Deployment

Following the 3 steps below, we can evaluate your current security posture, forward traffic to the Zscaler service, and have applicable policies secure and restrict access to the Internet.

We will deploy a lightweight agent, the Zscaler Client Connector, to an end-user macOS or Windows device.  Once authenticated with Zscaler, all HTTP and HTTPS to the public Internet will go through the Zscaler Internet Access platform.

1  Analyze your security posture

Before deploying Zscaler, we can quickly analyze the effectiveness of your current solution with stopping threats, protecting your users and safeguarding your company's intellectual property.

Run security preview

2  Send traffic through Zscaler

Supporting Windows, macOS, iOS, and Android, Zscaler Client Connector works with Zscaler Internet Access to deliver our security platform from the cloud, so users globally get in-depth, always-on protection.

WINDOWSmacos

3  Authenticate with Zscaler

Referencing the email sent to by your Zscaler Sales Engineer, login to the Zscaler Client Connector using either the Normal or Restricted Internet User account. The differences between these account types  is discussed in User Experience.

What we're doing

1  Security Preview

Zscaler Security Preview runs a series of browser-based tests to quickly check for vulnerabilities in your current Internet security infrastructure. Twelve of these tests are focused on security threats, and three of them are focused on data protection. Note that Security Preview runs in your browser, won’t access any data, and won’t introduce malware or change any settings. You may see alerts in your security system.

We'll come back to Security Preview during the User Experience phase, allowing us to compare results both with and without the Zscaler service in place.

2  Zscaler Client Connector

The Zscaler Connector forwards all HTTP and HTTPs traffic from a user device to the nearest Zscaler cloud datacenter. Additionally, the Zscaler Client Connector automatically installs the root SSL certificate which gives Zscaler the ability to inspect HTTPS traffic.

In a production deployment the Zscaler Client Connector can be deployed centrally and be enforced to prevent users from disabling or uninstalling the service.

The Zscaler Client Connector is only one of several deployment methods Zscaler has available. Customers may deploy with any combination of GRE and IPsec VPN tunnels, the Zscaler Client Connector, and PAC files, depending on their requirements and user deployment.

3  Authenticate with Zscaler

We sent you an email which contains several login credentials. For the purposes of testing we can use the executive, sales, or contractor logins. Once logged into the Zscaler Client Connector, all HTTP and HTTPS traffic from the user device will be identified for policy application and reporting as the logged-in user.