Aviatrix aims to bring multi-cloud networking, security, and operational visibility capabilities that enterprises customers require. Aviatrix software leverages public cloud provider APIs to interact with and directly program native cloud networking constructs, abstracting the unique complexities of each cloud to form one network data plane, and adds advanced networking and security features.
N/A
Zscaler Private Access
Score 8.9 out of 10
N/A
Zscaler Private Access™ (ZPA) gives users secure access to private apps and OT devices while enabling zero trust connectivity for workloads.
This product offers simple ways to manage network routing between public cloud, on-prem, and external network. It has built-in options to secure network traffic, as well as option to direct traffic to 3rd party security products for a more advanced traffic inspection. The core function works and is easy to operate. On the other hand, I am unable to give it more than 7-star because some useful features are lacking. This includes lack of customization in email alerting, IPS policy management, and temproarily admin-down of an established site to site VPN connection.
Zscaler Private Access works really well in environments setup for FQDNs and where you know what users should/shouldn't be accessing on what ports. You can use Zscaler Private Access to figure out these kinds of features but that doesn't always mean you'll be correct. It also provides a consistent experience for users as they can access their materials anywhere. It also makes the user the last line of defense. If a user's account is compromised then the attacker has access to everything they already did. It doesn't work great in OT environments or Server based environments. Flows have to be initiated from the client and not the server for stuff to behave properly.
With a few very easy steps to establish routing between AWS VPC
Easy procedures to establish site to site VPN connection with external parties.
Provide network access control on routing traffic using its own build-in firewall inspection or directing traffic to 3rd party NGFW for full stack inspection.
Application Segmentation and Listener Configuration - The way applications are defined and listened for is fundamental to ZPA, but can be a source of frustration, especially when dealing with legacy or non-HTTP protocols
The ZCC is the user's primary gateway, but its control over local system network behavior can sometimes clash with enterprise requirements.
The core function of the product works very well. It really makes network traffic management easy in public clound, as well as crossing different public and private cloud platform.
The environment feels more secure, and we are seeing that users are adapting to it fast. The fact that we have tools to assist the users with their day-to-day access helps, as we can hand it off to the helpdesk without any escalations to the Network team. It is a work in progress for our agency, but we are seeing the benefits from the solution.
We initially tried using the native routing funcitons in AWS (transit gateway) and in Azure (virtual network). While those native options worked, it became difficult to opeate when we tried to impose security inspection on the routing traffic. This leads us to the Aviatrix solution.
Well ZPA is a good solution, however everyone has their own advantage and disadvantages, with ZPA you can deploy ZTNA model, which will help you better control on access, however Palo Alto, Fortinet they are also market leading firewall solution, and you can not deny if they are not providing the same features.
Reduce labor hours for network admin to manage public clound network routing policy.
Build-in security features may be good enough for small/medium size companies, and thus saving money from full funciton NGFW solution.
The Cost-IQ feature enable one to capture traffic volume of each VPC. This provides one way for the enterprise to perform cost charge back to various business funcitons at the VPC level.
Positive: We have now charged users internally for the service
Negative: Dealing with users who also have the Zscaler Client Connector for their company, can cause confusions
Negative: Enabling the Zscaler Internet Access entitlement has been a major headache for us because Zscaler Private Access users can't autheniticate through ZIA on a non corporate device.
