Deprecated Functionality From Venafi Platform

Summary

This article contains a current list of features that have been removed from shipping versions of Trust Protection Platform. Deprecated features are grouped by the release in which they were removed. This document lists deprecations for all supported versions of Trust Protection Platform, since you might be upgrading from any supported version, and you need to review the deprecated features for ALL versions between your source version and your target version.

Applies To:

All versions of Trust Protection Platform.

See Also:

For a list of features that are scheduled for deprecation in upcoming releases, see https://docs.venafi.com/21.3/deprecation-list-future.

Venafi Platform 21.3

Internet Explorer 11 is no longer supported by the Web Consoles
Google Chrome and the chromium version of Edge are now the only supported browsers. Firefox continues to be compatible with the Web Consoles of Trust Protection Platform. Internet Explorer 11 is considered incompatible

Symantec MPKI CA Driver
The Symantec MPKI CA driver is deprecated. Once you upgrade to 21.3.x (or later) any existing Symantec MPKI CA Templates will become unavailable. Certificates using the Symantec MPKI CA driver should be migrated manually to DigiCert CA.

Venafi Platform 21.1

Server Agent no longer supports 32-bit Linux
Due to Red Hat Enterprise Linux 7 (and later releases) and the deprecation of 32-bit operating systems for its product line, Venafi no longer offers the 32-bit version of the Linux Installer and Venafi Update Packages.

Server Agent support for TLS 1.0 , 1.1
As previously announced, the Server Agent no longer supports TLS 1.0 and 1.1 due to vulnerabilities in these protocols. TLS 1.2 is now required.

Venafi Platform 20.4

DigiCert
DigiCert has recommended that we update our driver to take advantage of a new "skip_approval" option which streamlines processing on their side for up to a 30% increase in performance. As a result, Venafi Platform workflow will be the only method for requiring human approval of certificate requests beginning in 20.4.

Venafi Platform 20.3

Aperture User Search Permission
As part of the broader movement to a unified web interface, and in conjunction with the Identities enhancements in 20.3, the Aperture User Search permission (previously found on the user settings page in Aperture) is no longer required. All users will be able to search for other users, so they can work with the new Teams feature.

GeoTrust Reseller CA Driver
The GeoTrust Reseller CA driver is now obsolete and has been removed from Trust Protection Platform. 

IBM DataPower Application Driver XML API 
XML API for IBM DataPower Application Driver has been deprecated. Only the XML part of the API interface is deprecated. The REST APIs are still supported.

Venafi Server Agent support for AIX 5.3 and 6.X platforms
Support for AIX 5.3 and 6.X platforms for Server Agent has been deprecated. This is because IBM discontinued support for these versions in 2016 and 2018, respectively. Server Agent 20.3 now supports 7.1 to enable Venafi to continue delivering updated 3rd party libraries going forward. 

Venafi TrustNet service
As communicated directly to affected customers, the Venafi TrustNet service has been deprecated and the TrustNet endpoint has been disabled.

Windows Server 2012 R2
Support for Windows Server 2012 R2 is deprecated for Trust Protection Platform servers.

Venafi Platform 20.2

End support for SQL 2012 and SQL Server 2014
Venafi Trust Protection Platform no longer supports SQL Server 2012 and SQL Server 2014. SQL Server 2016 SP2 Standard is the new minimum supported version.

A10 Network driver
The A10 Networks AX Series ADC product is now obsolete, so the corresponding application driver in Trust Protection Platform has been removed. This integration has been transitioned to the partner ecosystem where A10 Networks is offering provisioning support for their Thunder ADC products.

Juniper Secure Access Service
The Juniper Secure Access Service product is now obsolete so the corresponding application driver in Trust Protection Platform has been removed. Those seeking support for its replacement product, Pulse Connect Secure SSL VPN, should contact their Pulse Secure account team about joining the Venafi Technology Partner Network.

Default user tree in WebAdmin and dashboard in WebAdmin
As part of the multi-year effort to unify the consoles in Trust Protection Platform, a new unified menu is available in 20.2. Since these features were rarely used, they were removed from the product as part of the re-design.

Thawte CA driver
DigiCert announced an end-of-life date of 30 March 2020 for Thawte CA driver. The corresponding driver, now obsolete, has been removed from Trust Protection Platform. DigiCert is migrating customers to CertCentral. Customers using the old driver should migrate to the DigiCert CA driver.

GeoTrust TrueFlex CA driver
DigiCert announced that 30 March 2020 was the end-of-life for GeoTrust TrueFlex CA. The corresponding driver, now obsolete, has been removed from Trust Protection Platform. DigiCert is migrating customers to CertCentral. Customers using the old driver should migrate to the DigiCert CA driver.

Venafi Platform 20.1

Splunk Log Channel Driver
In 19.3, we made significant enhancements to our Syslog driver which we believe, based on feedback from customers and Splunk themselves, provides an overall better integration path that the Splunk driver which is delivering event data in a manner that is not common for enterprise applications.  Thus the Splunk driver has been removed from the Venafi Platform. After upgrading to Trust Protection Platform version 20.1, existing Splunk driver objects appear as a question mark. (?). They'll no longer function, but you'll have the ability to delete them.

SSH connection method removed from the Citrix NetScaler driver
In Trust Protection Platform version 17.1, Venafi began transitioning from SSH CLI to REST API in connection with updates made at that time to the NetScaler driver and the introduction of Onboard Discovery. During subsequent releases, Venafi continued to support the SSH CLI in order to give customers time to migrate existing instances. With the release of Trust Protection Platform 20.1, the legacy SSH connection method has been removed from the Citrix NetScaler driver. The currently supported connection method for this driver is now HTTPS only. 

SSH connection method removed from the IBM DataPower driver
In Trust Protection Platform version 17.3, Venafi began transitioning from SSH CLI to REST API in connection with updates made at that time to the IBM DataPower driver and the introduction of Onboard Discovery. During subsequent releases, Venafi continued to support the SSH CLI in order to give customers time to migrate existing instances. With the release of Trust Protection Platform 20.1, the legacy SSH connection method has been removed from the IBM DataPower driver. The currently supported connection method for this driver is now HTTPS only. 

Web SDK API Key authentication
For the Web SDK, the API key deprecation schedule is: 20.1 Deprecated,  20.3 and 20.4 require a special license key, 21.1 end all support for API keys. Use OAuth token authentication instead. 

Web SDK Authorization Methods involving API Keys
API key authentication is considered depreciated. The following methods are deprecated: POST vedsdk/Authorize, POST vedsdk/Authorize/Certificate, GET /vedsdk/Authorize/CheckValid, GET vedsdk/Authorize/Integrated.

Instead of an API key, you need to migrate to use token authorization methods in the Auth SDK as soon as possible. Introduced in 19.2, token authorization provides longer session validity, support for load balancing Web SDK servers, and granular access controls via scopes and privileges.  

Special Certificate Placement Behavior for Network Discovery
Since 14.3 - when we find multiple generational versions of the same certificate on use in the network, the TLS product had special behavior in how certificates were stored.  The product would create multiple certificate objects and move the appropriate applications/installations to the two certificate objects to represent where they are installed.

Starting in 20.1 - we will no longer have this special behavior and the placement will be more in line with the behavior experienced with Server Agent Discovery Placement.  When there are multiple generations of the same certificate discovered - we will rely on daily validation to notify certificate owners that the old certificates are still in use.

Note: This deprecation is also being backported to 19.4.x via a patch.

Venafi Platform 19.4

Xolphine CA driver
In Trust Protection Platform 19.4, integration with the Xolphin CA has been transitioned from the built-in Venafi Xolphin CA driver to a solution that leverages Venafi's Adaptable Framework.