Configuring SSH and Certificate device placement work

When Trust Protection Platform discovers devices for SSH and Certificate Device Placement work, it creates a single device object for them automatically and places them in the folder specified in the work. Folders not only help you organize discovered devices and certificates by locale or purpose, but by setting policy attributes on those folders, you can configure settings on all objects contained in a given folder.

NOTE  SSH Device Placement work is included in the SSH Protect license, and Certificate Device Placement is included in the TLS Protect license. To use these work types, you'll need to have the corresponding licenses.

To configure SSH and Certificate Device Placement work

  1. From the TLS Protect menu bar, click Clients > Work Settings.
  2. In the upper right-hand corner, click Add Work.
  3. Give the work a name in the Name field.
  4. Click the Type drop-down list, and select either SSH Device Placement or Certificate Device Placement.
  5. Click Yes to enable and configure device placement work.

  6. Under Settings, do the following:

    1. From the Devices Folder drop-down list, select the policy folder where you want the devices to be placed.

      BEST PRACTICE  If you are also using Certificate Device Placement work, you should use separate policy folder. There are several factors for following this best practice, including the fact that TLS and SSH assets are typically managed by different teams.

    2. Select a De-duplication option.

      Search scope Device De-duplication behavior
      Yes - search the entire policy tree

      If a device with the same FQDN exists anywhere in the entire Policy Tree, the agent will be linked to that device, regardless of where that device is in the Policy Tree. If no match is found, a new device is created in the folder specified as the Devices Folder.
      Yes - search the devices folder

      If a device with the same FQDN exists anywhere in the folder designated as the Devices Folder, the agent will be linked to that device. If no match is found, a new device is created in the folder specified as the Devices Folder.
      Yes - search the devices folder and its sub-folders

      If a device with the same FQDN exists anywhere in the folder designated as the Devices Folder or in its sub-folders, the agent will be linked to that device. If no match is found, a new device is created in the folder specified as the Devices Folder.
      No - create a duplicate device A new device is created, even if a device with the same FQDN is exists in the Device Folder. The new device name will have a number appended to differentiate if from the existing device.
  7. When you are finished, click Save.