Skip to content

Create an Enhanced discovery service

Create and run an Enhanced discovery service to perform certificate discoveries inside of your company's network according to a fixed schedule (optional).

Enhanced Discovery takes advantage of Venafi's VSatellites to extend the reach of your TLS Protect Cloud account beyond public networks to discover certificates within your on-premise/private networks and machines.

This discovery service validates discovered certificates automatically.


If you want to simply perform a quick certificate discovery inside your company's network, create a Basic discovery service instead.

Before you start

Consider the following pre-requisites before you create your discovery service:

VSatellite discovers certificates on endpoints that are not reachable from the public internet. You'll need administrator access to an endpoint that meets the following system requirements:

  • Ubuntu LTS 18.04 or later (x86_64)
  • 4 GB RAM
  • 2 CPUs
  • 10 GB of free disk space

    IMPORTANT! Disk space requirements for VSatellite installation

    VSatellite uses specialized technology (Kubernetes K3s) and requires specific disk space allocations in the following folders:

    • /var/lib/rancher: ~85% of required space
    • /var/lib/kubelet: ~5% of required space
    • /usr/local/bin: ~5% of required space
    • /var/log/containers: ~3% of required space
    • /etc/rancher: ~2% of required space

    Custom Mount Points: If you have mounted any of the above folders to a different location, make sure to adjust the free disk space based on these percentages. For example, if you have /var/lib/rancher mounted on a separate disk at /mnt/mydisk/rancher, you would need to ensure that this location has enough space to accommodate ~85% of the required VSatellite disk space.

    Installation Warning: You may see a warning about free disk space during installation. This is normal and can be ignored, as the installer checks the root (/) mount point by default. Follow the space requirements listed above for a successful installation.

To create an Enhanced discovery service

  1. Log in to TLS Protect Cloud.
  2. Click Discovery, and then click New > Enhanced discovery.
  3. Following the remaining prompts.
About vSatellites

VSatellites are a new, novel and critical part of TLS Protect Cloud, Venafi's cloud-native machine identity management service.

VSatellites extend the reach of your TLS Protect Cloud account beyond publicly accessible networks and hosts, to your on-premise/private cloud networks and machines, enabling you to develop the full picture of your machine identities across your organization, irrespective of public or private visibility.

At the most basic level, VSatellite is a self-updating application that is a runtime extension of TLS Protect Cloud that runs within your private infrastructure.

VSatellite is a modern, self-contained, low-footprint, Kubernetes-based application runtime and runs on popular Linux systems.

You manage your own VSatellites remotely using your company's own TLS Protect Cloud account. So, after your administrators have completed a one-time download and setup of VSatellites on your designated machines (Linux), full administration and management of services for those VSatellites is performed from using the TLS Protect Cloud web console. This includes self-updates of the VSatellite runtime itself.

Learn more about managing your existing VSatellites. Or you can learn a bit more about how VSatellites actually work, including the moving parts.

What's next?

After you perform a discovery, it's a good idea to then assign certificates to applications.