Workspot Gateway Server Patching Scope

Objective:  

This document outlines the expectations for customers when the Workspot Team manages the patching of their Managed Gateway Server(s). 

Overview 

A Workspot Managed Gateway provides secure access to your Workspot desktop and application pools. The gateway server operates on a virtual machine running Microsoft Windows Server, coordinating with Workspot Control for configuration and monitoring. 

Purpose 

Patching is essential for addressing vulnerabilities in software and operating systems that could be exploited by hackers. Unpatched systems are prime targets for cyberattacks, which can lead to data breaches, ransomware attacks, and other malicious activities. Additionally, patches often include bug fixes that prevent systems from crashing or behaving unpredictably, as well as performance enhancements to make servers run more efficiently. 

Audience 

Elite customers and customers agreed and provided adequate access, Workspot takes responsibility for managing their Managed Gateways. 

Schedule 

Every month the patching cycle starts after Microsoft releases security patches on "Patch Tuesday," which occurs on the second Tuesday of each month. Customer should expect their servers to be patched within 1 to 3 weeks after the patch released date. 

Process 

To maintain a secure and up-to-date environment, the Workspot team utilizes an automated patching solution, for updating the Managed Gateways. Inbuild API call being made to the Workspot gateway Agent running on the server to trigger Windows Update service to Scan, Download, and install Security patches. If issues arise with the automation process, our operations team may need to manually access the gateways for troubleshooting and patching. 

Scope 

The Workspot team focuses exclusively on applying Windows Security Updates, which are specifically targeted at addressing security vulnerabilities to protect the system from threats. Feature and Quality updates are excluded from the patching process.A screen shot of a computer

Description automatically generated 

 

Customer's Responsibilities 

For Enterprise, Enterprise+, BYOC, and On-Prem customers, managing their gateways and installing security patches is their responsibility and is not covered under Workspot's managed services. Workspot manages Pro customers' gateways only if they have agreed to and provided sufficient access for patching. 

Securing the Gateway Server 

The Gateway server can be positioned behind the customer's firewall or Cloud Firewall/ NSGs (Network Security Group), depending on the specific setup. Below are the recommended practices to ensure the server remains secure: 

  • Firewall Configuration: Implement firewall rules to allow only secure ports & protocols. 

  • Application Management: Ensure the gateway servers are not running any unwanted or unnecessary applications that could impact security or performance. 

  • OS and Web Server Configuration: Fewer applications result in a lighter and better-performing server. Stop any unnecessary Windows services to enhance performance. Configure the operating system and web server according to security best practices.  

  • Patching: Ensure the server is updated with the latest security patches.