- Venafi includes features that automate the installation of certificates as well as validating the certificates to ensure that they were installed correctly. When used properly this feature will prevent certificate related outages by confirming that a valid certificate is in place and automatically installed prior to its expiration.
- Venafi includes an option for network discovery, host agents, and an onboard discovery tool that when deployed gives application owners the ability to discover and manage all private keys and certificates in their environment.
- Venafi helps an organization with its security policy enforcement and provides a method to measure compliance.
- The Venafi platform is constantly evolving through its upgrades which occur every quarter to meet client's specific needs. This is an outstanding model however the documentation that follows the upgrades could be more thorough.
I have implemented Venafi at 2 previous employers for the entire organization. The first employer had a need to manage the entire Digital Certificate Lifecycle Process due to the explosion in Digital Certificate use cases, costly outages due to certificate expirations and the impact on operations. We were successfully able to automate certificate renewals for F5 Load balancers, Windows IIS 7/8 and Tealeaf devices.
The second employer was replacing a completely home grown system that was outdated and only handled the requests and approval process. We set up a fully integrated Venafi solution with an existing requesting system. We also heavily relied on and used Venafi's REST API for private and public cloud use cases. At the time of departure the other departments of the firm where looking into integrating Venafi into their systems as well.
- Digital Certificate Inventory Management and Monitoring
- Digital Certificate Lifecycle Processes to include ownership and roles and responsibilities
- Easy automation integration into many common products
- Certificate Trust Store Management
- Exporting of Data to other reporting tools
- They should create a an OCSP option as Microsoft's implementation is poor
- Continue to improve their custom adaptor tool