Sold by: Zscaler, Inc.Â
Deployed on AWS
The ZPA Private Service Edges are brokers that are a single-tenant instance that provide the functionality of a ZPA Public Service Edge in an organization's environment. Your organization hosts them either within your site or on a cloud service, but Zscaler manages them. On the other hand, ZPA Public Service Edges are deployed in Zscaler data centers around the world.
As with a ZPA Public Service Edge, a ZPA Private Service Edge manages the connections between Zscaler Client Connector and App Connectors. It registers with the ZPA Cloud. This allows a ZPA Private Service Edge to download the relevant policies and configurations so it can enforce all ZPA policies. It also caches path selection decisions.
ZPA Private Service Edges can be deployed in several forms. Zscaler distributes images for deployment in enterprise data centers and local private cloud environments such as VMware.
Overview
A key component of the Zscaler cloud, Service Edges are full-featured secure internet gateways that provide integrated internet security.
ZPA Private Service Edges provide the following benefits and enable you to:
Implement Zero Trust Network Access (ZTNA) for on-premises users. Securely access applications when ZPA Public Service Edges in data centers are not conveniently located between users and the applications they need to reach.
Ensure business continuity and continued access to critical apps during disaster events.
Keep application data traffic local to help meet compliance and regulatory requirements.
Service Edges can be public or private. ZPA Public Service Edges, addressed here, are deployed in Zscaler data centers around the world and can handle hundreds of thousands of concurrent users with millions of concurrent sessions. So, regardless of where your users are physically located, they can access their internal applications from any device. ZPA Public Service Edges enforce access and reauthentication policies based on your organization's corporate best practices. For any given Microtunnel (M-Tunnel), the Control Service Edge is the ZPA Public Service Edge that handles cloud-level system messages to establish the M-Tunnel. ZPA Private Service Edges are fully functional single-tenant brokers that reside within your site or other locations, like cloud services.
Both Zscaler Internet Access (ZIA) and ZPA have Service Edges. The fundamental difference between a Service Edge used for ZIA and one used for ZPA is that:
In ZIA, the Service Edge inspects the data as traffic flows through it. In ZPA, the Service Edge does not inspect the data as traffic flows through it. All Service Edges have significant fault tolerance capabilities. They are deployed in active-active mode to ensure availability and redundancy, and Zscaler monitors and maintains its Service Edges to ensure continuous availability.
User traffic is not passed to any other component within the Zscaler infrastructure, and Service Edges never store any data to disk. Packet data is held in memory for inspection, and is either forwarded or dropped based on policy. Log data generated for every transaction is compressed, tokenized, and exported over secure TLS connections to log routers.
For ZPA Public Service Edges, the log routers direct the information to the Log Streaming Service (LSS), hosted in the appropriate geographical region for each organization.
Highlights
- The ZPA Central Authority (CA) can be thought of as the "brain and nervous system" of the ZPA cloud. It monitors the cloud and provides a central location for software and database updates, as well as policy and configuration settings.
- The ZPA Admin Portal is the central point of control for the entire system. This interface enables organizations to configure system elements, including applications, servers, and policies, and provides analytics dashboards for visibility into the system as a whole.
- All Service Edges have significant fault tolerance capabilities. They are deployed in active-active mode to ensure availability and redundancy, and Zscaler monitors and maintains its Service Edges to ensure continuous availability.
Details
Sold by
Delivery method
Delivery option
64-bit (x86) Amazon Machine Image (AMI)
Latest version
Operating system
Rhel 9
Deployed on AWS
Unlock automation with AI agent solutions
Fast-track AI initiatives with agents, tools, and solutions from AWS Partners.
Features and programs
Financing for AWS Marketplace purchases
AWS Marketplace now accepts line of credit payments through the PNC Vendor Finance program. This program is available to select AWS customers in the US, excluding NV, NC, ND, TN, & VT.
Pricing
Pricing and entitlements for this product are managed through an external billing relationship between you and the vendor. You activate the product by supplying a license purchased outside of AWS Marketplace, while AWS provides the infrastructure required to launch the product. AWS Subscriptions have no end date and may be canceled any time. However, the cancellation won't affect the status of the external license.
Additional AWS infrastructure costs may apply. Use the AWS Pricing Calculator to estimate your infrastructure costs.
Vendor refund policy
Legal
Vendor terms and conditions
Upon subscribing to this product, you must acknowledge and agree to the terms and conditions outlined in the vendor's End User License Agreement (EULA)Â .
Content disclaimer
Vendors are responsible for their product descriptions and other product content. AWS does not warrant that vendors' product descriptions or other product content are accurate, complete, reliable, current, or error-free.
Delivery details
64-bit (x86) Amazon Machine Image (AMI)
Amazon Machine Image (AMI)
An AMI is a virtual image that provides the information required to launch an instance. Amazon EC2 (Elastic Compute Cloud) instances are virtual servers on which you can run your applications and workloads, offering varying combinations of CPU, memory, storage, and networking resources. You can launch as many instances from as many different AMIs as you need.
Version release notes
Please utilize this link to access Release Notes: https://help.zscaler.com/zpa/zpa-private-service-edge-release-summary-2024Â
Additional details
Usage instructions
In order to acquire a license key for this product, please contact us via our web form here: https://www.zscaler.com/company/contact .
Once complete, you may access the User Interface of the Zscaler Cloud Portal by accessing this link here: https://admin.zscaler.net/Â . If not completed prior, you will be promoted to create an Admin account for your Zscaler Cloud Portal.
Utilizing the login you created, you may now utilize the Zscaler Cloud Portal to access your Zscaler management console where you will be able to manage and deploy new products on AWS, or other locations.
For ZPA Private Serive Edge AWS Deployment see the below:
Update the Security Group associated to the App Connector to temporarily allow inbound access on port 22, then complete the following steps to connect to the instance.
SSH access is required in order to configure the provisioning key for the App Connector. See instructions: https://help.zscaler.com/zpa/private-service-edge-deployment-guide-amazon-web-servicesÂ
Log in to the App Connector console using your AWS Private Key (i.e., a .pem file).
SSH access is enabled by default on AWS App Connectors, so there is no need to enable the service manually.
Using a standard SSH client, enter the following command to connect to the AWS instance: ssh -i <AWS Private Key> admin@<App Connector Public Hostname or IP Address>
For example, the private key for the AWS instance is AWS.pem and the ZPA Private Service Edge IP address is 35.160.130.25: ssh -i AWS.pem admin@35.160.130.25
Resources
Support
Vendor support
Zscaler global support is available around the clock, with dedicated customer support engineers providing personalized assistance to ensure that customers are getting the most value from our products. Our support engineers have significant experience in networking and security, working closely with operations, sales, and engineering teams to ensure rapid response and resolution.
AWS infrastructure support
AWS Support is a one-on-one, fast-response support channel that is staffed 24x7x365 with experienced and technical support engineers. The service helps customers of all sizes and technical abilities to successfully utilize the products and features provided by Amazon Web Services.
Similar products
Private Cloud Controllers allow users to continue to access applications during ZPA-related cloud outages or internet service provider (ISP) outages. Business Continuity helps organizations achieve uninterrupted access to applications without any manual intervention.
Private Cloud Controllers can be deployed in several forms. Zscaler distributes a standard virtual machine (VM) image for deployment in enterprise data centers, local private cloud environments such as VMware, or public cloud environments such as Amazon Web Services (AWS), Microsoft Azure Cloud, or Google Cloud Platform. Additionally, Zscaler provides packages that can be installed on supported Linux distributions. Typically, the VM images are deployed on network segments that can access the ZPA cloud and accept inbound connections on port 443 simultaneously, such as in a DMZ. Private Cloud Controllers require inbound 443 and outbound 443 connections to be open.
ZPA Connectors provide the secure authenticated interface between a customer's servers and the Zscaler Private Access cloud.
App Connectors can be deployed in several forms. Zscaler distributes a standard virtual machine (VM) image for deployment in enterprise data centers, local private cloud environments such as VMware, or public cloud environments such as Amazon Web Services (AWS) EC2. Additionally, Zscaler provides packages that can be installed on supported Linux distributions.
Connectors can be co-located with your enterprise applications, or they can be deployed in any location that has connectivity to the applications. Typically, they are deployed on network segments that can access secured applications and the ZPA cloud simultaneously, such as in a DMZ. Connectors only connect outbound; they do not need any inbound open ports to operate correctly.
Discover a comprehensive suite of Zscaler Cloud Security Solutions on AWS Marketplace. Protect your cloud journey with Cloud Connector, Private Access, Internet Access, and more, ensuring secure and compliant access to applications and the internet.
EpicCyber’s Zscaler ZIA & ZPA Essentials Elite Deployment Service is designed for organizations with 2500-5000 users. With hands-on-keyboard service delivery, Essentials Elite includes the setup of more advanced Zscaler features (e.g., DLP, ZDX, and tablet integration).
Our service bundle is optimized for specific customer use cases, including custom security policies, multifactor authentication (MFA), and identity access management (IAM) integration to connect and operate with your existing business systems, enabling protection against advanced threats. Utilizing
EpicCyber’s experience with nearly a decade of successful Zscaler deployments and our vibrant managed services customer base, our Zscaler Essentials Elite Deployment, accelerates adoption, enabling you to maximize Zscaler’s benefits across your organization.
Customer reviews
0 ratings
0 AWS reviews
|
99 external reviews
Star ratings include only reviews from verified AWS customers. External reviews can also include a star rating, but star ratings from external reviews are not averaged in with the AWS customer star ratings.
Telecommunications
Secure, Direct Access with ZPA—But Reporting Needs Improvement
Reviewed on Oct 22, 2025
Review provided by G2
What do you like best about the product?
ZPA replaces the traditional VPN and provides more secure while accessing the internal application in cloud or on prem.
ZPA provides connection between user to application directly instead of providing access to the entire network
Micro tunneling for all critical application which is top of this product
SIPA to ZPA
ZPA provides connection between user to application directly instead of providing access to the entire network
Micro tunneling for all critical application which is top of this product
SIPA to ZPA
What do you dislike about the product?
ZPA reporting features is not user friendly . Only last 14 days can be seen and it's very slow while fetching the reports.
Cost is bit on a higher side compared to VPN solutions
Cost is bit on a higher side compared to VPN solutions
What problems is the product solving and how is that benefiting you?
ZPA is very much helpful with the replacement of old VPN's . Instead of providing access to the whole network, it provides granular access to only particular application by minimizing the attack.
Only users who are verified bu authenticating with IDP will have access to the applications
Only users who are verified bu authenticating with IDP will have access to the applications
Marketing and Advertising
Zero Trust That Works—Smooth Once Set Up, But Pricey and Tricky to Configure
Reviewed on Oct 20, 2025
Review provided by G2
What do you like best about the product?
The whole zero trust thing sounds buzzwordy but it actually makes sense once you're using it. People can access what they need without being on the network, and I'm not constantly getting tickets about connection issues anymore.
What do you dislike about the product?
Setup was a bit of a pain though, not gonna lie. Took us a minute to figure out all the policies and get everything configured right. And it's definitely not cheap - had to make a solid business case to get budget approval. But once it was running? Pretty smooth sailing.
What problems is the product solving and how is that benefiting you?
So basically it solved the whole VPN mess for me. Like, I used to have to connect to that clunky VPN every morning, it would be super slow, and it'd randomly disconnect during meetings or when I was in the middle of something important. So annoying.
With ZPA, I don't even think about it anymore. I just open my laptop and everything I need for work is just... there. I can access all our internal apps whether I'm at home, at a coffee shop, or traveling - it all just works the same.
Way faster too. Like noticeably faster loading times compared to the old VPN.
With ZPA, I don't even think about it anymore. I just open my laptop and everything I need for work is just... there. I can access all our internal apps whether I'm at home, at a coffee shop, or traveling - it all just works the same.
Way faster too. Like noticeably faster loading times compared to the old VPN.
Mohan E.
Seamless, Secure Access with Zscaler Client Connector—No More VPN Hassles
Reviewed on Oct 20, 2025
Review provided by G2
What do you like best about the product?
When all Users install Zscaler Client Connector on their devices/computer/mobile and can then log into application using SAML 2.0)-based SSO credentials with OTP and secure access.
When users request access to an internal application Zscaler Client Connector uses geo-location , Users get seamless access to applications without the hassle of connecting to a VPN and smooth verification. its provides rich analytics and logs, helping admins monitor access and troubleshoot issues effectively.meaning users are never placed on the network. Instead, access is granted based on identity and context, reducing attack surface.
effecting this service is best and using for all the Zscaler private access ,
When users request access to an internal application Zscaler Client Connector uses geo-location , Users get seamless access to applications without the hassle of connecting to a VPN and smooth verification. its provides rich analytics and logs, helping admins monitor access and troubleshoot issues effectively.meaning users are never placed on the network. Instead, access is granted based on identity and context, reducing attack surface.
effecting this service is best and using for all the Zscaler private access ,
What do you dislike about the product?
We have using this services long ago and all the features are up and running , customer support need more improvement.
Some time mobile apps not loading properly. thats need to improve.
Some time mobile apps not loading properly. thats need to improve.
What problems is the product solving and how is that benefiting you?
it monitoring all PCs across the organization, ZPA Browser Access allows users to leverage a web browser for user authentication and application access, without requiring Zscaler Client Connector installed on their devices. most of the services are seamless and we can able to access it with single click.
Best security app lots of Better control and visibility on this app. all the features having Reduced security risks.
the attacker cannot pivot to other applications or network resources and its really best features provided by product.
This protects sensitive data by isolating users from the corporate network and restricting their ability to download or copy information and more on ground , protecting from other attackers. connecting users to specific applications, not the network.Simplifies user access by operating silently in the background, without the need for manual VPN logins or a separate client access and updates on time for this product. overall its been best for using and services.
Best security app lots of Better control and visibility on this app. all the features having Reduced security risks.
the attacker cannot pivot to other applications or network resources and its really best features provided by product.
This protects sensitive data by isolating users from the corporate network and restricting their ability to download or copy information and more on ground , protecting from other attackers. connecting users to specific applications, not the network.Simplifies user access by operating silently in the background, without the need for manual VPN logins or a separate client access and updates on time for this product. overall its been best for using and services.
Rachel W.
Seamless Security Integration with Zscaler and Okta for Ultimate Data Protection
Reviewed on Oct 20, 2025
Review provided by G2
What do you like best about the product?
I love that Zscaler integrates with Beyond Identity and Okta to be able to use our finger-print on MacBooks to sign into everything. As an HR company hosting thousands of pieces of sensitive personal data, it is a hugely necessary component to keeping our work and data private. Zscaler seems to "go down" a lot, or log itself out a lot, but it is very intuitive and easy to reset or re-authenticate.
What do you dislike about the product?
It doesn't provide any kind of notification when something goes wrong. Zscaler forces re-sign-in multiple times a day, which is frustrating because it can take several minutes to get everything refreshed, but when something does stop working, it's almost always because Zscaler is down, and now I know to check that first, but it doesn't actually notify you that it's been disconnected unless you open the program.
What problems is the product solving and how is that benefiting you?
We rely on Zscaler to secure our programs and hardware that are not protected by Okta. This is especially important for our laptops, a program called Dock, and several other software applications that do not integrate with Okta.
Computer Software
Effortless Security and Speed with Zscaler
Reviewed on Oct 19, 2025
Review provided by G2
What do you like best about the product?
What I like most about Zscaler is how easy it is to use while still keeping everything super secure. It’s fast, cloud-based, and I don’t have to deal with any hardware or VPN hassles. The dashboard gives great visibility and control, and it just works smoothly.
What do you dislike about the product?
What I like least about Zscaler is that it can be a bit tricky to troubleshoot when something goes wrong. The logs and error messages aren’t always clear, and changes can take a while to propagate. It can also feel restrictive at times — great for security, but sometimes gets in the way of testing or quick fixes.
What problems is the product solving and how is that benefiting you?
Zscaler Private Access is solving the problem of secure remote access without relying on traditional VPNs. It gives users access to internal apps safely, without exposing the network itself. For me, that means faster, more reliable connections, less time dealing with VPN issues, and stronger security overall. It’s also easier to manage who can access what, which saves time and reduces risk.