Overview
A key component of the Zscaler cloud, Service Edges are full-featured secure internet gateways that provide integrated internet security.
ZPA Private Service Edges provide the following benefits and enable you to:
Implement Zero Trust Network Access (ZTNA) for on-premises users. Securely access applications when ZPA Public Service Edges in data centers are not conveniently located between users and the applications they need to reach.
Ensure business continuity and continued access to critical apps during disaster events.
Keep application data traffic local to help meet compliance and regulatory requirements.
Service Edges can be public or private. ZPA Public Service Edges, addressed here, are deployed in Zscaler data centers around the world and can handle hundreds of thousands of concurrent users with millions of concurrent sessions. So, regardless of where your users are physically located, they can access their internal applications from any device. ZPA Public Service Edges enforce access and reauthentication policies based on your organization's corporate best practices. For any given Microtunnel (M-Tunnel), the Control Service Edge is the ZPA Public Service Edge that handles cloud-level system messages to establish the M-Tunnel. ZPA Private Service Edges are fully functional single-tenant brokers that reside within your site or other locations, like cloud services.
Both Zscaler Internet Access (ZIA) and ZPA have Service Edges. The fundamental difference between a Service Edge used for ZIA and one used for ZPA is that:
In ZIA, the Service Edge inspects the data as traffic flows through it. In ZPA, the Service Edge does not inspect the data as traffic flows through it. All Service Edges have significant fault tolerance capabilities. They are deployed in active-active mode to ensure availability and redundancy, and Zscaler monitors and maintains its Service Edges to ensure continuous availability.
User traffic is not passed to any other component within the Zscaler infrastructure, and Service Edges never store any data to disk. Packet data is held in memory for inspection, and is either forwarded or dropped based on policy. Log data generated for every transaction is compressed, tokenized, and exported over secure TLS connections to log routers.
For ZPA Public Service Edges, the log routers direct the information to the Log Streaming Service (LSS), hosted in the appropriate geographical region for each organization.
Highlights
- The ZPA Central Authority (CA) can be thought of as the "brain and nervous system" of the ZPA cloud. It monitors the cloud and provides a central location for software and database updates, as well as policy and configuration settings.
- The ZPA Admin Portal is the central point of control for the entire system. This interface enables organizations to configure system elements, including applications, servers, and policies, and provides analytics dashboards for visibility into the system as a whole.
- All Service Edges have significant fault tolerance capabilities. They are deployed in active-active mode to ensure availability and redundancy, and Zscaler monitors and maintains its Service Edges to ensure continuous availability.
Details
Features and programs
Financing for AWS Marketplace purchases
Pricing
Additional AWS infrastructure costs
Type | Cost |
|---|---|
EBS General Purpose SSD (gp3) volumes | $0.08/per GB/month of provisioned storage |
Vendor refund policy
Legal
Vendor terms and conditions
Content disclaimer
Delivery details
64-bit (x86) Amazon Machine Image (AMI)
Amazon Machine Image (AMI)
An AMI is a virtual image that provides the information required to launch an instance. Amazon EC2 (Elastic Compute Cloud) instances are virtual servers on which you can run your applications and workloads, offering varying combinations of CPU, memory, storage, and networking resources. You can launch as many instances from as many different AMIs as you need.
Version release notes
Please utilize this link to access Release Notes: https://help.zscaler.com/zpa/zpa-private-service-edge-release-summary-2024
Additional details
Usage instructions
In order to acquire a license key for this product, please contact us via our web form here: https://www.zscaler.com/company/contact .
Once complete, you may access the User Interface of the Zscaler Cloud Portal by accessing this link here: https://admin.zscaler.net/ . If not completed prior, you will be promoted to create an Admin account for your Zscaler Cloud Portal.
Utilizing the login you created, you may now utilize the Zscaler Cloud Portal to access your Zscaler management console where you will be able to manage and deploy new products on AWS, or other locations.
For ZPA Private Serive Edge AWS Deployment see the below:
Update the Security Group associated to the App Connector to temporarily allow inbound access on port 22, then complete the following steps to connect to the instance.
SSH access is required in order to configure the provisioning key for the App Connector. See instructions: https://help.zscaler.com/zpa/private-service-edge-deployment-guide-amazon-web-services
Log in to the App Connector console using your AWS Private Key (i.e., a .pem file).
SSH access is enabled by default on AWS App Connectors, so there is no need to enable the service manually.
Using a standard SSH client, enter the following command to connect to the AWS instance: ssh -i <AWS Private Key> admin@<App Connector Public Hostname or IP Address>
For example, the private key for the AWS instance is AWS.pem and the ZPA Private Service Edge IP address is 35.160.130.25: ssh -i AWS.pem admin@35.160.130.25
Resources
Support
Vendor support
Zscaler global support is available around the clock, with dedicated customer support engineers providing personalized assistance to ensure that customers are getting the most value from our products. Our support engineers have significant experience in networking and security, working closely with operations, sales, and engineering teams to ensure rapid response and resolution.
AWS infrastructure support
AWS Support is a one-on-one, fast-response support channel that is staffed 24x7x365 with experienced and technical support engineers. The service helps customers of all sizes and technical abilities to successfully utilize the products and features provided by Amazon Web Services.
Similar products
