Info: How to decommission a TPP Server (for replacement or permanent removal)

Applies To

All versions of Venafi Trust Protection Platform (TPP), at least up to 19.1.


There are times when you either want to simply remove a Venafi TPP server, OR you may be replacing one, such as with an OS or Hardware upgrade. This article discusses what you should do within the Venafi Console under these circumstances.

NOTE: The article does NOT cover how to uninstall the product, AND this article assumes that the overall TPP installation and database remains the same. All that is happening is that one of the multiple / cluster of TPP servers is being removed.

More Information

Step 1) Document / Backup the current configuration

This step is only necessary if the role(s) of the current server will be replaced by another.

When the server has been removed from the other two areas of the console, ALL references to that server are also removed from elsewhere in the Policy tree and are not recoverable.

Why does this matter?  It only matters if you've made custom configurations and are replacing the server. This includes:

  • Platforms Tree customizations (including Cert management and discovery restrictions)
  • Assignment to Policy folders for processing by this server specifically:
    • Log View
    • Processing Engine

(Optional) If this server has already been replaced, assign the roles out to the new server before decommissioning this one.

Step 2) Ensure the server is no longer processing.

Uninstallation, turning off the server, whatever, but do not continue to the next steps until this is done and it is no longer communicating.

Step 3) Remove the server from Platforms and Logging

This step is simple. Right-click on the server listing under the Logging Tree and Platforms tree and simply delete it from each.  This will clean up any lingering references from step 1 above.



Was this article helpful?
0 out of 0 found this helpful