Skip to main content

Ongoing Appliance Security Patching and Update Maintenance

Use this guide to learn about how SecureAuth IdP appliances are protected and to view information about patching and maintaining the appliance.

Appliance Protection & Hardening

OS and Antivirus update strategies are typically discussed during the SecureAuth IdP appliance installation. Any questions regarding updates in the future should be directed to SecureAuth Product Support. See the Support banner for contact information.

SecureAuth IdP appliances are extensively hardened throughout the build process. For more information, see the topic that relates to your SecureAuth IdP version number:

Warning

Install anti-virus and malware protection on the SecureAuth IdP appliance(s). SecureAuth IdP appliances are shipped without antivirus and malware protection.

Install enterprise-standard antivirus client on the SecureAuth IdP appliance to allow definition updates to be managed and monitored per the enterprise's virus security policy.

Updating & Patching the Operating System

  • Use an Operating System patch management system rather than Windows automatic updates. Apply patches and reboot the Appliance after installing all Operating System patch applications.

  • Apply all applicable Microsoft high priority updates/patches and Antivirus definitions on a regular basis as part of an enterprise-standard patch/update process.

  • If an issue with a specific patch is discovered, SecureAuth will notify customers via email and by posting information to the Support Website (support.secureauth.com).

Note

Windows Automatic Updates:

Most customers do not use the onboard Windows Automatic updater. By default, it is configured to not notify the console nor automatically apply available updates. OS and Antivirus update strategies are discussed during the SecureAuth IdP appliance installation. If your Enterprise prefers to use Microsoft Auto-Updates, it is easily enabled with a minor configuration change. The VIPRE antivirus client by ThreatTrack security (customers with legacy appliances only--no longer provided) can be renewed for continued virus protection with the latest definition updates after the 1st year.

Windows Server 2008 R2 Mainstream Support End Date

Windows Server 2008 R2 Mainstream support end date was Jan 2015. This will not affect the ability to receive security updates and patches until Jan 2020.

Please see the following information regarding Microsoft's product support lifecycle:

Per Microsoft's Security Update Policy defined in the Product Support LifeCycle (See below) Microsoft Security patches will be provided at no cost through the Extended Support phase of each product.

  • The Extended Support end date for Windows Server 2008 R2 Standard (which also included Web Edition) is 1/14/2020.

  • Service pack support end date for Windows Server 2008 R2 Standard SP1 has not been defined by Microsoft, so the Extended support end date will be sometime after 2020.

  • SecureAuth's shipping appliance version is Windows Server 2012 Standard R2 Standard and Windows Server 2016 Standard. The Extended Support end date for Windows Server 2012 and 2012 R2 is 1/10/2023.

SecureAuth appliances with OS versions which are within 2 years of their respective Microsoft Extended Support end dates are upgraded or replaced at no cost to current customers.

Note

Microsoft Product Support Lifecycle Security Update Policy

Microsoft will provide security update support for a minimum of 10 years (through the Extended Support phase) for Business, Developer and Desktop Operating System products. The security updates will apply only to the supported service pack level for these products.

  • Mainstream support—Microsoft will offer mainstream support for a minimum of 5 years from the date of a product's general availability, or for 2 years after the successor product is released, whichever is longer.

  • Extended support—Microsoft will offer extended support for either a minimum of 5 years from the date of a product's general availability, or for 2 years after the second successor product (two versions later) is released, whichever is longer.

(excerpt from Microsoft Product Support Lifecycle)

In this section: