Zscaler operates the world's largest security-as-a-service (SECaaS) cloud platform to provide the industry's only 100% cloud-delivered web and mobile security solution. The highly scalable, global, multi-cloud infrastructure features three key components: the Zscaler Central Authority (CA), ZIA Public Service Edges, and Nanolog clusters.

Zscaler Central Authority

The Zscaler Internet Access (ZIA) Central Authority (CA) is the brain and nervous system of a Zscaler cloud. It monitors the cloud and provides a central location for software and database updates, policy and configuration settings, and threat intelligence. The CA consists of one active server and two servers in passive standby mode. The active CA replicates data in real time to the two standby CAs, so any of them can become active at any time. Each server is hosted in a separate location to ensure fault tolerance.

ZIA Public Service Edges

ZIA Public Service Edges are full-featured, inline internet security gateways that inspect all internet traffic bi-directionally for malware, and enforce security and compliance policies. An organization can forward its traffic to any ZIA Public Service Edge in the world or use the advanced geo-IP resolution capability of Zscaler to direct its users' traffic to the nearest ZIA Public Service Edge. When the user moves to a different location, the policy follows the user, with the ZIA Public Service Edge downloading the appropriate policy. Customer traffic is not passed to any other component within the Zscaler infrastructure. The TCP stack on the ZIA Public Service Edge runs in user mode, and is specially crafted to ensure multitenancy and data security. ZIA Public Service Edges never store any data to disk. Log data generated for every transaction is compressed, tokenized, and exported over secure TLS connections to Log Routers that direct the logs to the Nanolog cluster, hosted in the appropriate geographical region, for each organization. ZIA Public Service Edges are always deployed in active-active load balancing mode all over the world, and the CA monitors the health of ZIA Public Service Edges to ensure availability. To learn more, see About ZIA Public Service Edges.

Nanolog Clusters

Nanolog clusters store transaction logs and provide reports. Each cluster consists of one active server and two servers in passive standby mode. The active Nanolog immediately replicates data to the other two servers, so any of them can become active at any time, with no data loss. Each Nanolog server is hosted in a separate location to ensure fault tolerance. Every second, a Nanolog cluster receives logs from all over the world, correlates them to a specific customer organization, and writes them to disk for high-speed retrieval of reporting and analytics. A Nanolog cluster processes up to 1.2+ billion logs per day. Additionally, Zscaler offers a Nanolog Streaming Service (NSS), which uses a virtual appliance to stream web and firewall traffic logs in real time from the Zscaler Nanolog to the customer’s security information and event management (SIEM) system.

Additionally, each cloud has various support systems and servers, including:

• Sandbox servers, where files selected for behavioral analysis are sent for analysis and reports are stored. To learn more, see Viewing Sandbox Reports and Data.
• PAC file servers, which host Zscaler PAC files and custom PAC files uploaded to Zscaler. Configuring browsers to use PAC files is one of the traffic forwarding methods that Zscaler supports. To learn more, see About Hosted PAC Files.
• The ZIA Admin Portal, which provides an intuitive, multi-tenant interface for policy management and reporting.
• Log Routers, which ensure logs for each organization are stored in the appropriate Nanolog cluster.

All components communicate with each other over an encrypted SSL tunnel.

Finally, Zscaler Feed Central is a separate Zscaler cloud that is used solely for the centralized distribution of various feeds to the Zscaler clouds. Zscaler has a number of partnerships with Microsoft, Google, RSA, Verisign, and others for getting data feeds, including feeds for URL filtering, anti-virus definitions, and IP reputation. Zscaler Feed Central distributes its threat intelligence and other feeds to the CA, which then sends updates to the ZIA Public Service Edges, ensuring that every ZIA Public Service Edge has the latest version of the URL database and the latest malware and threat information.

An organization is provisioned on one cloud and its traffic is processed by that cloud only. The name of the cloud on which an organization is provisioned is specified in the administrative URL that the customer admin uses to log in to Zscaler. To learn more, see What is my cloud name for ZIA?