You will need the following to deploy NSS:
- A subscription to either an NSS for Web Logs or an NSS for firewall logs.
- Virtual Machine Specs
- VM CPU: 2 cores. NSS uses one core for the control plane and another core for the data plane.
- VM Memory: 8GB for up to 15,000 users, 16 GB for up to 40,000 users, 32 GB for up to 100,000 users
- VM Disk space: 500 GB
- Host Specs
- Hypervisor: VMware ESX/ESXi v5.0 and above
- Host CPU: 64-bit Xeon or equivalent
- VMware vSphere Client or vCenter
- Network Specs
- VM Network: 2 Virtual NICs (You may optionally need two additional virtual NICs as described in Advanced Deployment below.)
- Bandwidth for log download: 11 Mbps for 10,000 users
- IP Addresses: The following table lists the IP addresses and the interfaces on which they're configured. Internal IP addresses are allowed. Note that the management IP address and service IP address can be on different subnets, as long as the DNS server can be reached on both subnets.
You can deploy the NSS behind a firewall. The NSS requires only outbound connections to the Zscaler cloud. It does not require any inbound connections to your network from the Zscaler service cloud. To view the firewall requirements, go to the following:
The <zscaler-cloud-name> can be found in the URL you use to log in to the Zscaler admin portal. For example, if you log in to admin.zscaler.net, then go to https://ips.zscaler.net/addresses/nss.html
Note: The IP ranges are necessary to ensure that the service isn't affected by future Zscaler cloud expansion.