Summary
Occasionally, we remove functionality from Trust Protection Platform to stay current with emerging technologies and to serve the changing needs of our customers. Some of the more common reasons for deprecating features include the following:
- Minimal use of a feature by the majority of our customers
- Technologies that have become obsolete
- Features that have become too expensive to maintain
- Changes in our technology road map
- Important security enhancements to Trust Protection Platform
See Also:
For a list of features that have been deprecated prior to the current release, visit:
Scheduled Feature Deprecations
Although planned feature deprecations are subject to change, the following list indicates which features are planned for removal from upcoming releases of Trust Protection Platform:
Venafi Platform 20.4
Palo Alto Network FW and BlueCoat SSLVA drivers will support provisioning of device certificates only
Starting in 20.4 both drivers will be able to provision device certificates only. After upgrading to 20.4 existing Palo Alto Network FW applications will be converted to Basic applications and retain certificate association. All existing BlueCoat SSLVA applications that do not have Device Certificate enabled will be converted to Basic applications while retaining certificate association. Those BlueCoat SSLVA applications that have Device Certificate enabled will not be converted to Basic ones.
Provisioning certificates in bulk to Palo Alto Network FW can be accomplished using the Adaptable Bulk Provisioning job.
Server Agent RHEL 5 and CentOS 5 Support
Red Hat Enterprise Linux 5 will reach End of Extended Lifecycle add-on support on 30 Nov 2020. Continued development of the Venafi Server Agent requires contemporary software development toolchains, and we will be discontinuing the support for this version of the operating system.
Venafi Platform 21.1
WebSDK Authorization Method involving API keys is only available with a License Key
Starting in 21.1, only customers with a special, temporary license key from Venafi will be able to leverage WebSDK API Keys to authenticate to the WebSDK. Without the license key, both POST Authorize and the WebSDK Permission will not be available.
Server Agent TLS 1.1 Support
Server Agents will require TLS 1.2 or newer when connecting to TPP servers. Load balancers used between Server Agents and the TPP servers will need to be updated/reconfigured to not perform protocol downgrade beyond TLS 1.2.
Server Agent 32-bit (i386) Linux Support
While RHEL 6 and 7 did ship i386 architecture for the OS, the architecture has not been a popular one to install, and majority of existing installations are 64bit (X86_64). Going forward new versions of Venafi Server Agent for Linux will ship only for the X86_64 platform.
Server Agent plain text syslog event message copies
For easier integration with SIEM tools and improved message parsing, the Server Agent log messages copied to syslog will be in JSON format. Proposed new format sample:
Jun 12 06:02:46 localhost Venafi-Agent[11267]: Informational:ksscan_36 VED Agent KeyStore Scanner: Cached certificates count: 30 {"module_name": "VED Agent KeyStore Scanner", "nickname":"ksscan", "module_id": 20481, "event_id": 36, "event_data": "Cached certificates count": 30}
Imperva MX will support provisioning of device certificates only
Starting in 21.1 Imperva MX driver will be able to provision device certificates only. After upgrading to 21.1 existing Imperva MX applications will be converted to Basic applications and retain certificate association. Provisioning certificates in bulk to Imperva MX can be accomplished using the Adaptable Bulk Provisioning job.
Symantec MPKI CA Driver
The Symantec MPKI CA driver will be deprecated in 21.1. Once you upgrade to 21.1 any existing Symantec MPKI CA Templates will become unavailable. Certificates using the Symantec MPKI CA driver should be migrated manually to DigiCert CA.
Eliminate Manual Approval option for DigiCert CA
DigiCert has recommended that we update our driver to take advantage of a new "skip_approval" option which streamlines processing on their side for up to a 30% increase in performance. As a result, Venafi Platform workflow will be the only method for requiring human approval of certificate requests beginning in 21.1.
Venafi Platform 21.2
WebSDK Authorization Method involving API Keys (End-of-Support)
The WebSDK authorization method that involves API keys was formally deprecated in Trust Protection Platform 20.1 and will no longer be available in code beginning in 21.2. The "WebSDk" permission that is available on users and groups will no longer be available. The temporary license key introduced in 21.1 will no longer be available.
Venafi Platform 21.4
Pass-through Authentication
With the release of SAML support, we plan on deprecating the support for pass-through authentication.
Comments
Article updated on June 19, 2018
Article updated on April 7, 2020 - Removed items that were deprecated in 20.1 since 20.1 has shipped. Added Windows Server 2012 R2 to be deprecated. in 20.2 will lower from supported to compatible. In 20.3 we will drop support for Windows 2012 R2 completely for hosting installations of TPP.
Article updated on May 12, 2020 - Some deprecation items were moved from 20.2 to 20.3. Also, more detail was added regarding timeline for deprecating WebSDK API keys now that WebSDK Tokens have been delivered in 20.1
Article updated on August 11, 2020 to remove items that were deprecated in 20.2 since 20.2 has shipped. Also added TrustNet to the deprecation list scheduled for 20.3
Article updated September 29, 2020 to accommodate 20.3 release. Added Pass-through authentication to the list.