Delving into the ZPA architecture
ZPA only supports communications in the client-to-server direction. Any other models (such as server-to-client, client-to-client, and so on) are not supported by ZPA. Important components of the ZPA architecture are the ZPA Central Authority (CA); ZPA Public Service Edge (PSE); ZCC application; App Connectors; ZPA Tunnels (Z-Tunnels); Microtunnels (M-Tunnels); the logging and analytics cluster; and the Log Streaming Service (LSS).
Let's look at each of the components in detail, beginning with the ZPA CA.
ZPA CA
We already looked at the CA when we learned about the ZIA architecture in Chapter 2, Understanding the Zscaler Modular Architecture. Similarities between both the ZIA and ZPA are that both are multi-tenant, redundant, globally distributed policy engines. However, the main difference is that the central purpose of the ZPA CA is to enable connection requests, in addition to enforcing provisioning policies.
Just as with the ZIA...