How do I download an NSS from the admin portal?


How do I download an NSS from the admin portal?

Ensure that you have all the requirements in place before you start deploying the Nanolog Streaming Service (NSS). See NSS Requirements or NSS Requirements for AWS.

Before you set up an NSS server on the admin portal, you're required to enter information about your traffic and users so the Zscaler service can compute the appropriate resources for your NSS. The NSS buffer logs for at least one hour. If a SIEM goes offline for maintenance or if the connection between the NSS and the SIEM is disrupted, the NSS buffers the logs and sends them once the connection is re-established. The amount of memory required to buffer the logs is incorporated into the VM spec computation. The buffer size increases proportionally to the amount of RAM allocated to the NSS.

On the Zscaler admin portal, complete the tasks below to set up an NSS server.

  1. Go to Administration > Settings > Nanolog Streaming Service.
  2. From the Nanolog Streaming Service page, click Add NSS Server.
  3. In the Add NSS Server dialog, enter a name for the NSS.
    • NSS for Web is selected by default. If you are configuring an NSS for firewall logs, select NSS for Firewall.
    • The NSS is Enabled by default.
  4. Click Save to close the dialog.
  5. Go to the NSS Servers tab on the Nanolog Streaming Service page.
  6. Click Download in the SSL Certificate column of the NSS that you are configuring, and then save the certificate. You will upload the certificate to the vSphere client.
  7. Click Deploy NSS Virtual Appliance to enter data that the Zscaler service needs to compute the appropriate resources for your NSS. 

Screenshot of NSS Servers page highlighting buttons to deploy an NSS Virtual Appliance and download an SSL Certificate

  1. Choose NSS configuration for either of the following:
  2. Choose the platform you're using to deploy the NSS:

Enter the following information to determine the memory and bandwidth requirements. See image.

  • Number of Users: Enter the number of users. The service displays the recommended resources for NSS and the ESX/ESXi hypervisor.
  • Peak Transactions per Hour: The peak number of transactions in an hour.
    You can retrieve this data by going to Analytics > Web Overview Dashboard. This is recommended to fine-tune the VM specification to your organization’s workload.

Note that the recommended Internet bandwidth is the peak bandwidth required to download the logs from the Nanolog in the Zscaler service cloud. If the NSS is not allocated the bandwidth it needs, the logs could accumulate in the Nanolog. This can result in frequent connection resets and the logs will not be streamed to the NSS.

Enter the following information to determine the memory and bandwidth requirements. See image.

  • Number of Users: Enter the number of users.
    The service displays the recommended resources for NSS and the ESX/ESXi hypervisor. 
  • Peak Sessions Per Hour: The peak number of sessions and DNS requests in an hour.
    You can retrieve this data by going to the Firewall Overview dashboard. This is recommended to fine tune the VM specification to your organization’s workload.
  • Peak DNS Requests Per Hour: You can retrieve this data by going to the DNS Overview dashboard. This is recommended to fine tune the VM specification to your organization’s workload.

Note that the recommended Internet bandwidth is the peak bandwidth required to download the logs from the Nanolog in the Zscaler service cloud. If the NSS is not allocated the bandwidth it needs, the logs could accumulate in the Nanolog. This can result in frequent connection resets and the logs will not be streamed to the NSS.

  1. Choose the VMWare platform, and then click Compute. See image.
    • The recommended VM Specs and Hypervisor Specs is listed.
  2. Click Download NSS Virtual Appliance to download the NSS OVA file.
  3. Click Close to exit the dialog.
  1. Choose the Amazon Web Services platform, and then click Compute. See image.
    • The recommended EC2 Instance Type is listed.
    • The information will be used when you first set up the EC2 Instance.
    • You can click on the Configuration Info links for more information on AWS and how to set up an EC2 Instance.
  2. Click Close to exit the dialog.

You can use the following mapping table to map an existing VM Ova type specifications to an EC2 Instance Type specifications:

Table mapping existing Ova Specifications to an EC2 Instance Type specifications

The instance type recommendation is mainly based on the number of users and peak transactions/hour, while also taking into account worst-case CPU usage scenarios (i.e., “heavy” NSS feed filter configurations). The recommendation is also constrained by the AWS EC2 instance type offerings. For example, an optimal configuration may be 100 GB of RAM with only 4 cores, but the closest R4 configuration would be a r4.4xlarge instance with 122 GB of RAM and 16 CPUs. If you're unable to select the recommended type, please contact Zscaler support for further guidance. 

Screenshot of the NSS Virtual Appliance Deployment window with NSS for Web selected 

Screenshot of the NSS Virtual Appliance Deployment window with NSS for Firewall selected 

Screenshot of the NSS Virtual Appliance Deployment window with VMWare selected, and the recommended specs 

Screenshot of the NSS Virtual Appliance Deployment window with Amazon Web Services selected, and the recommended EC2 Instance Type