Zscaler for Workloads (Cloud Connector) utilizes an IaaS VM deployment from the respective public cloud marketplaces. What is Cloud Connector?
As with many cloud offerings, Cloud Connector follows a Shared Responsibility Model where Zscaler provides the VM image and maintains all software/application and OS patching. The customer simply needs to deploy the actual compute resources to run the appliance in their account/tenant. Generally, software updates are pushed incrementally per Zscaler release schedules. Periodically, we will release new versions of the VM image to the AWS/Azure marketplaces though. This could be due to a variety of reasons, such as a new feature release, OS/Kernel update that would be too disruptive or difficult to update in-place, or other performance/boot optimizations. When this happens, the following things will occur:
Zscaler will update Cloud Connector Release Notes. (Example linked when Azure Accelerating Networking support was introduced).
Cloud Connector Portal Banner update. This may include additional information or just link to the release notes.
Per the release notes, depending on the nature of the update you may want to upgrade existing Cloud Connector clusters by deploying new/updated appliances to replace the old images. (Suggested options of accomplishing this will be documented in a future article). In general though, Zscaler’s recommendation is to always be running the latest AMI/VM. If there is a specific new feature requirement/bug impacting an existing customer deployment, that may also be a driver to update.
Zscaler provides automation templates CFT/Terraform (AWS) and Terraform/managed app (Azure) that, when run, will always pick up the Latest VM version so there is no customer action needed when deploying new VMs as long as they are deploying the latest automation templates. Locating your current virtual machine version can be accomplished a few different ways and also varies between AWS and Azure.
You can locate all current and historical marketplace OS/VM versions and corresponding AMIs per region in the AWS marketplace here. From this example screenshot, you can see at the time of this article the latest AWS image is software version: ZS184.108.40.206 and corresponding AMI in region US West 2 is ami-08811594b4563ee8e.
You can then verify what version you have deployed in the AWS Console for any running Cloud Connector EC2 instances.
Azure does not make viewing a Virtual Machine image version from the Azure Portal very easy. From any VM Overview, they only display Publisher, Offer, and Plan details.
To locate the currently deployed version for this Offer, the easiest option is to query via AZ CLI. This can be done from a local system with AZ CLI installed and able to successfully authenticate with “az login”. Then, run the following commands:
az vm image show --urn zscaler1579058425289:zia_cloud_connector:zs_ser_gen1_cc_01:latest <<< will provide all information about the latest VM offering version. You can then search for the latest Version in the “id” attribute. The output below from the command shows the latest version is “24.2.7”.
az vm list -g “resource group name” | grep -A 9 imageReference <<< check that “exactVersion” for the currently deployed Cloud Connector appliances matches the previous latest version.