Docy

Netskope Private Access

Netskope Private Access

Netskope Private Access (NPA) is part of the Netskope security cloud and enables zero-trust secure access to private enterprise applications in Hybrid IT. NPA is a modern remote access service that:

  • Fans out to enable access to applications in multiple networks, both in the public cloud (AWS/Azure/GCP) and in the datacenter.
  • Provides zero trust application level access instead of network access with lateral movement.
  • Is delivered as a cloud service with a worldwide footprint that scales easily.

NPA delivers these benefits through a capability called Service Publishing. Service Publishing makes enterprise applications available at and through the Netskope cloud platform instead of at the enterprise’s network edge.

The Netskope cloud platform becomes the location on the internet through which enterprise applications are accessed, in a sense, externalizing the access components of the DMZ.  Externalizing remote access in this way has several advantages over traditional VPN and Proxy-based remote access approaches.  And Service Publishing’s overall architecture and delivery-as-a-service model is consistent with the IT trends of infrastructure as a service, Hybrid IT, and the decentralized delivery of enterprise applications from datacenter, public cloud, and SaaS.  NPA is illustrated in this diagram:

NPAdiagram.png

Netskope Private Access extends Netskope’s platform for secure access to SaaS and Web to include secure access to Private Applications that live behind an enterprise’s firewalls in the datacenter and the public cloud. Usage and performance of private applications that are accessed through Netskope Private Access can be monitored in the Digital Experience Management Private Applications page in the Netskope UI.

To watch a video about configuring Netskope Private Access, click play:

 

Prerequisites

In order to configure private apps with a Publisher, you need to:

  1. Purchase the Netskope Private Access license and contact Support to have it enabled in your tenant.
  2. Choose a private app to be published.
  3. Collect information about the app: host, port(s).
  4. Identify the network on which the app is running.
  5. Be using release 70 or later of the Netskope Client.

For Publisher requirements and recommendations, plus OS hardening information, go to: Deploy a Publisher.

Supported Browsers

NPA has been tested on these browsers:

  • Google Chrome Version 92.0.4515.159 (Official Build) (x86_64) on Big Sur
  • Google Chrome Version 92.0.4515.159 (Official Build) (x86_64) on Mojave
  • Safari Version 14.1.2 (14611.3.10.1.5) on Mojave
  • Brave Version 1.26.67 Chromium: 91.0.4472.114 (Official Build) (x86_64)
  • Chrome Version 92.0.4515.159 (Official Build) (x86_64) on Catalina
  • Firefox 91.0.1 (64-bit) (on Mac Catalina)
  • Edge Version 80.0.361.69 (Official build) (64-bit)
  • Microsoft Edge Version 92.0.902.78 (Official build) (64-bit) Windows 10

iOS Use with Netskope Private Access

Netskope is replacing the existing iOS App for NPA (Netskope Private Access) with a new iOS App that supports NPA/CASB/SWG/CFW. This new unified iOS Client is called Netskope Client in the app store, and is intended to offer all the Netskope security services in a single client for iOS phones and tablets (iPads).

Important

Netskope ends the existing NPA iOS Netskope Client support with the new app released in release 102.0.0. With this end of support, you need to remove the existing NPA Netskope Client from all your iOS phones and tablets (iPads), and install the new Netskope Client from the store.

To learn more: Netskope Client for iOS.

Workflow

You can grant access to multiple private apps by repeating the following steps:

  1. Create a publisher.
  2. Deploy the publisher on your network.
  3. Create a private app.
  4. Steer traffic for the private app.
  5. Add users.
  6. Create policies so users can access a private app.
  7. Deploy the Netskope Client on devices.
  8. View Private Apps and Network Events information in Skope IT.

Note

The same publisher can be used to give access to multiple apps which resides on the same network.

If you need private apps in different networks (which are not routable from one to another), you will need to repeat these steps for each:

  • Create a publisher.
  • Deploy a publisher.

The following sections explain how to configure and use Private Access.

Share this Doc
In this topic ...