway starts taking new connections.
Go to the “Infrastructure” tab from the WS Watch console and select the Cluster if there are multiple clusters/ multiple regions.
Select one Gateway from a cluster based on the “patch selection criteria” mentioned above.
Go to “Action” at the end of the Gateway row. Select the appropriate action from the list. For the patching, we use the “Install Patches” option from the below actions list.
If there is only one gateway in the Cluster or in case another gateway in the cluster is already in maintenance mode and not in the state to cater to users’ connection, the Watch will prompt a confirmation message in case you would like to continue.
The below screen will be prompted next for selection. The process followed as:
Change mode to maintenance. This put the gateway into maintenance mode. The existing user session won’t be affected. However, the gateway will not take any new connections.
Select the option to take the snapshot. In case the server does not come up to a stable state after patching the Snapshot will allow you to go back to the earlier state to retrieve the gateway back to the original state.
Select Severity, based on the patches that need to be installed. The severity of the patches is defined by MS, for more information please go through the link.
Reboot Options:
Always: As soon as patches get installed the server will get rebooted automatically, even though the patch does not require a restart.
If Required – The server will get rebooted automatically if the patch requires a restart.
Never – The server won’t get rebooted automatically after patch installation. Someone needs to restart the gateway server manually.
Once the patch installation is completed make sure the server is responding to the Watch.
Change the server mode from maintenance to Enable state. This will allow gateways to start taking the users’ connections.
Patch validation from Watch
Workspot Watch also provides the option to validate:
Patching status of any Gateways
If any Patch is pending to install
If the server needs to be rebooted after patch installation.
