icon-zpa.svg
セキュアなプライベート アクセス(ZPA)

Understanding Business Continuity

This feature and its procedures are in limited availability. To learn more, contact Zscalerサポート.

Business Continuity in ZPA allows users to continue to access applications during ZPA-related cloud outages or Internet Service Provider (ISP) outages. Business Continuity helps organizations achieve uninterrupted access to applications without any manual intervention.

Prerequisites

The following prerequisites must be met for Business Continuity:

  1. Ensure the following:
    • End users' machines are running Zscaler Client Connector versions 4.6 and later for Windows.
    • Private Cloud Controllers can receive inbound connections from end users, App Connectors, and ZPA Private Service Edge on port 443.
    • End users are able to resolve the Business Continuity FQDNs and can connect to the Private Cloud Controllers and ZPA Private Service Edge using the Business Continuity SNIs on port 443.
    • App Connectors and ZPA Private Service Edge can resolve the Business Continuity FQDNs, and can connect to the Private Cloud Controllers outbound connections on port 443.
    • The ZPA Private Service Edge can receive inbound connections from end users and all App Connectors on port 443.
  2. All applications must be configured before entering Business Continuity.
  3. All access policies must be configured before entering Business Continuity.
  4. Customers must provide the following infrastructure:
    • DNS servers.
    • Per-tenant IdP to be used during Business Continuity.
  5. The following infrastructure changes are optional:
    • SIEM for visibility or logging during Business Continuity.
    • Microsoft's Group Policy Object (GPO) or Mobile Device Management functionalities to install Zscaler Client Connector with customer-specific configurations for new user enrollment.

Overview

The following procedures assume the prerequisites are met and provide an overview of the steps needed to configure Business Continuity within the ZPA Admin Portal:

  1. Configure the Business Continuity settings.
  2. Add プライベート クラウドs, Private Cloud Controllers, and Private Cloud Controller Groups. App Connectors and ZPA Private Service Edge leverage プライベート クラウドs and Private Cloud Controllers when the ZPA cloud is not available or reachable.

    プライベート クラウドs are the logical grouping of Private Cloud Controller groups, App Connector groups, ZPA Private Service Edge groups, and log receivers. To learn more, see Configuring Private Cloud Controllers and Configuring プライベート クラウドs.

  3. In the Zscaler Client Connector Portal, use one of the following options:
    1. Enable Business Continuity per App Profile. To learn more see Configuring Zscaler Client Connector App Profiles.
    2. Go to Administration > Settings > Business Continuity Configuration, and then sync, download, and copy the thumbprint of the Business Continuity configuration. To learn more, see About Business Continuity.
    3. Deploy Zscaler Client Connector with the Business Continuity installation parameters. To learn more, see Customizing Zscaler Client Connector with Install Options for EXE and Customizing Zscaler Client Connector with Install Options for MSI.

To learn more about how to enter and exit Business Continuity, see Entering and Exiting Business Continuity.

Limitations

The following limitations apply for Business Continuity:

  • For new users who enrolled during active Business Continuity:
    • Mutual TLS authentication between users and ZPA Private Service Edge are not supported.
    • SCIM attributes are not supported. Only SAML attributes are supported for access policies, timeout policies, and client forwarding policies.
  • While in active Business Continuity, configuration changes (including deployment of ZPA Private Service Edge and App Connectors) are not supported.
  • Browser Access, Source IP Anchoring, Cloud Connector, and Branch Connector client types are not supported.
  • Machine Tunnels are not supported for new and enrolled Zscaler Client Connector users.
  • Redirection policies are not supported.
  • On-premises server components (i.e., App Connectors, ZPA Private Service Edge, and Private Cloud Controllers) cannot renew their certificates while in active Business Continuity. These components maintain certificate validity for one year, but can be renewed earlier by specifying the Certificate Renewal Threshold when configuring a プライベート クラウド.

    App Connectors, ZPA Private Service Edge, and Private Cloud Controllers do not automatically upgrade in Business Continuity.

関連記事s
Understanding Business ContinuityConfiguring Business Continuity SettingsEntering and Exiting Business Continuity