Netskope Help

Install Cloud Exchange

This document is for non-Amazon ECS deployment. For guidance on how to install a Cloud Exchange for Amazon ECSGo-to-Icon.png image purchased through the AWS Marketplace, go to Install Netskope Cloud Exchange with AWS ECS Fargate.

Only an Admin should install Cloud Exchange. The docker images are available on docker-hub. Make sure the volume can connect to docker-hub before executing the ./start command. Ensure docker authentication prior to running the docker-compose command.

For guidance on how to upgrade/migrate to the newest code, refer to one of these articles:

  1. Please review and ensure that all host and connectivity requirements have been validated before starting the install.

    Note

    To install Cloud Exchange on a Red Hat Enterprise Linux host (8.x or newer), refer to this article for additional requirements related to RHEL 8.0.

  2. Clone the netskopeoss/ta_cloud_exchange public Github repository to a volume with with at least 20 GB of storage. Always clone to any folder other than /usr/local to avoid a conflict within Docker.

    mkdir netskope
    cd netskope
    git clone https://github.com/netskopeoss/ta_cloud_exchange
    cd ta_cloud_exchange

    Note

    If you are a Beta user, run the following command during Step 2 to download the beta version of a release instead of the git clone command shown above:

    git clone -b beta https://github.com/netskopeoss/ta_cloud_exchange

    During step 2, while executing the setup script, opt IN to beta to use the beta code rather than the default action of searching for the latest GA version.

  3. Execute the setup script and follow the steps:

    sudo ./setup
    1. Special characters (including, but not limited to "#", "$", "/", etc.) are not supported when setting the maintenance password for CE. Some of the processes do not work and will cause system failures if you use special characters.

    2. Only use alphanumeric values for the maintenance password.

  4. Launch Cloud Exchange 3:

    sudo ./start

The Cloud Exchange UI is now accessible with the system’s IP (https://<ip>).

How to Generate and Install an SSL Certificate into Cloud Exchange

When first installed, Cloud Exchange does not require an SSL certificate and the web server can be reached over an unencrypted connection.

If you wish to use a private certificate instead to securely access Cloud Exchange, follow the steps below.

Once you have the certificate you'd like to use for connecting to Cloud Exchange

  1. Login to the cloud exchange host via CLI

  2. Browse to the directory at Netskope/ta_cloud_exchange/$

  3. Execute the command run ./stop

  4. Remove certificates from ‘cd Netskope/ta_cloud_exchange/data/ssl_certs’ path using the commands shown below:

    $ rm -rf cte_cert.crt

    $ rm -rf cte_cert_key.key

  5. Once the existing SSL certificate is removed you can install your private SSL certificate.

    1. Copy new certs to Netskope/ta_cloud_exchange/data/ssl_certs ‘sudo cp -r ../[PATH_OF_SSL_CERTIFICATE]’.

  6. Restart the cloud exchange service by issuing the following command: "$run ./start”

This video shows how to use a setup script to create a self-signed certificate, or install a private cert, in order to encrypt access to Cloud Exchange.