The Zscaler Private Access (ZPA) service enables organizations to provide access to internal applications and services while ensuring the security of their networks. ZPA is an easier to deploy, more cost-effective, and more secure alternative to VPNs. Unlike VPNs, which require users to connect to your network to access your enterprise applications, ZPA allows you to give users policy-based secure access only to the internal apps they need to get their work done. With ZPA, application access does not require network access.
Additionally, ZPA decouples applications from the physical network so you can provide seamless connectivity to private internal applications and assets whether they are in the cloud, the data center, or both. It also adjusts dynamically to network changes, so you can move your resources without impacting user access.
You can configure settings and policies on a central ZPA Admin Portal, which also feature dashboards where you can see your users and the apps they access, and monitor the health of your servers and resources. You can configure ZPA to automatically discover servers and applications when users request them, or you can configure them manually as well. You then define policies that specify which apps users or groups can use, and ZPA allows them to connect to those apps only. ZPA renders your applications invisible to all but the authorized users and unroutable to anyone.
Like all Zscaler offerings, the ZPA service is based on Zscaler’s global cloud platform, so there is no requirement for additional hardware or upgrades to existing hardware.
To learn more, see the ZPA Overview.
Below are ZPA key features and benefits:
ZPA uses Zscaler's cloud-based, elastically scalable infrastructure to deliver seamless connectivity to your private internal applications and assets. Below are its key components:
Z App can also forward your users' traffic to the Zscaler cloud to secure their internet traffic as well. To learn more, see What is the Zscaler App?
Users install the Z App on their devices and log in to the app using their SAML single sign-on credentials. When the user requests access to an internal application, the Z App uses geo-location technology to locate the ZEN closest to the user. The Z App presents its certificate to the ZEN to confirm its identity, and then establishes a secure tunnel to the ZEN. The ZEN retrieves the user’s policies from the Central Authority, and depending on the internal app requested by the user, the ZEN contacts the appropriate Connector. The Connector presents its certificate to the ZEN and once the ZEN confirms the Connector's identity, it allows the Connector to connect to it.
Once the connection is established between the user's device and the application, the traffic traversing the solution remains completely isolated.
Because ZPA is built on the premise of zero trust for your private applications, the traffic is isolated from Zscaler as well.
Admins can view the dashboards to view information about the users and applications and monitor the health of your organization's applications and servers.