Netskope Help

System Requirements

This section provides recommendations and guidance for selecting the server/VM/Instance where Netskope Cloud Exchange is going to be installed. Please note that an installation using Amazon ECS is slightly different. For more information, refer to the Install Netskope Cloud Exchange with AWS ECS Fargate.

Netskope Cloud Exchange uses a setup script to verify that the host system is ready to run the Cloud Exchange platform. In addition to compute and storage size, permissions, and some software versioning on the host, Cloud Exchange needs access to GitHub, Docker Hub, a Netskope tenant, AWS, and other 3rd-party platforms you want to integrate. Evaluate your system readiness to help the setup complete successfully.

Connectivity Requirements
  • Connectivity to Github and Docker.com in order to download and update the code using embedded controls (if a proxy is between Cloud Exchange and the Internet, please see the proxy configuration settings for Cloud Exchange).

  • Connectivity to reporting.netskope.tech (hosted in AWS) for reporting

  • Connectivity to your goskope.com domain (for retrieving RESTful API logs)

  • Connectivity to us-west1-pubsublite.googleapis.com (for US customers) and europe-west3-pubsublite.googleapis.com for EU customers in order to reach Web Transaction Event Streaming logs.

  • Connectivity to every system with which a plugin is configured to work. If you configure a Log Shipper plugin to work with your SIEM, you need to make sure Cloud Exchange has connectivity to that SIEM. If you configure Threat Exchange to work with your Falcon service, you need to confirm Cloud Exchange has connectivity to Falcon for the plugin to work.

  • CLI access to Cloud Exchange is via SSH (port 22)

  • Browser access to Cloud Exchange is via port 80 or 443 (by default) or via any port that is configured during the setup. Ensure this port is reachable in order to use the UI and/or API.

Minimum System Requirements
  • 2 CPU Core

  • 4 GB of Memory

  • 20 GB of Storage

  • Ubuntu 18.04, CentOS 8, or Red Hat Enterprise Linux 8.0

Sizing the System Based on Anticipated Usage

Factors to consider:

  • Total number of configured plugin sources.

  • Total number of Indicators expected to be stored in the database (for Threat Exchange users). This factor defines the storage requirements.

  • Netskope Cloud Exchange has a worker-based scheduling mechanism to cater to the data pull/push for multiple data sources. The number of workers determines how many data sources will be actively fetching data/sharing data concurrently. The total number of worker processes should be equal to the number of cores. If the expectation is to fetch data frequently with multiple data sources, consider increasing the number of cores.

The table below provides recommendations for standard deployments:

Workload Details

Memory (GBs)

Number of Cores

Storage (GBs)

Up to 2 configured plugins.

4

2

20

Up to 4 configured plugins.

(~1 million IoCs)

4

2

20

Up to 6 configured plugins.

(~1 million IoCs)

4

2-4

20

Up to 10 configured plugins.

(~2 million IoCs)

6

4-6

40