ZPA cloud connector in 3rd party IaaS/SaaS

Hi, we are provider of cloud application, so far we have been connecting clients with our cloud infra using site 2 site VPN.

Now, one of new clients is using ZScaler and asking if we could establish for them ZPA app connector in our cloud to enable them access to their application tenatn. The goal is to avoid using VPN connectivity and leverage existing client’s ZScaler estate to enable secure network.

Could you please point me to any materials regarding such a setup?

Hi Tomasz,

Just a quick note on terminology. You mention ‘Cloud Connector’ in your post subject and then ‘ZPA App Connector’ in the post itself. It’s worth noting that these are 2 separate components that fulfil 2 different role’s:

  • Cloud Connector - Provides secure outbound connectivity from Azure & AWS for workloads connecting to the internet via Zscaler Internet Access (ZIA) or to private apps running in cloud or on prem via Zscaler Private Access (ZPA).

  • App Connector - Provides secure ‘inbound’ connectivity to private apps running in cloud or on prem, that are being accessed via Zscaler Private Access (ZPA).

From your description, it sounds like you need to deploy an app connector to provide connectivity from your client to your hosted app.

Details on deploying ZPA App Connectors can be found on our help site. A range of platforms are supported which are all documented in the link below.


One key point when using ZPA as a Site-to-site VPN replacement… ZPA does not join 2 networks together. It brokers granular client to app connectivity. Therefore, bear in mind that ZPA only supports Client Initiated sessions, so please ensure your application is suitable.

I hope this helps. Best regards, Marc

1 Like

Thanks MarcDavis for help on this. I will go through documentation.

1 Like

This topic was automatically closed 5 days after the last reply. New replies are no longer allowed.