Blueprint Operations

Some blueprintClosed A snapshot of the certificate stores and scheduled jobs on one orchestrator, which can be used to create matching certificate stores and jobs on another orchestrator with just a few clicks. operations are carried out on the OrchestratorClosed Keyfactor orchestrators perform a variety of functions, including managing certificate stores and SSH key stores. Management page (generating and applying blueprints) while others are done on the Orchestrator Blueprints page (viewing and deleting blueprints).

When you apply a blueprint to an orchestrator, you are defining a set of certificate stores and scheduled jobs for that orchestrator as determined by the blueprint at the time that the blueprint is applied. There is no ongoing effect to having a blueprint applied. If the blueprint is deleted, this does not affect the orchestrators to which the blueprint was applied. Likewise, changing the orchestrator from which the blueprint was created after creation of the blueprint does not affect the blueprint. The blueprint continues to contain the certificate stores and scheduled jobs that were associated with the orchestrator at the time the blueprint was taken.

Orchestrator blueprints work with Java and PEMClosed A PEM format certificate file is a base64-encoded certificate. Since it's presented in ASCII, you can open it in any text editor. PEM certificates always begin and end with entries like ---- BEGIN CERTIFICATE---- and ----END CERTIFICATE----. PEM certificates can contain a single certificate or a full certifiate chain and may contain a private key. Usually, extensions of .cer and .crt are certificate files with no private key, .key is a separate private key file, and .pem is both a certificate and private key. certificate stores and can be used with the Java, Native, and Android agents.

Blueprints are applied to an orchestrator from the Orchestrator Management page (see Generating and Applying Blueprints).

Blueprints can’t be edited. To modify a blueprint, modify the certificate stores and scheduled jobs on the orchestrator from which the blueprint was taken and capture a new blueprint (see Generating and Applying Blueprints). This will replace the existing blueprint. An orchestrator can only have one blueprint at a time.

Figure 312: Orchestrator Blueprints

To delete a blueprint:

  1. In the Management Portal, browse to Orchestrators > Orchestrator Blueprints.
  2. On the Orchestrator Blueprints page, select an orchestrator blueprint and click Delete from either the top or right-click menu.
  3. On the Confirm Operation alert, click OK to confirm or Cancel to cancel the operation.

To view the details of a blueprint:

  1. In the Management Portal, browse to Orchestrators > Orchestrator Blueprints.
  2. On the Orchestrator Blueprints page, select an orchestrator blueprint and double-click or click View from either the top or right-click menu.
  3. On the Confirm Operation alert, click OK to confirm or Cancel to cancel the operation.

On the Certificate Stores tab you can see the certificate store paths and types that have been associated with the blueprint. On the Scheduled Jobs tab you can see the scheduled jobs for these certificate stores. These would generally be inventory jobs, though it is possible to blueprint an orchestrator with other types of active jobs (e.g. discovery).

Figure 313: Orchestrator Blueprint Details: Certificate Stores Tab

Figure 314: Orchestrator Blueprint Details: Scheduled Jobs Tab