What benefits does Zscaler client connector offer compared to other connectivity options?

Zscaler offers a lot of different ways to connect to their platform (e.g. vendor-agnostic tunnels, virtual appliances, SD-WAN partnerships, etc). One additional method would be the Zscaler Client Connector. In today's article, I'll summarize some of the key benefits for using this connection option.

First things first: what exactly IS the Client Connector? Simply put, it's a lightweight application that installs on the endpoint that provides core connectivity to the Zscaler platform. The idea is that by installing an agent on the user system itself, the user will always have proper/consistent access to Zscaler (and the stuff Zscaler is protecting) regardless of what internet connection the user has.

Basic connectivity is just the start though. Beyond that, the Client Connector app allows Zscaler to implement a variety of host-level features and functionality. Those include:

• Authentication - Having an app installed locally on the endpoint can enable a more seamless authentication experience. So if a user is hopping around between various web browsers and software clients, having something at a lower-level that supports authentication standards like SAML, can help to reduce the amount of times a user would need to authenticate.
• Persistence / Enforcement - Having an app on the system makes things a little easier from a persistence standpoint. The app has features for enforcing mandatory operation, like requiring an admin password prior to uninstalling.
• Flexible connectivity awareness - In some situations, administrators may not want individual tunnels to straight from the app. For example, if users are in a main office an office-wide tunnel may already be in place at an edge perimeter device. The client connector has a feature that enables it to identify a "trusted network" and change the way it connects/functions based on that.
• Certificate trust store update management for Z certs - In order for Zscaler to perform deep inspection on web traffic, the client system needs to trust the Zscaler platform that's assuming the identity of various web sites (proxy-based approach). That trust is established through root certificates deployed on the endpoint. The client connector makes it much easier to distribute and maintain the required Zscaler certs.
• Centralized Administration - Having an agent deployed on the endpoint also allows the Zscaler platform to push updates/changes natively. Things like app updates or Zscaler forwarding configuration changes can be processed through the app.

There are of course, more features and functionality that Zscaler can perform with the client connector. For example, it can collect relevant data points for system/connectivity health (ZDX) and connect users to private applications (ZPA). I'll save that for another day though. 😄