Best practices for securing VSatellite
Table of Contents
Expand all | Collapse all
-
- Activate Next-Generation Trust Security
-
-
- Configure AWS connection
- Configure Azure Key Vault connection
-
- Workload Identity Federation authentication
- Workload Identity Federation - Azure Identity Provider authentication
- Next-Gen Trust Security Generated Key authentication
- User permissions
- Workload Identity Federation authentication
- Next-Gen Trust Security Generated Key authentication
- User permissions
- Supported OIDC claims
-
-
-
-
- Create an F5 BIG-IP LTM machine
- Create a Microsoft Azure Private Key Vault machine
- Create a Microsoft IIS machine
- Create a Microsoft Windows (PowerShell) machine
- Create a Microsoft SQL Server machine
- Create a Common KeyStore machine
- Create a Citrix ADC machine
- Create an Imperva WAF machine
- Create a VMware NSX Advanced Load Balancer (AVI) machine
- Create an A10 Thunder ADC machine
- Create a Cloudflare machine
- Create Kemp Virtual LoadMaster machine
- Create a Palo Alto Panorama machine
-
- Provision to an F5 BIG-IP LTM
- Provision to a Microsoft Azure Private Key Vault
- Provision to Microsoft IIS
- Provision to Microsoft Windows (PowerShell)
- Provision to Microsoft SQL Server
- Provision to a Common KeyStore
- Provision to a Citrix ADC
- Provision to an Imperva WAF
- Provision to VMware NSX Advanced Load Balancer (AVI)
- Provision to an A10 Thunder ADC
- Provision to Cloudflare
- Provision to a Kemp Virtual LoadMaster
- Provision to Palo Alto Panorama
-
-
- 47-Day Validity Readiness TLS Certificates dashboard
- About the Certificate Inventory
- Managing certificate lifecycle settings
- Reissuing certificates in Next-Gen Trust Security
- Downloading certificates, certificate chains, and keystores
- Retiring, recovering, and deleting certificates
- Finding certificates in the certificate inventory
- Importing certificates from a CA using EJBCA
- Notification Center overview
- Domain-based validation for external emails
- Managing user accounts
- Troubleshooting
Best practices for securing VSatellite
Regularly updating your VSatellites ensures that it remains secure, stable, and compliant with the latest security standards. As part of routine maintenance, you should apply the following updates:
- Update vsatctl – Apply vsatctl updates to ensure you have the latest security updates.
- Upgrade K3s – Keeps the embedded Kubernetes (K3s) version up to date for optimal performance and security.
Prerequisites
- You must have root privileges to run the vsatctl commands in this topic.
- Ensure you have the latest version of vsatctl installed.curl -O https://dl.venafi.cloud/vsatctl chmod +x ./vsatctl
Keeping VSatellite secure
Carefully review the following security maintenance tasks to ensure your VSatellites remain up to date.
To apply the latest vsatctl updates
Apply vsatctl updates to ensure you have the latest security updates by running the following:
sudo vsatctl update security
For additional details, including configuration considerations, see Update .
To upgrade K3s for stability and security
Run the following command to upgrade K3s to the latest supported version for {vsat}:
sudo vsatctl upgrade k3s
See vsatctl upgrade k3s.