The Skyhigh CASB On-prem Proxy solution can be hosted in a customer environment in cases where the crypto boundary needs to be within the customer premise or the application being protected is hosted in a private datacenter. The on-prem proxy is packaged as an OVF virtual appliance that is available for download from success.myshn.net.
CPU Virtual Cores
The Skyhigh CASB on-prem proxy can be hosted on VMware ESX/ESXi 4.0 or later.
Scaling and Load Balancing Requirements
The Skyhigh CASB on-prem proxy is designed to be stateless and can be scaled out horizontally behind a third-party load balancer. Be sure to configure the load balancer to perform L4 load balancing only (no SSL termination) with a least connections or round robin load balancing algorithm.
Firewall and Proxy Requirements
The Skyhigh CASB use the following ports and connection types. External firewalls and proxies must be configured to allow traffic to flow in and out of the proxy. The Skyhigh CASB proxy can be placed behind or in front of an internet proxy. The Skyhigh CASB proxy requires a minimum of two IP addresses: one for data traffic and one for local management.
- The data path will process traffic on ports: 80, 443 and 25. Port 25 is only required for applications that require SMTP Proxy.
- Management traffic defaults to port 5696.
- All traffic is TCP