A key component of the Zscaler cloud, Zscaler Enforcement Nodes (ZENs) are full-featured secure Internet gateways that provide integrated Internet security. They inspect all web traffic bi-directionally for malware, and enforce security, compliance and next generation firewall (NGFW) policies.
ZENs are deployed in Zscaler data centers around the globe. So no matter where your users are, at headquarters or at a branch office, in a coffee shop or at the airport, they can access the Internet from any device and the ZENs will protect their traffic and apply your corporate policies.
ZENs have significant fault tolerance capabilities. They are deployed in active-active mode all over the world, to ensure availability and redundancy. Zscaler monitors and maintains its ZENs worldwide to ensure 24/7 availability. They are located in Zscaler data centers, which provide the highest level of data privacy and network security.
Zscaler always recommends that organizations forward traffic to the ZENs in the Zscaler cloud. However, some organizations may have certain requirements, such as those listed below, that may make forwarding their traffic to the ZENs in the Zscaler cloud less than ideal:
If your organization has similar requirements, then with Zscaler's approval, you can extend the Zscaler patented cloud architecture to your organization’s premise by licensing and deploying virtual ZENs (VZENs). A VZEN uses a virtual machine (VM) to function as a full-featured ZEN dedicated to your organization’s traffic. See Forwarding Traffic to VZENs. VZENs perform the same service as the public ZENs in the Zscaler cloud, including support for features, such as the Next Generation Firewall, Sandbox, and DLP.
VZENs are part of the Zscaler cloud. They communicate with the Zscaler cloud for user authentication and policy updates, and for logging and reporting. Thus, admins define policies only once, through the admin portal. Additionally, after users are signed in and authenticated to the Zscaler service, the service will always apply their policies, whether they connect to an on-premise VZEN or to a public ZEN anywhere in the world. Logs are transmitted to and stored on the Zscaler cloud as a central repository for integrated analytics. So you can view and monitor Internet traffic activity on the admin portal dashboard and make full use of the real-time logging and interactive reporting capabilities of the service.
VZENs currently do not support the following: