Understand what’s included in a SecureDynamics-delivered ZPA Advanced deployment, purpose-built for enterprise environments requiring advanced segmentation, multi-IdP authentication, secure remote access, and phased complex rollouts.
🧭 Overview
This article outlines the technical scope and delivery model for a Zscaler Private Access (ZPA) Advanceddeployment delivered by SecureDynamics. Designed for large and complex organizations, this engagement includes deep design consulting, connector strategy, Zero Trust segmentation, privileged access use cases, and support for secure rollout across multiple apps, users, and regions.
SecureDynamics is a Zscaler Delivery Services Authorized Partner, and our ZPA Advanced engagements are fully remote, hands-on, and aligned with Zscaler’s Zero Trust architecture standards—augmented by our enterprise-grade deployment methodology.
🛠 Engagement Scope Summary
| Category | SecureDynamics ZPA Advanced Deployment |
|---|---|
| Product Scope | ZPA only (Zscaler Private Access) |
| Delivery Model | Remote, hands-on |
| Engagement Duration | Up to 40 business days from kickoff |
| User Rollout | Enterprise-wide (Pilot + Production Phases) |
| Project Management | ✅ Included |
| Assigned Team | Zscaler-certified Engineer + Project Manager |
| Customer Responsibility | Provide server/application inventory, test users, IdP integration details, and resource access for App Connectors |
✅ Configuration Scope – What’s Included
SecureDynamics configures your ZPA environment based on Zscaler’s Advanced-tier blueprint and enterprise deployment best practices. The following are typically included:
| Configuration Element | Included |
|---|---|
| Authentication Integration | Multiple IdPs supported (SAML, SCIM, Azure AD, Okta) |
| App Connector Deployment | Unlimited App Connector groups and VMs across multiple data centers/clouds |
| Segment Groups | Advanced segmentation design with unlimited groups |
| Server Groups & Applications | Unlimited applications and custom access groupings |
| Privileged Remote Access (PRA) | Full support (if licensed) |
| Browser Access | Tuned policy and access support for web-based apps |
| Posture Control | Integration with posture profiles, EDR tools, and advanced device trust |
| Access Policies | Role- and attribute-based policies, layered by app and user context |
| Zero Trust Workflows | ZTNA policy layering, multi-factor workflows, and least privilege enforcement |
| Pilot Rollout | Structured pilot execution with test plans and phased production onboarding |
| Custom Reporting | Dashboards, alert policies, and access reports tailored to stakeholders |
| Cloud & Hybrid Architecture | Cloud connector support, hybrid DC integration |
📌 All design decisions and configurations are captured in a High-Level Design (HLD) and Low-Level Design (LLD) document.
📄 Key Deliverables
-
✅ High-Level Design Document (HLD)
-
✅ Low-Level Design Document (LLD)
-
✅ Final ZPA Design Document
-
✅ Pilot Test Plan and Support
-
✅ ZPA Production Rollout Support
-
✅ Zscaler Mission Critical Audit (ZMCA)
-
✅ Project Summary Report
-
✅ Handoff to Zscaler Support
❌ What’s Not Included
| Not Included | Explanation |
|---|---|
| ZIA or ZDX Configuration | Scope is strictly ZPA |
| On-Site Services | This engagement is 100% remote |
| SIEM/SOAR/EDR Integrations | May be scoped separately if required |
| Tunnel 2.0 & ZPA-to-ZPA Routing | Requires scoping beyond standard ZPA setup |
| End-User Training | Not part of the base package (can be scoped as add-on) |
| Post-Engagement Support | Ongoing operations or support must be scoped separately |
📌 Additional Notes
-
This is a time-bound, use-it-or-lose-it engagement, delivered within 40 business days.
-
Mutually agreed-upon exceptions to the delivery timeline can be made but should be discussed prior to purchase.
-
Requires active customer participation throughout planning, testing, and rollout.
-
Designed for customers with complex environments, regulatory requirements, and advanced Zero Trust segmentation needs.