Sold by: Zscaler, Inc.
The ZPA Private Service Edges are brokers that are a single-tenant instance that provide the functionality of a ZPA Public Service Edge in an organization's environment. Your organization hosts them either within your site or on a cloud service, but Zscaler manages them. On the other hand, ZPA Public Service Edges are deployed in Zscaler data centers around the world.
As with a ZPA Public Service Edge, a ZPA Private Service Edge manages the connections between Zscaler Client Connector and App Connectors. It registers with the ZPA Cloud. This allows a ZPA Private Service Edge to download the relevant policies and configurations so it can enforce all ZPA policies. It also caches path selection decisions.
ZPA Private Service Edges can be deployed in several forms. Zscaler distributes images for deployment in enterprise data centers and local private cloud environments such as VMware.
Sold by: Zscaler, Inc.
Overview
A key component of the Zscaler cloud, Service Edges are full-featured secure internet gateways that provide integrated internet security.
ZPA Private Service Edges provide the following benefits and enable you to:
Implement Zero Trust Network Access (ZTNA) for on-premises users. Securely access applications when ZPA Public Service Edges in data centers are not conveniently located between users and the applications they need to reach.
Ensure business continuity and continued access to critical apps during disaster events.
Keep application data traffic local to help meet compliance and regulatory requirements.
Service Edges can be public or private. ZPA Public Service Edges, addressed here, are deployed in Zscaler data centers around the world and can handle hundreds of thousands of concurrent users with millions of concurrent sessions. So, regardless of where your users are physically located, they can access their internal applications from any device. ZPA Public Service Edges enforce access and reauthentication policies based on your organization's corporate best practices. For any given Microtunnel (M-Tunnel), the Control Service Edge is the ZPA Public Service Edge that handles cloud-level system messages to establish the M-Tunnel. ZPA Private Service Edges are fully functional single-tenant brokers that reside within your site or other locations, like cloud services.
Both Zscaler Internet Access (ZIA) and ZPA have Service Edges. The fundamental difference between a Service Edge used for ZIA and one used for ZPA is that:
In ZIA, the Service Edge inspects the data as traffic flows through it. In ZPA, the Service Edge does not inspect the data as traffic flows through it. All Service Edges have significant fault tolerance capabilities. They are deployed in active-active mode to ensure availability and redundancy, and Zscaler monitors and maintains its Service Edges to ensure continuous availability.
User traffic is not passed to any other component within the Zscaler infrastructure, and Service Edges never store any data to disk. Packet data is held in memory for inspection, and is either forwarded or dropped based on policy. Log data generated for every transaction is compressed, tokenized, and exported over secure TLS connections to log routers.
For ZPA Public Service Edges, the log routers direct the information to the Log Streaming Service (LSS), hosted in the appropriate geographical region for each organization.
Highlights
- The ZPA Central Authority (CA) can be thought of as the "brain and nervous system" of the ZPA cloud. It monitors the cloud and provides a central location for software and database updates, as well as policy and configuration settings.
- The ZPA Admin Portal is the central point of control for the entire system. This interface enables organizations to configure system elements, including applications, servers, and policies, and provides analytics dashboards for visibility into the system as a whole.
- All Service Edges have significant fault tolerance capabilities. They are deployed in active-active mode to ensure availability and redundancy, and Zscaler monitors and maintains its Service Edges to ensure continuous availability.
Details
Sold by
Delivery method
Delivery option
64-bit (x86) Amazon Machine Image (AMI)
Latest version
Operating system
Rhel 9
Features and programs
Financing for AWS Marketplace purchases
AWS Marketplace now accepts line of credit payments through the PNC Vendor Finance program. This program is available to select AWS customers in the US, excluding NV, NC, ND, TN, & VT.
Pricing
Pricing and entitlements for this product are managed outside of AWS Marketplace through an external billing relationship between you and the vendor. You activate the product by supplying an existing license purchased outside of AWS Marketplace, while AWS provides the infrastructure required to launch the product. Subscriptions have no end date and may be cancelled any time. However, the cancellation won't affect the status of an active license if it was purchased outside of AWS Marketplace.
Additional AWS infrastructure costs may apply. Use the AWS Pricing Calculator to estimate your infrastructure costs.
Type | Cost |
|---|---|
EBS General Purpose SSD (gp3) volumes | $0.08/per GB/month of provisioned storage |
Vendor refund policy
Legal
Vendor terms and conditions
Upon subscribing to this product, you must acknowledge and agree to the terms and conditions outlined in the vendor's End User License Agreement (EULA) .
Content disclaimer
Vendors are responsible for their product descriptions and other product content. AWS does not warrant that vendors' product descriptions or other product content are accurate, complete, reliable, current, or error-free.
Delivery details
64-bit (x86) Amazon Machine Image (AMI)
Amazon Machine Image (AMI)
An AMI is a virtual image that provides the information required to launch an instance. Amazon EC2 (Elastic Compute Cloud) instances are virtual servers on which you can run your applications and workloads, offering varying combinations of CPU, memory, storage, and networking resources. You can launch as many instances from as many different AMIs as you need.
Version release notes
Please utilize this link to access Release Notes: https://help.zscaler.com/zpa/zpa-private-service-edge-release-summary-2024
Additional details
Usage instructions
In order to acquire a license key for this product, please contact us via our web form here: https://www.zscaler.com/company/contact .
Once complete, you may access the User Interface of the Zscaler Cloud Portal by accessing this link here: https://admin.zscaler.net/ . If not completed prior, you will be promoted to create an Admin account for your Zscaler Cloud Portal.
Utilizing the login you created, you may now utilize the Zscaler Cloud Portal to access your Zscaler management console where you will be able to manage and deploy new products on AWS, or other locations.
For ZPA Private Serive Edge AWS Deployment see the below:
Update the Security Group associated to the App Connector to temporarily allow inbound access on port 22, then complete the following steps to connect to the instance.
SSH access is required in order to configure the provisioning key for the App Connector. See instructions: https://help.zscaler.com/zpa/private-service-edge-deployment-guide-amazon-web-services
Log in to the App Connector console using your AWS Private Key (i.e., a .pem file).
SSH access is enabled by default on AWS App Connectors, so there is no need to enable the service manually.
Using a standard SSH client, enter the following command to connect to the AWS instance: ssh -i <AWS Private Key> admin@<App Connector Public Hostname or IP Address>
For example, the private key for the AWS instance is AWS.pem and the ZPA Private Service Edge IP address is 35.160.130.25: ssh -i AWS.pem admin@35.160.130.25
Resources
Support
Vendor support
Zscaler global support is available around the clock, with dedicated customer support engineers providing personalized assistance to ensure that customers are getting the most value from our products. Our support engineers have significant experience in networking and security, working closely with operations, sales, and engineering teams to ensure rapid response and resolution.
AWS infrastructure support
AWS Support is a one-on-one, fast-response support channel that is staffed 24x7x365 with experienced and technical support engineers. The service helps customers of all sizes and technical abilities to successfully utilize the products and features provided by Amazon Web Services.
Similar products
Zscaler Private Access Connector
By Zscaler, Inc.
ZPA Connectors provide the secure authenticated interface between a customer's servers and the Zscaler Private Access cloud.
App Connectors can be deployed in several forms. Zscaler distributes a standard virtual machine (VM) image for deployment in enterprise data centers, local private cloud environments such as VMware, or public cloud environments such as Amazon Web Services (AWS) EC2. Additionally, Zscaler provides packages that can be installed on supported Linux distributions.
Connectors can be co-located with your enterprise applications, or they can be deployed in any location that has connectivity to the applications. Typically, they are deployed on network segments that can access secured applications and the ZPA cloud simultaneously, such as in a DMZ. Connectors only connect outbound; they do not need any inbound open ports to operate correctly.
Cloud Security Solutions with Zscaler & Asante Cloud
By Asante Cloud
Discover a comprehensive suite of Zscaler Cloud Security Solutions on AWS Marketplace. Protect your cloud journey with Cloud Connector, Private Access, Internet Access, and more, ensuring secure and compliant access to applications and the internet.
Zscaler Cloud Connector
By Zscaler, Inc.
Enabled by the Zscaler Zero Trust Exchange (ZTE), Zscaler Cloud Connector is a virtual machine (VM) that simplifies traffic forwarding to Zscaler services. It extends the capabilities of Zscaler Internet Access (ZIA) and Zscaler Private Access (ZPA) to cloud-native workloads, which allows enterprises to secure cloud workload communications over any network.
The ZTE enables workloads to communicate with each other and have a granular security policy applied. The communication may be from private workloads (i.e., IaaS, physical data center) to public workloads (i.e., SaaS/internet), or between private workloads (i.e., IaaS to IaaS, IaaS to physical data center).
Zscaler U.S. Government Solutions, Zscaler for Users, FedRAMP Authorized
By Zscaler U.S. Government Solutions
Zscaler for Users consists of three FedRAMP and StateRAMP authorized services, Zscaler Internet Access Gov, Zscaler Private Access Gov, and Zscaler Digital Experience Gov, to improve security, data protection, and digital experience. All three solutions are powered by the Zscaler Zero Trust Exchange, a cloud-native security platform that securely connects any user, device, and application, regardless of location. Following the principle of least-privileged access, the platform establishes trust through user identity and context, including location, device, application, and content, and then creates secure, direct connections based on policy enforcement. The platform supports IT federal mission transformation by reducing costs, eliminating the internet attack surface, and preventing lateral threat movement while providing an excellent user experience.
Customer reviews
Ayush K.
Zscaler Private access
Reviewed on Feb 08, 2025
Review provided by G2
What do you like best about the product?
It is smooth and high secure which increases your reliability to the website.
What do you dislike about the product?
Need some improvements in website speed as well frontend.
What problems is the product solving and how is that benefiting you?
The most impressive thing about Zscaler is smoothness and uder friendly.
Leave a comment0 comments
Marketing and Advertising
Secure and seamless access to applications and data
Reviewed on Feb 04, 2025
Review provided by G2
What do you like best about the product?
From a security and IT standpoint, it helped 6sense to be more secure and efficient when it comes to wireless connectivity. It very easier to use and frequency of use is regular with multiple number of features.
What do you dislike about the product?
The implementation and integration part was little bit difficult and took time to sync with the data. Although customer support was prompt to respond to all the issues.
What problems is the product solving and how is that benefiting you?
It is providing secure network environment and providing wireless secure access to applications without connecting to 6sense network.
Computer Software
Zscaler Private Access Review
Reviewed on Feb 01, 2025
Review provided by G2
What do you like best about the product?
Zscaler Private Access (ZPA) provides us with a seamless and secure connection to private applications without using a VPN service. It uses to zero trust model to achieve this secure connection.
ZPA has a vast global network consisting of multiple data centers, making it easy to connect and use the application smoothly with seamless on frequent use of the application.
ZPA is easy to implement with your cloud or on-premises hosted application as it does not require any hardware installation.
ZPA has several features like customizable policies by administrators, support for legacy systems, and comprehensive security features.
ZPA provides API support that makes it easy to integrate with the existing tools and workflow.
ZPA has good and very helpful customer support that is available 24x7 to help there end client.
ZPA has a vast global network consisting of multiple data centers, making it easy to connect and use the application smoothly with seamless on frequent use of the application.
ZPA is easy to implement with your cloud or on-premises hosted application as it does not require any hardware installation.
ZPA has several features like customizable policies by administrators, support for legacy systems, and comprehensive security features.
ZPA provides API support that makes it easy to integrate with the existing tools and workflow.
ZPA has good and very helpful customer support that is available 24x7 to help there end client.
What do you dislike about the product?
The cost of the service is one of the major factors that cause an issue for some growing businesses.
What problems is the product solving and how is that benefiting you?
Zscaler Private Access are replacing the traditional way to use private application using VPN by there zero trust architecture that help to make secure and yet a seamless connection with application.
Rutik T.
"Zscaler Private Access: A Secure and Scalable Zero Trust Solution"
Reviewed on Feb 01, 2025
Review provided by G2
What do you like best about the product?
What I like best about Zscaler Private Access (ZPA) is how it makes remote access both secure and seamless. Unlike traditional VPNs, ZPA doesn’t expose the network, so users only connect to the apps they’re authorized for, which greatly reduces security risks.
What do you dislike about the product?
Sometimes, there can be a bit of lag when connecting to certain apps, especially if the network isn’t optimized. Also, the cost can be a little high, which might not be ideal for smaller businesses.
What problems is the product solving and how is that benefiting you?
VPN headaches Replaces clunky, insecure VPNs with faster, direct app access.
Computer Software
Reviewing Zscaler Private
Reviewed on Jan 31, 2025
Review provided by G2
What do you like best about the product?
The zero trust policy and the cloud native architecture of Zscaler is a great option to have. Besides it also allows to use VPN but overcoming Limitations of the tradition VPN by allowing specific application only
What do you dislike about the product?
The thing that make Zscaler unappealing is its cost . Also sometimes things are a bit complex to do.
What problems is the product solving and how is that benefiting you?
Its helpling to handle the secure authentication we required and while also giving us the access to applications via VPN