Prisma Access Infrastructure Management
Prisma Access uses a shared ownership model. Palo Alto
Networks manages the underlying security infrastructure, ensuring
it is secure, resilient, up-to-date and available to you when you
need it. Your organization’s responsibility is to onboard locations
and users, push policies, update them, query logs, and generate
reports.
Palo Alto Networks manages the following parts of the security
infrastructure. In addition to the security infrastructure, Prisma
Access manages the
cloud infrastructure
components:
Prisma Access
Strata Logging Service—We manage the delivery mechanism
for logs.
Fault Tolerance—We manage the availability of the
service.
Auto Scaling—We automatically scale the service when
you add service connections or remote networks, or when additional mobile
users log in to one or more gateways in a single region.
Provisioning—We provision the infrastructure with
everything that is required.
Service Monitoring—We monitor the service status and
keep it functioning.
Compute Location Mapping—Each Prisma Access location
is mapped to security compute location based on optimized performance
and latency, which means that, unless otherwise modified by a system
administrator, the traffic in certain countries will be directed
to a defined compute location. See the
Prisma Access Privacy Data Sheet for
the location-to-compute location mapping.
Your organization manages the following components of the security
infrastructure.
Users—You manage the onboarding of mobile users.
Authentication—You manage the authentication of those
users.
Mobile device management (MDM)—You can control your
organization's mobile devices that are protected with Prisma Access using
your own MDM software.
Policy creation and management—You plan for and create
the policies in Panorama to use with Prisma Access.
Log analysis and forensics—Prisma Access provides
the logs, you provide the analysis and reporting, using integrated
tools provided by us or by another vendor.
On-premises security—You provide the on-premises security
between micro-segmentations of your on-premises network. In some
deployments, you can also direct all traffic to be secured with
Prisma Access.
Networking—You provide the network connectivity to
Prisma Access.
Monitoring—You monitor the on-premises network’s status.
Service Connectivity—You provide the connectivity
to the Prisma Access gateway for mobile users (for example, provide
an ISP), and you also provide the on-premises devices used as the
termination points for the IPSec tunnels used by service connections
and remote network connections.
Onboarding—You onboard the mobile users, HQ/Data center
sites, and branch sites.