Working with Venafi Platform

The Platform product is the underlying architecture upon which Venafi Trust Protection Platform products are built. The Venafi Platform product allows you to configure options and settings that are independent of a specific product like TLS Protect or SSH Protect.

Venafi Platform can only be seen by users who are master administrators, or who have View and Read permissions to the \VED\Engines object.

You do not need an active Venafi license to access Platform.

Access Platform from the context switcher, next to the user icon on the menu.

Platform has the following features:

  • System Status (dashboard). This dashboard shows you license counts and information about engines connected to the Trust Protection Platform database.

    For more information, see Working with the System Status (dashboard).

  • You can use TppTool to perform Venafi Platform actions through the command line or script files. See Using TppTool from the command line and script files.

  • Venafi Servers. This menu takes you to the classic policy tree, and shows you the Platforms tree, where you can see all the engines connected to the database, and you can configure settings related to the servers, individually or collectively.

    For more information, see Platform Objects.

  • Policy Tree. This menu takes you to the classic policy tree view, and shows you the Policy tree. The Policy tree provides a hierarchical view of your encryption deployment model. Policy items (for example, devices, applications, CA templates, certificates, credentials, and so on) display in context of other system objects so you can intuitively design your object hierarchy and policy inheritance paths.

    For more information on managing policies, see Using policies to manage encryption assets.

  • Encryption. This menu takes you to the classic policy tree, and shows you the Encryption tree which contains your system’s Encryption drivers. Encryption drivers provide access to the keys used to secure your system’s encryption assets—that is, certificates, private keys, SSH keys, Credential objects, administrator usernames and passwords, and all other information stored in the Secret Store database.

    For more information about the Encryption tree, see Managing system encryption keys.

  • Notifications. This menu takes you to the classic policy tree, and shows you the Notification Rules node of the Logging tree which provides a comprehensive view of the Trust Protection Platform notification system and is the control center for all system logging and notification activities.

    For more information, see Understanding system logging and notifications.

  • API > Default Settings. The Default Settings allows you to configure the default configurations for API access, including allowed authentication methods, token refresh settings, and session caching. These settings can also be found in the Venafi Configuration Console.

    For more information see API default settings for remote access configuration.

  • API > Integrations. The Application Integrations menu link takes you to the API Integrations list. Here a master administrator can create app integrations that manage scopes and restrictions of identities needed for accessing specific subsets of API methods. Fundamentally, this feature is about limiting an external application's ability to call some methods within APIs while restricting others via the identities used to access the API.

    For more information, see About API integrations.

  • Clients > Client Group Settings. The Client Group Settings menu takes you to the groups list where you can better manage SSH key and certificate management work on machines in your environment.

    For more information, see Working with Client Group Settings.

  • Clients > Work Settings. The Work Settings allows you to configure Discovery work, and set placement rules either through an agent on the target device, or through an agentless discovery.

    For more information, see Creating and assigning Work.

  • Clients > Registered Clients. The Registered Clients list shows you a list of all discovered client devices, with a variety of details about the client including the operating system, credential, and when the device last connected.

    For more information, see Working with Group and Server Agent details.

  • Clients > Agent Registration Settings. The Agent Registration Settings lets you configure Server Agent settings for each agent that connect to Trust Protection Platform.

    For more information, see Configuring Server Agent registration.

  • Logs. The Logs menu link takes you to the Classic Policy Tree and shows you the Default SQL Channel node, which enables Venafi Platform to record events to a Microsoft SQL Server database (either you primary Trust Protection Platform database, or a separate database as needed).

    For more information about logging and notifications, see SQL Server channel.