Skip to content

Deploying VSatellites

In order to get a VSatellite connected to your Venafi as a Service account, you'll need to download and run a binary setup utility on a Linux computer within your target network.

Before you install a VSatellite, you'll need to make sure that the target computer meets the minimum requirements:

Operating system requirements

  • Supported:
    • Ubuntu LTS 18.04.5 or later
    • CentOS 7.9 or later
  • Compatible:
    • Red Hat Enterprise Linux 7.9 or later
    • Oracle Linux 7.9 or later

RECOMMENDED

Make sure that the operating system you use is updated with the latest patches. At a minimum, it must be able to retrieve updates from the operating system's standard software repository (for example, using apt-get or yum).

Additionally, the local Linux firewall must be disabled using the appropriate command for the operating system:

  • Ubuntu: ufw disable
  • CentOS/RHEL/Oracle: systemctl disable firewalld –now

System resources

  • 4 GB RAM
  • 2 CPUs
  • 10 GB disk-space

You can install VSatellites on either virtual machines (most common), or on physical hardware.

Networking

VSatellite requires connectivity with the following Venafi as a Service endpoints over HTTPS (port 443) without traversing a proxy server:

  • api.venafi.cloud
  • dl.venafi.cloud
  • vsat-gw.venafi.cloud

Tip

To quickly verify connectivity, you could use the cURL utility, which you can install on Ubuntu using apt-get install curl or on CentOS, RHEL, or Oracle using yum install curl.

curl -v https://api.venafi.cloud/ 2>&1 | grep 401
curl -v https://dl.venafi.cloud/ 2>&1 | grep 301
curl -v https://vsat-gw.venafi.cloud/ 2>&1 | grep 404

Since these are only the base URLs, all are expected to return HTTP error codes when there is connectivity—401, 301, and 404, respectively.

Tip

Venafi as a Service enables multiple user roles, including PKI Administrators and System Administrators, to install VSatellite and pair them with your Venafi as a Service account. This is by design since using VSatellites enables users assigned varying roles the ability to discover and manage certificates found behind your firewall.

To deploy VSatellites

  1. Sign in to Venafi as a Service, and then click Settings > VSatellites.

  2. On the VSatellites page, click New to launch the VSatellite deployment configuration worksheet, and then do the following:

    1. Review system requirements for the computer where you'll install VSatellite.

    2. Configure the pairing code by specifying the life of the code as well as the number of installations allowed.

      Each VSatellite has a pairing code (included within the setup command) that identifies it to Venafi as a Service and establishes a secure connection between your computer and Venafi as a Service. Once you configure a pairing code, it then has a fixed lifetime. Once configured, you'll have fixed window of time in which to use the pairing code to connect your VSatellite to Venafi as a Service.

      To facilitate rapid deployment of multiple VSatellite to your infrastructure, you can reuse a pairing code across multiple VSatellites.

    3. Under Installation and pairing instructions, click Copy Code to copy the entire command.

    4. At a command prompt on your Linux computer, paste the command you copied and press Enter to run it.

      If the script runs successfully, you'll see the Venafi as a Service VSatellite license agreement.

    5. To accept and continue, type Y at the command prompt and press Enter.

    6. On the Deploy VSatellite page in Venafi as a Service, when you see a connection message appear under Installation report, then click Check VSatellite Connection.

  3. When the connection test completes successfully, click Done.

Next Steps