Book a demo

OX Broker

OX Broker is a secure, containerized service that enables communication between your environment and OX Security services, enabling connection to your internal resources.

The broker component reverses the typical connection pattern. Instead of customers opening inbound ports to OX and adding OX IPs to their whitelist, a broker runs in the customer’s environment and initiates a secure outbound connection to OX. This improves security and simplifies the integration process, particularly for customers with strict security policies.

Supported connectors

  • GitLab

  • GitHub

  • Azure TFS

  • Harbor

  • GitLab Container Registry

  • JFrog Artifactory

  • BitBucket Data Center/Server

Prerequisites

Before you begin, contact OX Security Customer Success representative for feature enablement.

Prepare a dedicated Linux-based computer in your environment and make sure your system meets the following requirements:

Requirement Type
Details

Operating System

  • Ubuntu 22.04 or later

  • RHEL9

Software

  • Docker Engine and Docker Compose V2

Access

  • Root access or sudo available

Network Connectivity

  • Ensure the OX Broker host has connectivity to your connectors.

  • Allow outgoing traffic from the host on port 443 to the address OX provides

  • Allow outgoing traffic from the host to pull images from Docker Hub

  • Share with OX the public IP address of the machine where the OX Broker is installed.

Note: When your traffic is routed through a proxy, make sure that port 443 (HTTPS) is allowed for outbound communication to OX environment and share the proxy IP address.

Hardware

Minimum system resources:

  • 4 GB RAM

  • 2 CPU cores

  • 10 GB of available disk space

Installing OX Broker

OX provides you with a script that performs the following tasks:

  • Generates secure credentials for your OX Broker instance

  • Creates SSH keys for secure communication.

  • Extracts and configures required components

  • Starts the OX Broker services

To install OX broker:

  1. Request the installation script URL from the OX Security support team.

  2. Download the script to your machine.

  3. Add permissions to run the script.

  1. Run the script as Admin.

The installation script runs, generating asymmetric keys and OXBroker credentials. The private key is saved on your system automatically and the public key you need to OX Security support team.

  1. Send the public key to OX Security support.

  2. Save the credentials on your environment in a safe location.

  3. To proceed with the installation, press p and follow the on screen instructions.

  4. When asked about the TLS configuration, reply yes.

  5. If relevant, when asked about the Proxy configuration, reply yes.

Configuring OX Broker

  1. Log in to the OX Security portal.

  2. Go to the relevant connector and select Broker.

Requirement Type
Details

Internal resource URL

Provide the connector URL

Token

Add your connector token.

User

Type the user that was generated by the OX script.

Password

Type the password that was generated by the OX script.

Bypass SSL Verification (not recommended)

Enable this option to ensure successful connection, if your environment lacks a proper certificate or uses a self-signed certificate.

  1. To confirm the container and the OX Broker are active, run:

Maintaining OX Broker

Use the following commands to manage the OX Broker services:

Task
Command

Check service status

docker-compose ps

View logs

docker-compose logs -f

Restart services

docker-compose restart

Uninstall OX Broker

  1. Navigate to the OX Broker directory:

  2. Run the following command to stop and remove the containers and volumes:

Last updated