Overview: certificate discovery¶
Where are the machines located that you want to protect? Are they inside of your organization's firewall (private), or are they out on the Internet (public-facing)?
Because server certificates are used both within private networks and out on the Internet, discovering and managing them requires a secure and flexible approach called discovery services.
There are four discovery services: Basic, Enhanced, Internet, and Kubernetes.
Which service you choose depends on your needs.
| Discovery Service | Use to... | Discovery Type |
|---|---|---|
| Basic Discovery | Perform a quick certificate discovery inside your company's network. This discovery service works together with Venafi's Scanafi utility to let you run manual discoveries. See Discovering private (internal) certificates. | Internal |
| Enhanced Discovery | Discover certificates inside of your company's network, similar to Basic Discovery, but uses Venafi VSatellite to run discoveries according to a fixed schedule (optional) and performs validation for you (after they are added to the certificates inventory). You can also run Enahanced Discovery any time using the Run Now option. See Discover private (internal) certificates. | Internal |
| Internet Discovery | Discover and protect certificates external to your company's private network. This service is created for you by default. But of course you can edit its name, add or remove targets, and change its discovery schedule. See Discover public (external) certificates. | External |
| Kubernetes Discovery | Discover certificates in your Kubernetes clusters. Take a look at our simple-to-use wizard to connect your Kubernetes clusters to Venafi Control Plane (Installations > Kubernetes Clusters). See Connecting a Kubernetes cluster. Venafi Control Plane installs a Venafi Kubernetes Agent on your cluster, which reports data on the cluster and any related certificates. The information collected is then viewable in the Venafi Control Plane UI on the Installations > Kubernetes Clusters page. See Viewing Kubernetes cluster information. | Internal or External |
Following certificate discovery, TLS Protect Cloud adds all discovered certificates to the certificates inventory (Inventory > Certificates). After the certificates are in the inventory, TLS Protect Cloud can run daily validations on them and highlight potential issues that could cause outages.