Running Redundant NSS

We plan to have two NSS(web) connector hosted in Azure in two different region for redundancy. Zscaler recommends to use same certificate in both the NSS since it will be active/standby. We are looking for a solution to

a) Standby Nss passes traffic when Active Nss has issue in reaching internet. [build custom monitoring to check internet status in Nss]
b) Standby Nss turns on when Active Nss experience any issues [it might take couple of min, still nanolog can able to parse and re transmit logs for 1hr as per document ]

Azure propose using load balancer which doesn’t suit both the requirement. Does Zscaler/Anyone came into similar requirement and identified solution?

The mibs of NSS actually can allow you to monitor if NSS has established connections to the CA, and if it has processed data from NSS server or forwarded data to the SIEM, to decide if failover is potentially required.

Best Regards,

Jones Leung

SE Manager, Greater China


1 Like