Monitoring your deployed VSatellites
Table of Contents
Expand all | Collapse all
-
- Activate Next-Generation Trust Security
-
-
- Configure AWS connection
- Configure Azure Key Vault connection
-
- Workload Identity Federation authentication
- Workload Identity Federation - Azure Identity Provider authentication
- Next-Gen Trust Security Generated Key authentication
- User permissions
- Workload Identity Federation authentication
- Next-Gen Trust Security Generated Key authentication
- User permissions
- Supported OIDC claims
-
-
-
-
- Create an F5 BIG-IP LTM machine
- Create a Microsoft Azure Private Key Vault machine
- Create a Microsoft IIS machine
- Create a Microsoft Windows (PowerShell) machine
- Create a Microsoft SQL Server machine
- Create a Common KeyStore machine
- Create a Citrix ADC machine
- Create an Imperva WAF machine
- Create a VMware NSX Advanced Load Balancer (AVI) machine
- Create an A10 Thunder ADC machine
- Create a Cloudflare machine
- Create Kemp Virtual LoadMaster machine
- Create a Palo Alto Panorama machine
-
- Provision to an F5 BIG-IP LTM
- Provision to a Microsoft Azure Private Key Vault
- Provision to Microsoft IIS
- Provision to Microsoft Windows (PowerShell)
- Provision to Microsoft SQL Server
- Provision to a Common KeyStore
- Provision to a Citrix ADC
- Provision to an Imperva WAF
- Provision to VMware NSX Advanced Load Balancer (AVI)
- Provision to an A10 Thunder ADC
- Provision to Cloudflare
- Provision to a Kemp Virtual LoadMaster
- Provision to Palo Alto Panorama
-
-
- 47-Day Validity Readiness TLS Certificates dashboard
- About the Certificate Inventory
- Managing certificate lifecycle settings
- Reissuing certificates in Next-Gen Trust Security
- Downloading certificates, certificate chains, and keystores
- Retiring, recovering, and deleting certificates
- Finding certificates in the certificate inventory
- Importing certificates from a CA using EJBCA
- Notification Center overview
- Domain-based validation for external emails
- Managing user accounts
- Troubleshooting
Monitoring your deployed VSatellites
Use the VSatellite's page to monitor your deployed VSatellites. From the Drawer view, you can do the following:
- view a VSatellite's current status
- verify the last time a VSatellite checked in to Next-Gen Trust Security
- view each VSatellite's list of currently supported services
To monitor a VSatellite
- Sign in to Next-Gen Trust Security.
- Click Configuration > VSatellites.
- Select the VSatellite you want to monitor.You can view the status of a VSatellite by looking in the Status column of the VSatellites List view or at the top of the slideout drawer under the VSatellite's name.
- (Optional) Scroll to the Supported Services table to view the list of services assigned to the selected VSatellite.To view the details of a specific service, click a service's name.
Unhealthy status in HSM-protected DEK deployments
If your tenant is configured to use HSM-protected DEK, a VSatellite may enter an Unhealthy state due to issues related to HSM access or configuration.
Common causes include:
- The HSM is unreachable from the VSatellite host.
- Incorrect HSM-related configuration values were provided during installation (for example, an incorrect PIN, client path, library path, or configuration file).
- The DEK is missing or was deleted from the HSM partition.
- The VSatellite was installed using a different HSM or partition than other VSatellites.
In some cases, the VSatellite may automatically return to a healthy state after HSM connectivity or configuration issues are resolved.
Note: HSM-related configuration values are not fully validated during installation. A VSatellite can deploy successfully and still enter an Unhealthy state if issues are detected later.
For details about HSM requirements, limitations, and lifecycle behavior, see Using HSM-protected DEK with VSatellites.
What's next?
Get help troubleshooting your VSatellites.