Prerequisites

Prerequisites

Before deploying a Local Broker, factor these requirements and recommendations:

Hardware Requirements

CPU Cores RAM HDD
8 16 GB 80 GB

The Local Broker OVA and VHDX are built on top of Ubuntu 20.04.

Important

A Local Broker needs to be installed as a separate instance. Installing the Local Broker on a Publisher instance is not supported.

Software Requirements

  • Client: v108 or above
  • Publisher: v112 or above
  • Local Broker: v115 or above

Connectivity Requirements

Component Source Destination Service Action Notes
Management Access Admin IP subnets Local Broker IPs/hostname SSH (TCP/22) Allow Allow TCP 22 from sources where SSH connectivity (management) is required.
Client Client IP subnets Local Broker IPs/hostname HTTPS (TCP/443) Allow Allow TCP 443 from internal subnets where clients would connect to the LBR Client Gateway.
Publisher Publisher IPs Local Broker IPs/hostname TCP 1443 Allow Allow TCP 1443 from internal subnets from where Publishers would connect to the LBR Publisher Gateway (Stitcher).
Local Broker LBR1, LBR2 LBR1, LBR2 TCP 5000 Allow Allow TCP 5000 bi-directional between Local Brokers for inter Local Broker connectivity.
Local Broker LBR IPs NTP Server(s) NTP UDP 123 Allow Allow NTP outbound from a Local Broker.
Local Broker LBR IPs DNS Resolver DNS Allow Allow DNS outbound from a Local Broker.
Local Broker LBR IPs

*.docker.com,
*.docker.io,
*.ubuntu.com,
*.k8s.io,
*.pkg.dev,
events.goskope.com, api.snapcraft.io, *.cdn.snapcraftcontent.com,
 ns-<tenant-ID>.<POP-name>.npa.goskope.com,
ns-<tenant-id>.lbr.<POP-name>.npa.goskope.com,
redis.lbr.<POP-name>.npa.goskope.com,
s3.us-west-2.amazonaws.com (for the installer script)

Contact your Netskope SE, TSM, or Support for your tenant-ID and POP-name, and if IP subnets are needed instead of FQDNs.

HTTPS

Note

HTTP (for *.ubuntu.com only)

Allow Allow HTTPS and HTTP outbound from a Local Broker.
Tenant-ID would be the typical ID, such as 1234, etc. POP-name represents the Home PoP Name.

For example:
ns-1234.us-sjc1.npa.goskope.com,
ns-1234.lbr.us-sjc1.npa.goskope.com.

MP-Name Variables:

  • us-sv5 (SV5)
  • us-sjc1 (SJC1)
  • us-sjc2 (SJC2)
  • de-fr4 (FR4)
  • nl-am2 (AM2)
  • au-mel2 (MEL2)
  • ch-zur2 (ZUR2)
  • uk-lon3 (LON3)
  • sg-sin2 (SIN2)
  • de-fra2 (FRA2)
  • us-dfw3 (DFW3)

For allowlisting ns-<tenant-ID>.<MP-name>.npa.<tenant-domain> based on IP addresses, refer to the  Netskope Private Access List for Allowlisting.

Note

A Local Broker needs reachability to the official Ubuntu Mirrors during the update process. Please review and allow the appropriate destinations for a successful Local Broker software update.

Local Broker Capacity

When factoring Local Broker capacity and scaling, consider these key points:

  • By default, up to 2 Local Brokers can be deployed. A message appears on the Local Brokers page when you’re approaching the maximum limit. You can contact your Netskope Account team if this limit needs to be increased.
  • Each Local Broker instance can handle around 500 Mbps of throughput.
  • Each Local Broker instance can accept up to 2000 unique client connections.
Share this Doc

Prerequisites

Or copy link

In this topic ...