FAQ: FedRAMP Moderate Customers TSG Migration and SASE Platform
Frequently asked questions regarding changes to the hub, apps,
subscription management, tenant management, TSG migration, identity and access management,
and more for FedRAMP Moderate.
The following topics address frequently asked questions regarding changes to
the hub, apps, subscription management, tenant management, identity
and access management, and more.
As you might have heard, the Strata Cloud Manager for Prisma Access is going
live in January 2024. Beginning January 2024 we will start transitioning active
FedRAMP Moderate Prisma Access customers to the Strata Cloud Manager.
What is the SASE Platform?
You will see a new and revamped user-friendly process and management
interface providing a natural SaaS activation experience. We have created
sase.paloaltonetworks.com as a single location to access and manage
anything and everything related to SASE for FedRAMP Moderate.
This page has three main components:
-
Subscription management: You will be able to manage all the
available licenses from a single pane of glass. You can view the status and
activate all your available licenses. You can request evaluation to
production conversions from the product. There will be automatic detection
of activation failure and you can raise TAC tickets from the product.
-
Tenancy management: You will have the ability to create and
manage multiple tenants, build a hierarchy, and share and allocate license
subscriptions for the desired tenants.
-
Identity and access management: This is a centralized authentication
and authorization page to allow you to add user roles and permissions, for
all applications and API-based access.
What does this transition mean to existing customers activated before January
2024?
In the back-end, we are migrating all existing FedRAMP Moderate tenants in waves
starting from January 2024 to use
sase.paloaltonetworks.com.
What does this migration mean?
In the backend, we are migrating FedRAMP Moderate Prisma Access
tenants to a TSG (Tenant Service Group) in phases to begin in January 2024.
-
A TSG is like a container that contains an instance of multiple
products. For example, one TSG will contain a Prisma Access
instance, a Strata Logging Service instance, and a CDSS service
instance.
-
You will have access to the Identity and Access module for user
roles and permissions and access to APIs from a centralized API gateway.
-
You won't have any service disruption or any impact on infra or
dataplane.
What will you see after this transition?
-
You will manage all new license activations from the subscriptions
and tenants page on
sase.paloaltonetworks.com. This
page will handle all license activations, and provide the ability to manage
multiple tenants.
- You will manage all existing users on the Palo Alto Networks via the Strata Cloud Manager. You will have to make any changes to the users and roles on
the Identity and Access Management module on sase.paloaltonetworks.com going forward. In the backend, we are
mapping existing user roles to the same or similar role on the Identity and
Access Management page.
Any other references?
Refer to more information about TSG and Strata Cloud Manager: