Sold by: Zscaler, Inc.
Deployed on AWS
The ZPA Private Service Edges are brokers that are a single-tenant instance that provide the functionality of a ZPA Public Service Edge in an organization's environment. Your organization hosts them either within your site or on a cloud service, but Zscaler manages them. On the other hand, ZPA Public Service Edges are deployed in Zscaler data centers around the world.
As with a ZPA Public Service Edge, a ZPA Private Service Edge manages the connections between Zscaler Client Connector and App Connectors. It registers with the ZPA Cloud. This allows a ZPA Private Service Edge to download the relevant policies and configurations so it can enforce all ZPA policies. It also caches path selection decisions.
ZPA Private Service Edges can be deployed in several forms. Zscaler distributes images for deployment in enterprise data centers and local private cloud environments such as VMware.
4.4
Overview
A key component of the Zscaler cloud, Service Edges are full-featured secure internet gateways that provide integrated internet security.
ZPA Private Service Edges provide the following benefits and enable you to:
Implement Zero Trust Network Access (ZTNA) for on-premises users. Securely access applications when ZPA Public Service Edges in data centers are not conveniently located between users and the applications they need to reach.
Ensure business continuity and continued access to critical apps during disaster events.
Keep application data traffic local to help meet compliance and regulatory requirements.
Service Edges can be public or private. ZPA Public Service Edges, addressed here, are deployed in Zscaler data centers around the world and can handle hundreds of thousands of concurrent users with millions of concurrent sessions. So, regardless of where your users are physically located, they can access their internal applications from any device. ZPA Public Service Edges enforce access and reauthentication policies based on your organization's corporate best practices. For any given Microtunnel (M-Tunnel), the Control Service Edge is the ZPA Public Service Edge that handles cloud-level system messages to establish the M-Tunnel. ZPA Private Service Edges are fully functional single-tenant brokers that reside within your site or other locations, like cloud services.
Both Zscaler Internet Access (ZIA) and ZPA have Service Edges. The fundamental difference between a Service Edge used for ZIA and one used for ZPA is that:
In ZIA, the Service Edge inspects the data as traffic flows through it. In ZPA, the Service Edge does not inspect the data as traffic flows through it. All Service Edges have significant fault tolerance capabilities. They are deployed in active-active mode to ensure availability and redundancy, and Zscaler monitors and maintains its Service Edges to ensure continuous availability.
User traffic is not passed to any other component within the Zscaler infrastructure, and Service Edges never store any data to disk. Packet data is held in memory for inspection, and is either forwarded or dropped based on policy. Log data generated for every transaction is compressed, tokenized, and exported over secure TLS connections to log routers.
For ZPA Public Service Edges, the log routers direct the information to the Log Streaming Service (LSS), hosted in the appropriate geographical region for each organization.
Highlights
- The ZPA Central Authority (CA) can be thought of as the "brain and nervous system" of the ZPA cloud. It monitors the cloud and provides a central location for software and database updates, as well as policy and configuration settings.
- The ZPA Admin Portal is the central point of control for the entire system. This interface enables organizations to configure system elements, including applications, servers, and policies, and provides analytics dashboards for visibility into the system as a whole.
- All Service Edges have significant fault tolerance capabilities. They are deployed in active-active mode to ensure availability and redundancy, and Zscaler monitors and maintains its Service Edges to ensure continuous availability.
Details
Sold by
Delivery method
Delivery option
64-bit (x86) Amazon Machine Image (AMI)
Latest version
Operating system
Rhel 9
Deployed on AWS
New
Introducing multi-product solutions
You can now purchase comprehensive solutions tailored to use cases and industries.
Features and programs
Financing for AWS Marketplace purchases
AWS Marketplace now accepts line of credit payments through the PNC Vendor Finance program. This program is available to select AWS customers in the US, excluding NV, NC, ND, TN, & VT.
Pricing
Pricing and entitlements for this product are managed through an external billing relationship between you and the vendor. You activate the product by supplying a license purchased outside of AWS Marketplace, while AWS provides the infrastructure required to launch the product. AWS Subscriptions have no end date and may be canceled any time. However, the cancellation won't affect the status of the external license.
Additional AWS infrastructure costs may apply. Use the AWS Pricing Calculator to estimate your infrastructure costs.
Vendor refund policy
Legal
Vendor terms and conditions
Upon subscribing to this product, you must acknowledge and agree to the terms and conditions outlined in the vendor's End User License Agreement (EULA) .
Content disclaimer
Vendors are responsible for their product descriptions and other product content. AWS does not warrant that vendors' product descriptions or other product content are accurate, complete, reliable, current, or error-free.
Delivery details
64-bit (x86) Amazon Machine Image (AMI)
Amazon Machine Image (AMI)
An AMI is a virtual image that provides the information required to launch an instance. Amazon EC2 (Elastic Compute Cloud) instances are virtual servers on which you can run your applications and workloads, offering varying combinations of CPU, memory, storage, and networking resources. You can launch as many instances from as many different AMIs as you need.
Version release notes
Please utilize this link to access Release Notes: https://help.zscaler.com/zpa/zpa-private-service-edge-release-summary-2024
Additional details
Usage instructions
In order to acquire a license key for this product, please contact us via our web form here: https://www.zscaler.com/company/contact .
Once complete, you may access the User Interface of the Zscaler Cloud Portal by accessing this link here: https://admin.zscaler.net/ . If not completed prior, you will be promoted to create an Admin account for your Zscaler Cloud Portal.
Utilizing the login you created, you may now utilize the Zscaler Cloud Portal to access your Zscaler management console where you will be able to manage and deploy new products on AWS, or other locations.
For ZPA Private Serive Edge AWS Deployment see the below:
Update the Security Group associated to the App Connector to temporarily allow inbound access on port 22, then complete the following steps to connect to the instance.
SSH access is required in order to configure the provisioning key for the App Connector. See instructions: https://help.zscaler.com/zpa/private-service-edge-deployment-guide-amazon-web-services
Log in to the App Connector console using your AWS Private Key (i.e., a .pem file).
SSH access is enabled by default on AWS App Connectors, so there is no need to enable the service manually.
Using a standard SSH client, enter the following command to connect to the AWS instance: ssh -i <AWS Private Key> admin@<App Connector Public Hostname or IP Address>
For example, the private key for the AWS instance is AWS.pem and the ZPA Private Service Edge IP address is 35.160.130.25: ssh -i AWS.pem admin@35.160.130.25
Resources
Support
Vendor support
Zscaler global support is available around the clock, with dedicated customer support engineers providing personalized assistance to ensure that customers are getting the most value from our products. Our support engineers have significant experience in networking and security, working closely with operations, sales, and engineering teams to ensure rapid response and resolution.
AWS infrastructure support
AWS Support is a one-on-one, fast-response support channel that is staffed 24x7x365 with experienced and technical support engineers. The service helps customers of all sizes and technical abilities to successfully utilize the products and features provided by Amazon Web Services.
Similar products
Private Cloud Controllers allow users to continue to access applications during ZPA-related cloud outages or internet service provider (ISP) outages. Business Continuity helps organizations achieve uninterrupted access to applications without any manual intervention.
Private Cloud Controllers can be deployed in several forms. Zscaler distributes a standard virtual machine (VM) image for deployment in enterprise data centers, local private cloud environments such as VMware, or public cloud environments such as Amazon Web Services (AWS), Microsoft Azure Cloud, or Google Cloud Platform. Additionally, Zscaler provides packages that can be installed on supported Linux distributions. Typically, the VM images are deployed on network segments that can access the ZPA cloud and accept inbound connections on port 443 simultaneously, such as in a DMZ. Private Cloud Controllers require inbound 443 and outbound 443 connections to be open.
ZPA Connectors provide the secure authenticated interface between a customer's servers and the Zscaler Private Access cloud.
App Connectors can be deployed in several forms. Zscaler distributes a standard virtual machine (VM) image for deployment in enterprise data centers, local private cloud environments such as VMware, or public cloud environments such as Amazon Web Services (AWS) EC2. Additionally, Zscaler provides packages that can be installed on supported Linux distributions.
Connectors can be co-located with your enterprise applications, or they can be deployed in any location that has connectivity to the applications. Typically, they are deployed on network segments that can access secured applications and the ZPA cloud simultaneously, such as in a DMZ. Connectors only connect outbound; they do not need any inbound open ports to operate correctly.
Zscaler Private Access (ZPA) Network Connectors provide a secure authenticated interface between remote network segments and the ZPA cloud, and help enable end-to-end secure remote access. Network Connectors are part of the VPN (for Legacy Apps) solution and build the inside-out tunnel to VPN Service Edges and ZPA Public Brokers. You can deploy Network Connectors in two forms:
A standard virtual machine (VM) image for deployment in datacenter and campus remote sites.
AMI images for Amazon Web Services (AWS) EC2 and VM images for Microsoft Azure.
Additionally, Zscaler provides packages that you can install on RHEL (9.x) Linux distributions. Network Connectors allow seamless connectivity to specific network segments and can be deployed in any location that has connectivity to the ZPA cloud. Like App Connectors, Network Connectors connect outbound only and do not require inbound open ports for operation.
EpicCyber’s Zscaler ZIA & ZPA Essentials Elite Deployment Service is designed for organizations with 2500-5000 users. With hands-on-keyboard service delivery, Essentials Elite includes the setup of more advanced Zscaler features (e.g., DLP, ZDX, and tablet integration).
Our service bundle is optimized for specific customer use cases, including custom security policies, multifactor authentication (MFA), and identity access management (IAM) integration to connect and operate with your existing business systems, enabling protection against advanced threats. Utilizing
EpicCyber’s experience with nearly a decade of successful Zscaler deployments and our vibrant managed services customer base, our Zscaler Essentials Elite Deployment, accelerates adoption, enabling you to maximize Zscaler’s benefits across your organization.
Customer reviews
Esma Y.
Zscaler Private Access: Stable, Secure VPN Alternative That Streamlines Daily Work
Reviewed on Apr 14, 2026
Review provided by G2
What do you like best about the product?
What I like most about Zscaler Private Access is how it completely changes the way you connect to internal systems. With traditional VPNs, I always felt like I was opening the door to the entire network, even when I only needed one application. With ZPA, I’m only connected to what I actually need, and that makes a big difference in terms of both security and peace of mind.
From a test automation perspective, it has made my daily work much smoother. I used to deal with random VPN drops right in the middle of running tests or calling internal APIs, which was frustrating. With ZPA, the connection is much more stable. Once I’m logged in, I can access staging environments and APIs without interruptions, which saves time especially during debugging and long test runs.
On the UI/UX side, I like that it’s not something I constantly have to think about. The client is simple and runs quietly in the background. From an admin perspective, the interface can feel a bit complex at first, but once you get used to it, managing access policies becomes more structured and predictable.
Another thing I appreciate is how it integrates with identity providers. Access is based on roles and context, so I don’t have to chase permissions all the time. It’s clear, controlled, and feels more secure without adding extra friction.
In terms of performance, it was actually better than I expected. Compared to VPN, latency feels lower, especially when running API-heavy automated tests. That directly impacts our efficiency.
From a pricing/ROI perspective, it makes sense if you consider the bigger picture. It’s not just about replacing VPN, but reducing downtime, improving security, and saving engineering time. Fewer connection issues alone have already paid back a lot for us.
Support has also been reliable in my experience. When we had configuration questions early on, responses were helpful and fairly quick, which made the onboarding process easier.
I haven’t deeply used any AI-driven features, but the platform’s policy-based intelligence and access control logic already feel quite advanced. It’s clear that decisions are not just static rules but based on context like user identity and device state.
Overall, it’s been a more stable, secure, and less frustrating way to access internal resources compared to traditional approaches.
From a test automation perspective, it has made my daily work much smoother. I used to deal with random VPN drops right in the middle of running tests or calling internal APIs, which was frustrating. With ZPA, the connection is much more stable. Once I’m logged in, I can access staging environments and APIs without interruptions, which saves time especially during debugging and long test runs.
On the UI/UX side, I like that it’s not something I constantly have to think about. The client is simple and runs quietly in the background. From an admin perspective, the interface can feel a bit complex at first, but once you get used to it, managing access policies becomes more structured and predictable.
Another thing I appreciate is how it integrates with identity providers. Access is based on roles and context, so I don’t have to chase permissions all the time. It’s clear, controlled, and feels more secure without adding extra friction.
In terms of performance, it was actually better than I expected. Compared to VPN, latency feels lower, especially when running API-heavy automated tests. That directly impacts our efficiency.
From a pricing/ROI perspective, it makes sense if you consider the bigger picture. It’s not just about replacing VPN, but reducing downtime, improving security, and saving engineering time. Fewer connection issues alone have already paid back a lot for us.
Support has also been reliable in my experience. When we had configuration questions early on, responses were helpful and fairly quick, which made the onboarding process easier.
I haven’t deeply used any AI-driven features, but the platform’s policy-based intelligence and access control logic already feel quite advanced. It’s clear that decisions are not just static rules but based on context like user identity and device state.
Overall, it’s been a more stable, secure, and less frustrating way to access internal resources compared to traditional approaches.
What do you dislike about the product?
One of the main challenges with Zscaler Private Access is the initial setup and configuration. The Zero Trust model is powerful, but it also comes with a learning curve. Defining policies, segmenting applications correctly, and making sure everything works as expected can take time, especially if you're coming from a traditional VPN setup.
From a day-to-day usage perspective, troubleshooting can sometimes be a bit difficult. When something doesn’t work, it’s not always immediately clear whether the issue is related to policies, identity provider integration, or network configuration. This can slow things down, especially when you're trying to quickly access an internal service during development or testing.
On the UI/UX side, while the end-user experience is simple, the admin interface can feel a bit overwhelming at first. There are many configuration layers, and it takes some time to fully understand how everything is connected.
Pricing could also be a consideration for smaller teams. While it delivers value in terms of security and stability, the cost might feel high if you're not fully utilizing all of its capabilities.
In terms of support, while generally helpful, response times can vary depending on the issue, and more complex cases may require some back-and-forth before getting fully resolved.
Lastly, while the platform has strong policy-based logic, I haven’t seen very visible or impactful AI-driven features in everyday use yet. Most of the intelligence still feels rule-based rather than adaptive.
Overall, none of these are deal-breakers, but they are things to consider, especially during the onboarding and early adoption phase.
From a day-to-day usage perspective, troubleshooting can sometimes be a bit difficult. When something doesn’t work, it’s not always immediately clear whether the issue is related to policies, identity provider integration, or network configuration. This can slow things down, especially when you're trying to quickly access an internal service during development or testing.
On the UI/UX side, while the end-user experience is simple, the admin interface can feel a bit overwhelming at first. There are many configuration layers, and it takes some time to fully understand how everything is connected.
Pricing could also be a consideration for smaller teams. While it delivers value in terms of security and stability, the cost might feel high if you're not fully utilizing all of its capabilities.
In terms of support, while generally helpful, response times can vary depending on the issue, and more complex cases may require some back-and-forth before getting fully resolved.
Lastly, while the platform has strong policy-based logic, I haven’t seen very visible or impactful AI-driven features in everyday use yet. Most of the intelligence still feels rule-based rather than adaptive.
Overall, none of these are deal-breakers, but they are things to consider, especially during the onboarding and early adoption phase.
What problems is the product solving and how is that benefiting you?
Before using Zscaler Private Access, our biggest issue was dealing with traditional VPN limitations. Connections were often unstable, especially during long test runs, and it was frustrating to lose access in the middle of hitting internal APIs or working in staging environments. It also felt a bit risky knowing that once connected, you were technically inside the whole network, even if you only needed one service.
ZPA solved this by removing the dependency on VPN and switching to a more targeted access model. Now, instead of connecting to the entire network, I can securely access only the specific applications I need. This has made a noticeable difference in both stability and security.
For my daily work in test automation, the biggest benefit has been consistency. I can run API tests, access internal tools, and debug issues without worrying about random disconnects. It’s especially helpful when running longer automation suites, where even a small interruption used to cause failures and waste time.
Another benefit is around access control. Permissions are clearly defined, so I don’t have to constantly request access or deal with unnecessary privileges. Everything feels more streamlined and controlled.
Overall, it has reduced a lot of the friction we used to have with remote access. Less time spent dealing with connection issues means more time actually focusing on testing and development, which has been a big win for productivity.
ZPA solved this by removing the dependency on VPN and switching to a more targeted access model. Now, instead of connecting to the entire network, I can securely access only the specific applications I need. This has made a noticeable difference in both stability and security.
For my daily work in test automation, the biggest benefit has been consistency. I can run API tests, access internal tools, and debug issues without worrying about random disconnects. It’s especially helpful when running longer automation suites, where even a small interruption used to cause failures and waste time.
Another benefit is around access control. Permissions are clearly defined, so I don’t have to constantly request access or deal with unnecessary privileges. Everything feels more streamlined and controlled.
Overall, it has reduced a lot of the friction we used to have with remote access. Less time spent dealing with connection issues means more time actually focusing on testing and development, which has been a big win for productivity.
Consulting
Seamless Always-On Zero Trust Access with Strong Global Performance
Reviewed on Apr 11, 2026
Review provided by G2
What do you like best about the product?
I like how Zscaler Private Access removes the need for traditional VPNs and delivers a seamless, always-on experience. Users don’t have to think about connecting; access just works quietly in the background. The Zero Trust model also helps ensure applications are never exposed to the internet, which significantly reduces the attack surface. Performance remains consistently strong thanks to Zscaler’s global cloud, and once the structure is set up, policy management becomes much more straightforward. Overall, it strengthens security while improving the user experience at the same time. It's among my potential future options, and its pricing and integration could make it a deciding factor, but I haven't evaluated it thoroughly yet.
What do you dislike about the product?
The biggest challenge with ZPA is the initial setup and policy design. Zero Trust requires very granular segmentation, so if the application inventory or access flows aren’t well‑mapped, the rollout can feel complex. Troubleshooting can also be tricky because traffic doesn’t behave like a traditional VPN, and logs sometimes require deeper analysis. Additionally, the Client Connector agent occasionally needs user intervention after OS updates, and some legacy applications don’t behave perfectly without extra tuning.
What problems is the product solving and how is that benefiting you?
Zscaler Private Access eliminates the operational and security issues of traditional VPNs. Instead of exposing the network, it provides application‑level access based on identity and device posture. This solves problems like VPN bottlenecks, lateral movement risk, and complex firewall rules. For us, the biggest benefit is that users get seamless, always‑on access without needing to manually connect to anything. Security teams gain tighter control and visibility, and the attack surface is dramatically reduced because internal apps are never exposed to the internet. Overall, it improves both productivity and security at the same time.
Toka M.
Secure Per‑App Access, But Less Control and Harder Troubleshooting
Reviewed on Apr 09, 2026
Review provided by G2
What do you like best about the product?
The best thing about ZPA is that it removes the concept of being on the network entirely and replaces it with secure, direct, per app access. “invisible infrastructure” idea is a major shift
What do you dislike about the product?
You gain strong security and simplicity but give up some control, performance consistency, and ease of troubleshooting. Some users even report occasional connection drops or outages impacting access.
What problems is the product solving and how is that benefiting you?
ZPA is solving this core problem:
Old security assumes users inside the network are trusted. Modern reality proves that’s dangerous. Benefit to me for this reason:
Safer access
Simpler experience
More flexibility
Less risk of major breaches
Old security assumes users inside the network are trusted. Modern reality proves that’s dangerous. Benefit to me for this reason:
Safer access
Simpler experience
More flexibility
Less risk of major breaches
Betül B.
Seamless Security Without VPN Hassle
Reviewed on Apr 08, 2026
Review provided by G2
What do you like best about the product?
I like how simple and seamless Zscaler Private Access is. There's no VPN hassle for users, and from our side, it's easy to control access. It just works without getting in the way. The app-level access control is the most valuable for us, as being able to define exactly who can access which application keeps things really clean and secure. We also rely a lot on the client connector, as it makes the whole experience seamless. The initial setup of Zscaler Private Access was very easy, which is a big plus.
What do you dislike about the product?
Troubleshooting can be a bit tricky, and the initial setup isn’t the most intuitive. Occasionally, we also run into small connectivity issues with some apps. Clearer error messages and a simpler troubleshooting dashboard would help, plus more consistent app connectivity.
What problems is the product solving and how is that benefiting you?
I use Zscaler Private Access to give remote users secure access to apps without a traditional VPN, solving issues with broad network access and performance. It’s simple, seamless, and easy to control, letting us define who can access each app, making it secure and clean.
Telecommunications
Easy to Install and Manage Overall
Reviewed on Apr 07, 2026
Review provided by G2
What do you like best about the product?
The installation process of Zscaler is quite simple, and its integration for both Windows and MacOs is perfect. User interface is also quite easy to navigate and manage.
What do you dislike about the product?
The number of features that are available for the end user to change the behavior of Zscaler is quite limited. And customer support is not always fast when having connectivity issues.
What problems is the product solving and how is that benefiting you?
The main problem it is solving is the secure connectivity to corporate network and cloud resources as well as access to labs remotely. It enables me to work from anywhere