Update options for VSatellites¶

As a PKI Administrator, you can control how and when your VSatellites receive updates. You can define the order in which VSatellites are updated by assigning an update priority, and you can trigger updates manually when needed, bypassing the default schedule.

These options give you greater flexibility in coordinating updates across your environments.

Control update order with priority¶

• Configurable update priority
  Set a numeric update priority (between 1 and 100) for each VSatellite to control the order in which updates are applied. This allows you to update test environments before production, or control sequencing across high availability groups. The default is 50 for VSatellites that do not have a priority assigned.

• Supports HA and standalone environments
  Whether a VSatellite is part of a high availability group or deployed as a single instance, the update priority determines its place in the update sequence.

• Safe and predictable updates
  By controlling the update order, you can reduce risk and ensure that critical environments are updated only after validation in less critical ones.

• Flexible update methods
  Edit update priority through the user interface or the API, depending on administrative preferences or automation needs.

• Built-in safeguards
  Validation prevents values outside the supported range (1–100), and helpful tooltips explain behavior and input expectations.

Trigger updates manually¶

• Update on demand
  Use the Update now option in the UI to immediately trigger an update for a VSatellite that is in an UPDATE_PENDING or FAILED state.

• Bypass scheduled windows
  Manually triggered updates start immediately and override any scheduled update timing.

• Target specific VSatellites
  Manual updates are useful for retrying failed updates or updating a VSatellite ahead of others for validation.

Define a recurring update window¶

• Schedule updates during maintenance hours
  Use the Edit maintenance window button on the VSatellite list page to define a recurring daily or weekly time window when updates are allowed to run.

• Tenant-wide control
  Configure the maintenance window at the tenant level.

• Flexible time and frequency options
  Specify a start time (UTC), and then choose durations of 8, 12, or 24 hours. Certificate Manager - SaaS displays the equivalent in your local timezone.

• Reliable update behavior
  Updates and retries are limited to the configured window unless manually triggered.

• Easy reset option
  Revert to the default (daily, 24-hour window) at any time using the Reset to Default button. When set to the default, updates occur as they become available.

Audience and use cases¶

These features are designed for PKI Administrators who manage multiple VSatellites across different environments. They are especially useful for:

• Coordinating update timing to ensure VSatellites are updated one at a time, except when manually triggered.
• Updating VSatellites in lower environments (such as development and test) before production.
• Retrying failed updates without waiting for the next scheduled window.
• Controlling risk and downtime during rolling update windows.

Requirements and compatibility¶

• You can assign update priority only after the VSatellite is deployed.
• The Update now option appears only when an update is available and the VSatellite is in an UPDATE_PENDING or FAILED state.

Next steps¶

• Set update order priority for a VSatellite
• Trigger a manual update for a VSatellite
• Define a maintenance window for updates

Related links¶

• About VSatellites
• API reference →