Zscaler: Secure Private Application Access in China with Z-Connector

Name: Zscaler: Secure Private Application Access in China with Z-Connector
Uploaded: 2026-06-30T11:12:15-04:00
Duration: 3 min 15 s
Description: Granting secure access to private applications in China is no longer a challenge with Zscaler's Zero Trust Network Access (ZTNA) solution. In this video, Henry, Principal Solution Consultant at Zscaler, introduces the Z-connector, a key component desi...

Zscaler

06/30/2026

0 (0%)

Report Like Favorite

Transcript

We just discussed how we solve the internet access issue for the users in China. Now let's dive a little bit deeper into how we can allow the user to access applications that you are hosting. The applications can be hosted inside your China data centers. It can also be hosted in the data centers outside of China. For resolving that, we are going to introduce a component called Z-Connector. The Z-Connector can be a piece of software, can be a virtual machine, can be hardware or a docker container. You need to place it inside a data center and that connector will have the access to your private applications. They will report the reachability of those applications to the Zscaler nodes, the Zscaler data center, so that once the user is trying to access a private application, the Zscaler nodes will know which app connector should be serving this user, this particular user. And that chosen app connector will be sending out the traffic, outbound only traffic, towards the Zscaler Zero Trust Exchange to serve the user. Basically, that connection will happen at the Zscaler Zero Trust Exchange closer to the user. One thing to note is that this outbound only connectivity is bringing you the following benefits. First, you don't have to have the VPN anymore. And by doing that, you are also eliminating the attack surface here. That also means for China particularly, you are avoiding the ICP filing and public IP exposure of the China internet. And for the global situation, it's similar. You're going to have another Zconnector in the global data center, which have the access to the applications. The only thing special here is that, as I mentioned earlier, the Zconnector always needs to connect to the service edge closer to the user to serve the user. So that situation will be the Zconnector outside of China will reach out to this special link that we are building in order to reach the Zscaler nodes inside China to serve the user. And now by looking at this, your user here will have access to everything that they need, internet, private application. That's about it. And once you have it, you want to extend that same connectivity also to the users inside, on site. It could be in the branches. It could be in the factories to have them having a direct connectivity from the branches to the Zero Trust Exchange. With that in place, it helps you to simplify or isolate your user traffic from the branches as well. That also means on the SD-WAN side, you will see a dramatic drop of amount of traffic going through your SD-WAN because the user here only requires a normal internet, just like they are at home, to access the Zscaler nodes to access the application that they need. That's basically how we solve it for the users for all the private access and internet access.

TL;DR

Z-Connector deploys inside data centers as software, VM, hardware, or container to broker secure access to private applications without exposing them to the internet.
Outbound-only connectivity eliminates VPN requirements, removes attack surfaces, and avoids China-specific ICP filing and public IP exposure obligations.
Cross-border application access uses a special link allowing Z-Connectors outside China to reach Zscaler nodes inside China to serve local users.

Summary

This technical walkthrough demonstrates how Zscaler's Z-Connector enables secure access to private applications for users operating in China. The Z-Connector, deployable as software, virtual machine, hardware appliance, or Docker container, establishes outbound-only connections to the Zscaler Zero Trust Exchange, eliminating the need for traditional VPN infrastructure and removing external attack surfaces. For applications hosted outside China, the Z-Connector leverages a special cross-border link to reach Zscaler nodes within China, ensuring users can access global resources seamlessly. The architecture extends beyond individual users to branch offices and factories, allowing site-based connectivity that dramatically reduces SD-WAN traffic by routing user requests through standard domestic internet to the Zero Trust Exchange. This approach specifically addresses China's regulatory requirements by avoiding ICP filing obligations and public IP exposure while maintaining secure, compliant access to both local and global private applications.

Chapters

0:00 - Introduction and Context
0:29 - Z-Connector Overview
1:24 - Security Benefits
2:25 - Branch and Factory Extension

Key Quotes

1:29 "First, you don't have to have the VPN anymore. And by doing that, you are also eliminating the attack surface here."
2:52 "You will see a dramatic drop of amount of traffic going through your SD-WAN because the user here only requires a normal internet, just like they are at home, to access the Zscaler nodes."

FAQ

What deployment options are available for the Z-Connector?

The Z-Connector can be deployed as a piece of software, a virtual machine, a hardware appliance, or a Docker container, providing flexibility to match existing infrastructure and operational preferences within your data centers.

How does this solution address China's ICP filing requirements?

Because the Z-Connector uses outbound-only connections and doesn't require public IP addresses or inbound internet exposure in China, organizations can avoid the ICP filing process that would otherwise be required for hosting internet-facing services.

Categories:

Tags:

Show more Show less

Browse videos

Upcoming Webinar Calendar

07/01/2026

04:00 AM

07/01/2026

Integrating Security in AI: Automated Red Teaming Strategies for Private Models

https://www.truthinit.com/index.php/channel/1969/integrating-security-in-ai-automated-red-teaming-strategies-for-private-models/
07/01/2026

04:00 AM

07/01/2026

Schutz von KI in Anwendungen, Agenten und APIs.

https://www.truthinit.com/index.php/channel/2008/schutz-von-ki-in-anwendungen-agenten-und-apis/
07/01/2026

01:00 PM

07/01/2026

How to Prevent Your AI from Outsmarting You

https://www.truthinit.com/index.php/channel/2021/how-to-prevent-your-ai-from-outsmarting-you/
07/02/2026

10:00 AM

07/02/2026

Insights on Resilience from Hybrid Threats in a Dark Cloud Environment

https://www.truthinit.com/index.php/channel/2011/insights-on-resilience-from-hybrid-threats-in-a-dark-cloud-environment/
07/08/2026

02:00 PM

07/08/2026

Understanding the Essential Role of Context in AI Data

https://www.truthinit.com/index.php/channel/2037/understanding-the-essential-role-of-context-in-ai-data/
07/09/2026

01:00 PM

07/09/2026

The HUMAN Experience: Empowering Agentic Trust in Practice

https://www.truthinit.com/index.php/channel/2026/the-human-experience-empowering-agentic-trust-in-practice/
07/14/2026

01:00 PM

07/14/2026

Crafting a Championship-Worthy Security Team for Maximum Defense Effectiveness

https://www.truthinit.com/index.php/channel/2025/crafting-a-championship-worthy-security-team-for-maximum-defense-effectiveness/
07/21/2026

04:00 AM

07/21/2026

Strategies for Managing AI Governance and Securing App-to-LLM API Traffic

https://www.truthinit.com/index.php/channel/1967/strategies-for-managing-ai-governance-and-securing-app-to-llm-api-traffic/
07/21/2026

01:00 PM

07/21/2026

HUMAN Dialogue: Insights from Attackers During the FIFA World Cup

https://www.truthinit.com/index.php/channel/2029/human-dialogue-insights-from-attackers-during-the-fifa-world-cup/
07/22/2026

06:30 AM

07/22/2026

Insights and Strategies for Mastering the DPDP Framework

https://www.truthinit.com/index.php/channel/2000/insights-and-strategies-for-mastering-the-dpdp-framework/
07/28/2026

01:00 PM

07/28/2026

Illumio + Netskope: Zero Trust in the Age of AI Autonomy

https://www.truthinit.com/index.php/channel/2031/illumio-netskope-zero-trust-in-the-age-of-ai-autonomy/
07/29/2026

04:00 AM

07/29/2026

Real-Time Strategies for Safeguarding Against Prompt Injections

https://www.truthinit.com/index.php/channel/1968/real-time-strategies-for-safeguarding-against-prompt-injections/
08/19/2026

12:00 PM

08/19/2026

Master Agent-Ready Skills in 30 Days with Cyera Agent Security

https://www.truthinit.com/index.php/channel/2036/master-agent-ready-skills-in-30-days-with-cyera-agent-security/
09/30/2026

04:00 AM

09/30/2026

AI Command Center: Optimizing Visibility and Control in Your Operations

https://www.truthinit.com/index.php/channel/2024/ai-command-center-optimizing-visibility-and-control-in-your-operations/