Zscaler Internet Access (ZIA) and Zscaler Private Access (ZPA) have multi-cloud infrastructures. An organization is provisioned on one ZIA cloud and its traffic is processed by that ZIA cloud only. To learn more about ZIA and to find the name of your ZIA cloud, see Understanding the ZIA Cloud Architecture and What Is My Cloud Name for ZIA?.

For organizations that have ZPA, an organization is provisioned on one ZPA cloud and its traffic is processed by that ZPA cloud only. To learn more about ZPA and to find the name of your ZPA cloud, see Understanding the ZPA Cloud Architecture and What Is My Cloud Name for ZPA?.

If you have multiple ZIA and ZPA tenants, any postures, Machine Tunnel Tokens, and Trusted Networks you are using come from one ZIA tenant and one ZPA tenant. If a user needs both ZIA and ZPA, consolidate those users to a single ZPA tenant and a single ZIA tenant.

Every ZIA cloud has an associated Zscaler Client Connector Portal. The Zscaler Client Connector Portals (zscaler.net and zscalertwo.net) can communicate with either of the ZPA clouds (private.zscaler.com and zpatwo.net). The following diagram shows the association between the ZPA, Zscaler Client Connector, and ZIA clouds at a high level.