How do VSatellites work?¶
To help you organize the mesh of your connected Venafi VSatellites, Environments and Services are new features designed to help you manage VSatellites so that you can distribute the work of machine identity management across them.
In Venafi as a Service, an environment acts as a container for VSatellites and services and is designed to model your logical/physical environments. Services (described below) perform various machine identity management functions (such as discovery, validation and provisioning).
Today, you'll see only a single environment called My Environment, which is created by default. Eventually, you'll be able to create additional environments.
Think of the Environment as an effective method for organizing your VSatellites and services in a way that works well for your organization and its policies.
For example, your environment might reflect a geo-centric configuration, representing all the physical/logical devices and services hosted at a data center in Santa Clara, California. Or as another example, your environment might represent the collection of network devices in your production workloads.
An environment can contain multiple machine identity management services.
In Venafi as a Service, a Service represents a machine identity management function and is always hosted in an Environment (described above). Venafi as a Service includes several types of machine identity management functions, two of which include
- Internal Discovery Service, and
- External Discovery Service
Typically, you'd schedule these services to run at particular times.
Services are the live machine identity management functions that run inside of VSatellites. However, not all Services require you to deploy a VSatellite. Using a Venafi as a Service web console, you can view the status and last known state of each VSatellite.