ZPA Connectors provide the secure authenticated interface between a customer's servers and the Zscaler Private Access cloud. App Connectors can be deployed in several forms. Zscaler distributes a standard virtual machine (VM) image for deployment in enterprise data centers, local private cloud environments such as VMware, or public cloud environments such as Amazon Web Services (AWS) EC2. Additionally, Zscaler provides packages that can be installed on supported Linux distributions. Connectors can be co-located with your enterprise applications, or they can be deployed in any location that has connectivity to the applications. Typically, they are deployed on network segments that can access secured applications and the ZPA cloud simultaneously, such as in a DMZ. Connectors only connect outbound; they do not need any inbound open ports to operate correctly.

The ZPA Private Service Edges are brokers that are a single-tenant instance that provide the functionality of a ZPA Public Service Edge in an organization's environment. Your organization hosts them either within your site or on a cloud service, but Zscaler manages them. On the other hand, ZPA Public Service Edges are deployed in Zscaler data centers around the world. As with a ZPA Public Service Edge, a ZPA Private Service Edge manages the connections between Zscaler Client Connector and App Connectors. It registers with the ZPA Cloud. This allows a ZPA Private Service Edge to download the relevant policies and configurations so it can enforce all ZPA policies. It also caches path selection decisions. ZPA Private Service Edges can be deployed in several forms. Zscaler distributes images for deployment in enterprise data centers and local private cloud environments such as VMware.

Enabled by the Zscaler Zero Trust Exchange (ZTE), Zscaler Cloud Connector is a virtual machine (VM) that simplifies traffic forwarding to Zscaler services. It extends the capabilities of Zscaler Internet Access (ZIA) and Zscaler Private Access (ZPA) to cloud-native workloads, which allows enterprises to secure cloud workload communications over any network. The ZTE enables workloads to communicate with each other and have a granular security policy applied. The communication may be from private workloads (i.e., IaaS, physical data center) to public workloads (i.e., SaaS/internet), or between private workloads (i.e., IaaS to IaaS, IaaS to physical data center).

Zscaler for Users consists of three FedRAMP and StateRAMP authorized services, Zscaler Internet Access Gov, Zscaler Private Access Gov, and Zscaler Digital Experience Gov, to improve security, data protection, and digital experience. All three solutions are powered by the Zscaler Zero Trust Exchange, a cloud-native security platform that securely connects any user, device, and application, regardless of location. Following the principle of least-privileged access, the platform establishes trust through user identity and context, including location, device, application, and content, and then creates secure, direct connections based on policy enforcement. The platform supports IT federal mission transformation by reducing costs, eliminating the internet attack surface, and preventing lateral threat movement while providing an excellent user experience.