OX Broker
OX Broker is a secure, containerized service that enables communication between your environment and OX Security services, enabling connection to your internal resources.
The broker component reverses the typical connection pattern. Instead of customers opening inbound ports to OX and adding OX IPs to their whitelist, a broker runs in the customer’s environment and initiates a secure outbound connection to OX. This improves security and simplifies the integration process, particularly for customers with strict security policies.
Supported connectors
GitLab
GitHub
Azure TFS
Prerequisites
Before you begin, contact OX Security Customer Success representative for feature enablement.
Prepare a dedicated Linux-based computer in your environment and make sure your system meets the following requirements:
Operating System
Ubuntu 22.04 or later
RHEL9
Software
Docker Engine and Docker Compose
Podman and Podman Compose
Access
Ability to run Docker Compose and generate keys
Network Connectivity
Ensure the broker client has connectivity to your internal resource.
Allow outgoing traffic from the broker client to the proxy server on the designated proxy port, if using proxy.
Enable outgoing traffic from the broker client /proxy server to OX environment address on port 443.
Ensure access to pull images from Docker Hub.
Hardware
Minimum 4 GB RAM and 10 GB disk space
Network Whitelisting
IP addresses/subnets for the environment where the broker client will be deployed
Installing OX Broker
OX provides you with a script that performs the following tasks:
Generates secure credentials for your OX Broker instance
Creates SSH keys for secure communication.
Extracts and configures required components
Starts the OX Broker services
To install OX broker:
Request the installation script URL from the OX Security support team.
Download the script to your machine.
Add permissions to run the script.
Run the script as Admin.
The installation script runs, generating asymmetric keys and OXBroker credentials. The private key is saved on your system automatically and the public key you need to OX Security support team.
Send the public key to OX Security support.
Save the credentials on your environment in a safe location.
To proceed with the installation, press
pand follow the on screen instructions.When asked about the TLS configuration, reply yes.
If relevant, when asked about the Proxy configuration, reply yes.
Configuring OX Broker
Log in to the OX Security portal.
Go to the relevant connector and select Broker.
Internal resource URL
Provide the connector URL
Token
Add your connector token.
User
Type the user that was generated by the OX script.
Password
Type the password that was generated by the OX script.
Bypass SSL Verification (not recommended)
Enable this option to ensure successful connection, if your environment lacks a proper certificate or uses a self-signed certificate.
To confirm the container and the OX Broker are active, run:
Maintaining OX Broker
Use the following commands to manage the OX Broker services:
Check service status
docker-compose ps
View logs
docker-compose logs -f
Restart services
docker-compose restart
Uninstall OX Broker
Navigate to the OX Broker directory:
Run the following command to stop and remove the containers and volumes:
Last updated
