ZPA – Network Jigsaw

zpa-casestudy

Over the years we have designed and implemented a variety of Disaster Recovery (DR) environments and processes for customers to meet their requirements. These DR projects have ranged from Active/Active data centres or Primary/DR data centres to application specific DR.

The latest DR project we were involved in was for a government department who host their applications in Microsoft Azure. The requirement was that in the event of a disaster at their primary Azure Region to be able to spin up their applications and infrastructure in another Azure region within their DR Recovery Time Objective (RTO).

For the customer’s external facing applications we used native Azure front-door functionality such as Azure Traffic Manager to failover DNS between regions so this was relatively straight forward to redirect traffic once the application had been spun-up. However for the internal applications we needed another method to fail traffic over because these applications were not exposed to the Internet.

Enter Zscaler Private Access (ZPA). ZPA is a cloud service from Zscaler which provides Zero-Trust Network Access (ZTNA) to internal applications hosted on-premise or in the public cloud. We had already deployed ZPA for the customer 18 months ago to provide users access to internal applications in Azure. So to provide DR for internal applications we leveraged the customer’s existing investment in ZPA.

One of the key customer requirements was for zero infrastructure costs in the DR Azure region so for DR testing or for an actual DR event we would spin up the infrastructure on-demand. Another requirement was that the RTO for their applications must be within 3 hours.

We were able to stand up a configured Zscaler connector within 30 minutes and fail all traffic that currently traversed the Zscaler connectors in Azure region A to the DR Zscaler connector in Azure region B.

Using ZPA for disaster recovery of the customer’s internal applications allowed us to achieve their key DR requirements for cost and RTO whilst also providing an easy set of steps for DR testing or an actual DR event. Another requirement we were also able to achieve was per-application DR, which was desirable but not a mandatory requirement as the customer did not think we would be able to achieve because of duplicate IP addressing. The fact that ZPA is not a network based VPN enabled us to achieve per-application DR.

If you’d like to talk Zscaler Private Access get in touch.

Alex

News

01/07/19

Awarded contract with the Welsh Revenue Authority to provide cloud network services and consultancy.

04/06/19

Awarded contract with Capgemini to provide Zscaler consultancy.

27/02/19

We specialize in Zscaler Internet and Private Access design, implementation and support. All engineers are Zscaler certified (ZCCA-IA | ZCCA-PA | ZCTA)

17/01/19

We are now a supplier on the ADIRA framework for the Welsh public sector.

21/10/18

We are at Zenith Live 18 this week checking out new Zscaler features and roadmap as well as testing SD-WAN integration with Cisco Viptela and Riverbed. #zenithlive18

01/10/18

We are now a Crown Commercial Service supplier under the Digital Outcomes and Specialists 3 framework.

26/06/18

Training – We provided knowledge transfer and training of Zscaler Internet Access and Private Access services to the organisation’s insourced IT team.

Category: ZPA

Zscaler – Disaster Recovery using ZPA