Technical Introduction to NSS
This article provides a very high level technical introduction to NSS. The information should serve as a useful background when reading other articles about the software and when considering how it should be deployed within your environment.
The NSS software follows a standard client server architecture. The software is installed on one or more (typically virtual) application servers. It is configured to connect to target data containers, which can either be on-premise or in the cloud. The software is agent-less. When it is configured to analyze file service content, all data collected is stored in an on-premise SQL database.
Analyzing File Service Content – Reporting
The ability to analyze the content of data containers over SMB or SharePoint API. This information is then used to support actions/processes that improve data governance, information security, regulatory compliance, etc.
Controlling File Share Growth and Content – Quotas and File Block
The ability to monitor size changes in SMB file shares and trigger actions when thresholds are reached (where CIFS Change Notifications are fully supported). For some specific platforms, where the platform manufacturer has developed the necessary APIs, NSS is also able to prevent file shares from exceeding a predetermined size (a hard quota) and prevent specific file types from being saved (‘File Block’).
NSS has four services: NSSX, NSS Quota Update, NSS Core, and Quota Server. These services run under a service account. This account must have the specific privileges necessary to perform the desired operations. In particular, the account must have access to read all target data containers.
The data collected and processed in scanning operations is stored into a Microsoft SQL database located on-premise at the customer site. No data leaves the customer environment.
The software has two user interfaces:
- ‘The console’. File system content analyses are configured, and results viewed, in a web-based, self-service interface. It offers full Role-based Access Control (RBAC) capabilities. The console is hosted via Internet Information Service (IIS) on-premise at the customer site and is not available outside of the customer network (other than via VPN).
- ‘The QS Client’. Data growth and file type filtering policies (Quotas and File Block) are managed via the Quota Server interface. This is a 32-bit application usually installed on operator desktops/VDIs or accessed directly on the NSS application servers via Remote Desktop.
The capabilities of the software can also be accessed via via APIs and the command line, for power users and for direct integration into workflows and processes. The software’s APIs are used in its internal communications, so they are continuously maintained and extended. The primary API within NSS is a REST API.