I trying to understand how deployment will work in our client’s environment.

Here is the scenario:

at on-premises they have domain controllers, Files & DBs on their machines
currenly on azure, they have some Integration runtime VMs, Domain controller on VMs, Some applications running on VMs, Azure Databases

workflow is on-premises and azure is connected via Azure VPN gateway. an azure data factory extracts data from on-premises, does transformation and serves to azure database and datawarehouse.

Now they want to deploy Zscaler ZPA instead of Azure VPN gateway.

I am having doubt, how we can deploy zscaler on azure.

as they need inbound and outbound connectivity on azure VMs, will it support to deploy only app connector in transit vnet and peer rest all the vnets to transit vnet? will it need to deploy cloud connector as well?

App Connectors will provide inbound connectivity into Azure. If the components in Azure need to initiate outbound connectivity, they will then also need to deploy Cloud Connector.

We have a good Reference Architecture document for Azure, which will hopefully help:

Marc