Skip to content

Create an Enhanced discovery service

Create and run an Enhanced discovery service to perform certificate discoveries inside of your company's network according to a fixed schedule (optional).

Enhanced Discovery takes advantage of Venafi's VSatellites to extend the reach of your Venafi as a Service account beyond public networks to discover certificates within your on-premise/private networks and machines.

This discovery service validates discovered certificates automatically.


If you want to simply perform a quick certificate discovery inside your company's network, create a Basic discovery service instead.

Before you start

Consider the following pre-requisites before you create your discovery service:

VSatellite discovers certificates on endpoints that are not reachable from the public internet. You'll need administrator access to an endpoint that meets the following system requirements:

  • CentOS Linux release 8.3-2011 or later
  • Ubuntu 18.04 LTS or later LTS releases
  • 4 GB RAM
  • 2 CPUs
  • 10 GB disk space

To create an Enhanced discovery service

  1. Log in to Venafi as a Service.
  2. Click Discovery, and then click New > Enhanced discovery.
  3. Following the remaining prompts.
About vSatellites

VSatellites are a new, novel and critical part of Venafi as a Service, Venafi's cloud-native machine identity management service.

VSatellites extend the reach of your Venafi as a Service account beyond publicly accessible networks and hosts, to your on-premise/private cloud networks and machines, enabling you to develop the full picture of your machine identities across your organization, irrespective of public or private visibility.

At the most basic level, VSatellite is a self-updating application that is a runtime extension of Venafi as a Service that runs within your private infrastructure.

VSatellite is a modern, self-contained, low-footprint, Kubernetes-based application runtime and runs on most modern Linux systems such as Ubuntu and CentOS.

You manage your own VSatellites remotely using your company's own Venafi as a Service account. So, after your administrators have completed a one-time download and setup of VSatellites on your designated machines (Linux), full administration and management of services for those VSatellites is performed from using the Venafi as a Service web console. This includes self-updates of the VSatellite runtime itself.

Learn more about managing your existing VSatellites. Or you can learn a bit more about how VSatellites actually work, including the moving parts.

What's next?

After you perform a discovery, it's a good idea to then assign certificates to applications.

Last update: November 24, 2021