Solutions > ZTNA On-Premises

Bring the Power of ZTNA On-Premises

ZPA Private Service Edge enables least-privilege access to private
apps without the complexity of network segmentation

ztna on premises diagram

Excessive trust of office users creates risk

Private applications are the heart of every enterprise, which is why it’s critical to ensure secure access to them. The problem is that users sitting at headquarters or a branch office are often inherently “trusted” by the network and security team. This trust leaves the organization exposed to risk—you need to be able to limit trust.

The challenge of providing ZTNA for office users

zscaler cloud firewall

Network segmentation is complex

Defining segments and using internal firewalls can be complex and time-consuming, even for simple tasks

ztna on prem

Overprivileged access is risky

Connecting a user to a data center network leads to additional security concerns
ztna on premises

Your workforce requires different access levels

Your users include local and remote employees as well as third-party users
ztna on premises

Local users want local access

If a user at HQ needs access to an app in the local data center, it may not make sense to go out to a cloud ZTNA service

ZTNA has gone local with ZPA Private Service Edge

Zero trust network access (ZTNA) services provide secure access to internal applications based on user-to-hostname policies. But most services are limited to your remote users.

Now, our cloud-delivered ZTNA service, Zscaler Private Access (ZPA), can be extended to your data center or public cloud edge with ZPA Private Service Edge.

ZPA Private Service Edge provides a simpler way to enable secure access to private apps and enables an identical experience for local or remote users accessing apps in the data center or cloud.

ztna on premises diagram

What ZPA Private Service Edge means for you

ztna on premises

Simplified segmentation

“User-to-hostname” policies allow you to move away from “Source IP-to-destination IP” firewall rules

ztna on prem

Protection for private apps

Create 1:1 connections between an authorized user and a specific private app to minimize lateral movement

ztna on premises

Streamlined compliance

Comply with any regulations that prevent the use of cloud-hosted technology

ztna on premises

Fast user experience

User seamlessly connects through the local ZTNA service, optimizing  performance


We’ve been using ZPA since 2018 as a VPN alternative. When we heard about ZPA Private Service Edge, we realized that we could extend the zero trust access capabilities of the public ZPA cloud with software that can run in our own network. We’re now able to better protect our business-critical private apps, and deliver the best user experience possible, by using our ZPA Private Service Edge that runs on-premises, but is managed by Zscaler.

Nicholas Pandola

Global Director Information Security

Preparing for the Reopen: What ZPA Brings to Security, User Experience, and Compliance

Build a strategy to bring users back to the office. Learn from experts on how to combat risk, as well as secure local connections for evolved application access anywhere, with ZTNA.

Preparing for the Reopen: What ZPA Brings to Security, User Experience, and Compliance

Suggested Resources

Data sheet

ZPA Private Service Edge

Market Guide

Gartner Market Guide for ZTNA

To transform your network and security, talk to Zscaler

Yes, please keep me updated on Zscaler news, events, webcast and special offers.

By submitting the form, you are agreeing to our privacy policy.