Multiple NSS
- Juan Tomás Alonso Nieto (Deactivated)
For full site redundancy, each organization can subscribe to up to two NSS servers for each type of traffic and deploy each pair in an active-active configuration. Each NSS supports up to 8 parallel feeds. Each feed can have a different list of fields, a different format, and different filters.
When you register a new NSS in the Zscaler service, you are required to download an SSL certificate, which you then upload to the new NSS that you configure. The newly configured NSS then uses the certificate to authenticate itself to the Zscaler service. You can configure one NSS as two virtual machines identified by the same certificate, as long as they do not try to connect to the Nanolog at the same time. One VM can be the active NSS and the other VM can be a cold standby. Zscaler strongly recommends against running both VMs as active because this will result in frequent connection resets and a failure to stream the logs.
For completely redundant site configurations, if your organization has two Devo Relays, Zscaler recommends using two NSS subscriptions, so both NSS VMs can stream logs to the Devo Relays at the same time. Each NSS will run independently, with different configurations, and stream logs to two separate Devo Relays. This is not recommended if you use a single Devo Relay, because each NSS will send copies of the same logs to the Devo Relay, which might not be able to remove the duplicates.