Update options for VSatellites
Table of Contents
Expand all | Collapse all
-
- Activate Next-Generation Trust Security
-
-
- Configure AWS connection
- Configure Azure Key Vault connection
-
- Workload Identity Federation authentication
- Workload Identity Federation - Azure Identity Provider authentication
- Next-Gen Trust Security Generated Key authentication
- User permissions
- Workload Identity Federation authentication
- Next-Gen Trust Security Generated Key authentication
- User permissions
- Supported OIDC claims
-
-
-
-
- Create an F5 BIG-IP LTM machine
- Create a Microsoft Azure Private Key Vault machine
- Create a Microsoft IIS machine
- Create a Microsoft Windows (PowerShell) machine
- Create a Microsoft SQL Server machine
- Create a Common KeyStore machine
- Create a Citrix ADC machine
- Create an Imperva WAF machine
- Create a VMware NSX Advanced Load Balancer (AVI) machine
- Create an A10 Thunder ADC machine
- Create a Cloudflare machine
- Create Kemp Virtual LoadMaster machine
- Create a Palo Alto Panorama machine
-
- Provision to an F5 BIG-IP LTM
- Provision to a Microsoft Azure Private Key Vault
- Provision to Microsoft IIS
- Provision to Microsoft Windows (PowerShell)
- Provision to Microsoft SQL Server
- Provision to a Common KeyStore
- Provision to a Citrix ADC
- Provision to an Imperva WAF
- Provision to VMware NSX Advanced Load Balancer (AVI)
- Provision to an A10 Thunder ADC
- Provision to Cloudflare
- Provision to a Kemp Virtual LoadMaster
- Provision to Palo Alto Panorama
-
-
- 47-Day Validity Readiness TLS Certificates dashboard
- About the Certificate Inventory
- Managing certificate lifecycle settings
- Reissuing certificates in Next-Gen Trust Security
- Downloading certificates, certificate chains, and keystores
- Retiring, recovering, and deleting certificates
- Finding certificates in the certificate inventory
- Importing certificates from a CA using EJBCA
- Notification Center overview
- Domain-based validation for external emails
- Managing user accounts
- Troubleshooting
Update options for VSatellites
As a PKI Administrator, you can control how and when your VSatellites receive updates. You can define the order in which VSatellites are updated by assigning an update priority, and you can trigger updates manually when needed, bypassing the default schedule.
These options give you greater flexibility in coordinating updates across your environments.
Control update order with priority
- Configurable update prioritySet a numeric update priority (between 1 and 100) for each VSatellite to control the order in which updates are applied. This allows you to update test environments before production, or control sequencing across high availability groups. The default is 50 for VSatellites that do not have a priority assigned.
- Supports HA and standalone environmentsWhether a VSatellite is part of a high availability group or deployed as a single instance, the update priority determines its place in the update sequence.
- Safe and predictable updatesBy controlling the update order, you can reduce risk and ensure that critical environments are updated only after validation in less critical ones.
- Flexible configuration optionsEdit update priority directly from the user interface to align with your operational and validation workflows.
- Built-in safeguardsValidation prevents values outside the supported range (1–100), and helpful tooltips explain behavior and input expectations.
Trigger updates manually
- Update on demandUse the Update now option in the UI to immediately trigger an update for a VSatellite that is in an UPDATE_PENDING or FAILED state.
- Bypass scheduled windowsManually triggered updates start immediately and override any scheduled update timing.
- Target specific VSatellitesManual updates are useful for retrying failed updates or updating a VSatellite ahead of others for validation.
Define a recurring update window
- Schedule updates during maintenance hoursUse the Edit maintenance window button on the VSatellite list page to define a recurring daily or weekly time window when updates are allowed to run.
- Tenant-wide controlConfigure the maintenance window at the tenant level.
- Flexible time and frequency optionsSpecify a start time (UTC), and then choose durations of 8, 12, or 24 hours. Next-Gen Trust Security displays the equivalent in your local timezone.
- Reliable update behaviorUpdates and retries are limited to the configured window unless manually triggered.
- Easy reset optionRevert to the default (daily, 24-hour window) at any time using the Reset to Default button. When set to the default, updates occur as they become available.
Audience and use cases
These features are designed for PKI Administrators who manage multiple VSatellites across different environments. They are especially useful for:
- Coordinating update timing to ensure VSatellites are updated one at a time, except when manually triggered.
- Updating VSatellites in lower environments (such as development and test) before production.
- Retrying failed updates without waiting for the next scheduled window.
- Controlling risk and downtime during rolling update windows.
Requirements and compatibility
- You can assign update priority only after the VSatellite is deployed.
- The Update now option appears only when an update is available and the VSatellite is in an UPDATE_PENDING or FAILED state.