Managing the discovery server

To enable Network discovery, you must install the Discovery Module on the servers where you want to deploy the Discovery Manager. Because of its modular architecture, the Discovery module can be independently deployed on one or more servers. Depending on your system requirements, you may run discoveries from a single Trust Protection Platform server or, for larger systems, you may require a dedicated Discovery server. If you scan both private and public IP addresses, you may configure one Discovery Server inside the firewall and another outside the firewall.

The Discovery Module is included in the Venafi TLS Protect and Venafi SSH Protect program installations. During the installation process, you select the Discovery Module in the Installation wizard’s Component Selection window. For more information on the installation process, refer to the Installation Guide.

After you install the Discovery module, you can set the Discovery Server parameters by configuring the Trust Protection Platform Server object and its associated Discovery module in the Platforms tree.

In the Trust Protection Platform Server object, you define the zones you want the current server to service. The Discovery module runs discoveries only on the zones designated in the Trust Protection Platform Server object.

This option provides a way to manage which servers process which discoveries. For example, if you have one Discovery Server inside the firewall to run discoveries on private IP addresses and another Discovery Server outside the firewall to run discoveries on public IP addresses, you can manage which discoveries run on which server by defining the zones that you want each server to process.

For information on configuring the Trust Protection Platform Server object, see Configuring discovery zones.

In the Discovery module, you define the Discovery connection settings and processing times. For more information, see Configuring the Discovery module.