Instrumenting Deployed App Connectors

A common question arises around support for installing agents - security, logging, telemetry, etc. - on the App Connectors. This is generally permitted, as long as the agent(s) are not directly or indirectly interfering with the connector connectivity / function within the ZPA service. Zscaler does not offer direct support for third-party agents on App Connectors - i.e. we’re not going to provide guidance or troubleshooting for how to set up SNMP on an App Connector - but we don’t prohibit it, either. Or to put it another way, installing additional agents is not unsupported, it’s just out of scope for Zscaler support.

Under Zscaler’s shared-responsibility model, Zscaler is responsible for the function and updating of the Zscaler packages on the App Connector, and the customer is responsible for updates and management of the OS. Our prebuilt images (OVA, AMI, Azure Marketplace App) are provided “as is” - they block all inbound connections and are limited in the services they run, so you just need to ensure the OS is patched. If you deploy via RPM on your own RHEL / CentOS images, it’s up to you to limit running services and security harden your images, as well as maintain the OS. In either case, when installing additional agents, you should carefully consider their impact on the security posture of the Connector.

So, whether you have deployed the App Connector via a Zscaler pre-built image, or via an RPM deployment on your own Linux instance, you may install whatever tools you deem necessary… As long as they don’t interfere with the operation of the connector software package itself! That includes required connectivity, bandwidth for traffic, CPU utilization, memory utilization, sockets, etc. You can find our Connector specifications and sizing requirements in our App Connector Deployment Prerequisites.

Also, if there are specific use cases for App Connector monitoring that you’d like to see more fully implemented / supported by Zscaler, please share that feedback with us so we can consider it for future product enhancements…