Prisma Access Infrastructure Management
Focus
Focus

Prisma Access Infrastructure Management

Table of Contents

Prisma Access Infrastructure Management

Prisma Access uses a shared ownership model. Palo Alto Networks manages the underlying security infrastructure, ensuring it is secure, resilient, up-to-date and available to you when you need it. Your organization’s responsibility is to onboard locations and users, push policies, update them, query logs, and generate reports.
Palo Alto Networks manages the following parts of the security infrastructure. In addition to the security infrastructure, Prisma Access manages the cloud infrastructure components:
  • Prisma Access
  • Strata Logging Service—We manage the delivery mechanism for logs.
  • Content Updates—We manage the updating of the Prisma Access infrastructure, including PAN-OS updates. For your mobile users, Prisma Access hosts several versions of the GlobalProtect app and you can select the active GlobalProtect app version from that list.
  • Fault Tolerance—We manage the availability of the service.
  • Auto Scaling—We automatically scale the service when you add service connections or remote networks, or when additional mobile users log in to one or more gateways in a single region.
  • Provisioning—We provision the infrastructure with everything that is required.
  • Service Monitoring—We monitor the service status and keep it functioning.
  • Compute Location Mapping—Each Prisma Access location is mapped to security compute location based on optimized performance and latency, which means that, unless otherwise modified by a system administrator, the traffic in certain countries will be directed to a defined compute location. See the Prisma Access Privacy Data Sheet for the location-to-compute location mapping.
Your organization manages the following components of the security infrastructure.
  • Users—You manage the onboarding of mobile users.
  • Authentication—You manage the authentication of those users.
  • Mobile device management (MDM)—You can control your organization's mobile devices that are protected with Prisma Access using your own MDM software.
  • Panorama and Cloud Services plugin—You make sure that the Panorama on which the Cloud Services plugin is installed is running a Panorama version that supports the Cloud Services plugin. In addition, you upgrade the Cloud Services plugin in Panorama after we inform you that a new plugin is available.
  • Policy creation and management—You plan for and create the policies in Panorama to use with Prisma Access.
  • Log analysis and forensics—Prisma Access provides the logs, you provide the analysis and reporting, using integrated tools provided by us or by another vendor.
  • On-premises security—You provide the on-premises security between micro-segmentations of your on-premises network. In some deployments, you can also direct all traffic to be secured with Prisma Access.
  • Networking—You provide the network connectivity to Prisma Access.
  • Monitoring—You monitor the on-premises network’s status.
  • Service Connectivity—You provide the connectivity to the Prisma Access gateway for mobile users (for example, provide an ISP), and you also provide the on-premises devices used as the termination points for the IPSec tunnels used by service connections and remote network connections.
  • Onboarding—You onboard the mobile users, HQ/Data center sites, and branch sites.