Install the Venafi MMC Snap-In Collection

NOTE  This procedure provides instructions on installing the Venafi MMC Snap-In Collection. The snap-in collection can be installed on any Windows workstation, thereby allowing administrators to perform management tasks without having to be signed in to the Trust Protection Platform server.

In order to complete this procedure, you'll need the following information:

  • URL of the Trust Protection Platform SDK endpoint

    If the default engine settings are used, this is: https://[venafi-server]/vedsdk/

  • URL of the Trust Protection Platform authentication endpoint

    If the default engine settings are used, this is: https://[venafi-server]/vedauth/

  • Valid user credentials to the Trust Protection Platform server and access to use the snap-ins.

    While users may have access to view the snap-in, they must also have rights to see the data. For example, the Venafi Recycle Bin snap-in can be added by anybody, but the contents of the recycle bin can only be seen by a master administrator.

  • API access granted to the user

The Snap-In Collection requires the following:

  • .NET 4.7.2
  • Windows 8.1 or later or Windows MS SQL 2016 SP2 or later

Grant access to the snap-ins

In order to use the MMC snap-ins, a master admin must grant access to them. The relevant Application Names for the snap-ins in the MMC snap-in collection are:

  • Venafi Code Signing Administration

  • Venafi Event Viewer

  • Venafi Statistics Viewer

  • Venafi Recycle Bin

  • Venafi Access Management

To use the any of the MMC snap-ins, users must be given access by an administrator. To grant access, use the Integrations page in the Platform product.

  1. Sign in to the Venafi Platform product, and click API > Integrations in the menu bar.

    TIP  Use the filter to search for MMC to see all the snap-ins.

  2. Click the name of the snap-in you're granting access to.
  3. Click User or team access.
  4. In the User or team box, enter the name of the user or team you want to grant access to.
  5. Click Add.
  6. Click Save.

Once users have access, they can install and configure the snap-in.

After access is granted to use the snap-ins, return to this topic and follow the steps below to load them in the MMC.

Download and install the Venafi MMC Snap-In Collection

  1. Download the VenafiMmc-23.1.0.msi installation file.
  2. Run the installation file. The Venafi MMC Snap-In Collection Setup wizard opens. Click Next.
  3. Accept the end-user license agreement and click Next.
  4. Select the location where you want the Venafi MMC snap-in installed. Click Next.
  5. Click Install. The installation takes place. Click Finish.

Add the Snap-Ins to the MMC

DID YOU KNOW?  You can have snap-ins for multiple servers, allowing you to easily manage a complete cluster of Venafi servers, as well as servers in lower (development, test, etc.) environments.

Additionally, since identities cannot see identities from other identity providers (local admins cannot see identities managed by Active Directory, for example), you can add multiple instances of the same snap-in for the same Venafi server, but with different user credentials. This allows you to manage users from multiple identity providers, or even see the rights and permissions granted to users within the same identity provider, but with different roles.

  1. Open the MMC console.

    You can do this by pressing Windows+R and typing mmc in the Open box. Click OK, and then click Yes in the User Account Control window.

  2. Click File > Add/Remove Snap-In.

  3. From the Available snap-ins list, locate Venafi Code Signing, Venafi Event Viewer, Venafi Recycle Bin, and Venafi Statistics Viewer snap-ins. For each snap-in that you want to add, follow the instructions below:

    Select the Venafi CodeSign Protect Administration snap-in, and then click Add.

    In the Venafi Selection dialog, enter the following:

    1. Title: Enter a title for this connection. This will be used as the root node of the snap-in.
    2. Host URL: URL of the Trust Protection Platform SDK server. Correct format is https://[server URL]/vedsdk/.
    3. Auth URL: URL of the authentication Trust Protection Platform server. Correct format is https://[server URL]/vedauth/.
    4. Username and Password: Your user credentials.

    Click OK.The snap-in is added to the Selected snap-ins list.

    Select the Venafi Event Viewer snap-in, and then click Add.

    In the Venafi Selection and Channel dialog, enter the following:

    • Title: Enter a title for this connection. This will be used as the root node of the snap-in.
    • Host URL: URL of the Trust Protection Platform SDK server. Correct format is https://[server URL]/vedsdk/.
    • Auth URL: URL of the authentication Trust Protection Platform server. Correct format is https://[server URL]/vedauth/.
    • Username and Password: Your user credentials.

    Click Connect. After connecting, you will see Channel and Result Limit.

    The Channel drop-down shows all configured SQL channels that log event data. Select the one you would like to view data from.

    The Result Limit drop-down is the default limit that will be used for any retrieved records, if a custom view does not specify a limit. For example, if you select 50,000 and a query has more than 50,000 results, only the 50,000 newest events will be returned and displayed.

    Click OK.The snap-in is added to the Selected snap-ins list.

    You must have permissions to use the Venafi Statistics Viewer snap-in prior to completing these steps. See Grant access to the snap-ins

    Select the Venafi Statistics Viewer snap-in, and then click Add.

    In the Venafi Selection dialog, enter the following:

    1. Title: Enter a title for this connection. This will be used as the root node of the snap-in.
    2. Host URL: URL of the Trust Protection Platform SDK server. Correct format is https://[server URL]/vedsdk/.
    3. Auth URL: URL of the authentication Trust Protection Platform server. Correct format is https://[server URL]/vedauth/.
    4. Username and Password: Your user credentials.

    Click OK.The snap-in is added to the Selected snap-ins list.

    You must have permissions to use the Venafi Recycle Bin snap-in prior to completing these steps. See Grant access to the snap-ins. Please note that users must have master administrator permissions to see the contents of the Venafi Recycle Binsnap-in.

    Select the Venafi Recycle Bin snap-in, and then click Add.

    In the Venafi Selection dialog, enter the following:

    1. Title: Enter a title for this connection.

      This will be used as the root node of the snap-in. Since you can have more than one Venafi Platform instance, you should give it something that helps you know which Venafi Platform this item is connected to.

    2. Host URL: URL of the Trust Protection Platform SDK server.

      If you haven't modified the engine's default settings, the format is https://[venafi-server]/vedsdk/.

    3. Auth URL: URL of the authentication Trust Protection Platform server.

      If you haven't modified the engine's default settings, the format is: https://[venafi-server]/vedauth/.

    4. Username and Password: Your user credentials.

      Remember that to see content in the Venafi Recycle Bin snap-in, your account must have the master administrator role.

    Click OK.The Venafi Recycle Bin snap-in is added to the Selected snap-ins list.

     

    You must have permissions to use the Venafi Access Management snap-in prior to completing these steps. See Grant access to the snap-ins.

    Select the Venafi Access Management snap-in, and then click Add.

    In the Venafi Selection dialog, enter the following:

    1. Title: Enter a title for this connection.

      This will be used as the root node of the snap-in. Since you can have more than one Venafi Platform instance, you should give it something that helps you know which Venafi Platform this item is connected to.

    2. Host URL: URL of the Trust Protection Platform SDK server.

      If you haven't modified the engine's default settings, the format is https://[venafi-server]/vedsdk/.

    3. Auth URL: URL of the authentication Trust Protection Platform server.

      If you haven't modified the engine's default settings, the format is: https://[venafi-server]/vedauth/.

    4. Username and Password: Your user credentials.

      Remember that to see content in the Venafi Recycle Bin snap-in, your account must have the master administrator role.

    Click OK.The Venafi Recycle Bin snap-in is added to the Selected snap-ins list.

  4. Click OK.

Saving the Snap-In view

Once the snap-in is loaded, you can save your view for quicker access in the future. In the MMC, click File > Save. Choose a name and location for your .msc file, and click Save. Double-clicking the .msc file opens the MMC with the snap-in already loaded.