Solutions > ZTNA On-Premises

Bring the Power of ZTNA On-Premises

ZPA Private Service Edge enables least-privilege access to private apps without the complexity of network segmentation

Get Started

Excessive trust of office users creates risk

Private applications are the heart of every enterprise, which is why it’s critical to ensure secure access to them. The problem is that users sitting at headquarters or a branch office are often inherently “trusted” by the network and security team. This trust leaves the organization exposed to risk—you need to be able to limit trust.

The challenge of providing ZTNA for office users

Network segmentation is complex

Defining segments and using internal firewalls can be complex and time-consuming, even for simple tasks

Overprivileged access is risky

Connecting a user to a data center network leads to additional security concerns

Your workforce requires different access levels

Your users include local and remote employees as well as third-party users

Local users want local access

If a user at HQ needs access to an app in the local data center, it may not make sense to go out to a cloud ZTNA service

ZTNA has gone local with ZPA Private Service Edge

Zero trust network access (ZTNA) services provide secure access to internal applications based on user-to-hostname policies. But most services are limited to your remote users.

Now, our cloud-delivered ZTNA service, Zscaler Private Access (ZPA), can be extended to your data center or public cloud edge with ZPA Private Service Edge.

ZPA Private Service Edge provides a simpler way to enable secure access to private apps and enables an identical experience for local or remote users accessing apps in the data center or cloud.

What ZPA Private Service Edge means for you

Simplified segmentation

“User-to-hostname” policies allow you to move away from “Source IP-to-destination IP” firewall rules

Protection for private apps

Create 1:1 connections between an authorized user and a specific private app to minimize lateral movement

Streamlined compliance

Comply with any regulations that prevent the use of cloud-hosted technology

Fast user experience

User seamlessly connects through the local ZTNA service, optimizing performance

We’ve been using ZPA since 2018 as a VPN alternative. When we heard about ZPA Private Service Edge, we realized that we could extend the zero trust access capabilities of the public ZPA cloud with software that can run in our own network. We’re now able to better protect our business-critical private apps, and deliver the best user experience possible, by using our ZPA Private Service Edge that runs on-premises, but is managed by Zscaler.

Nicholas Pandola

Global Director Information Security



ZPA Private Service Edge


Gartner Market Guide for ZTNA