Prisma Access Infrastructure Management
It is important to understand who owns and manages the
components in the Prisma Access infrastructure. To see when Prisma
Access updates the components of the cloud infrastructure, see
Releases and Upgrades.
Prisma Access uses a shared ownership model. Palo Alto Networks
manages the underlying security infrastructure, ensuring it is secure,
resilient, up-to-date and available to you when you need it. Your
organization’s responsibility is to onboard locations and users, push
policies, update them, query logs, and generate reports.
Your organization manages the following components of the security
infrastructure:
Users—You manage the onboarding of mobile users.
Authentication—You manage the authentication of those
users.
Mobile device management (MDM)—You can control your
organization's mobile devices that are protected with Prisma Access
using your own MDM software.
Policy creation and management—You plan for and create
the policies in Panorama to use with Prisma Access.
Log analysis and forensics—Prisma Access provides
the logs, you provide the analysis and reporting, using integrated
tools provided by us or by another vendor.
On-premises security—You provide the on-premises security
between micro-segmentations of your on-premises network. In some
deployments, you can also direct all traffic to be secured with
Prisma Access.
Networking—You provide the network connectivity to
Prisma Access.
Monitoring—You monitor the on-premises network’s status.
Service Connectivity—You provide the connectivity
to the Prisma Access gateway for mobile users (for example, provide
an ISP), and you also provide the on-premises devices used as the
termination points for the IPSec tunnels used by service connections
and remote network connections.
Onboarding—You onboard the mobile users, HQ/Data center
sites, and branch sites.
Palo Alto Networks manages the following parts of the security
infrastructure:
Prisma Access
Strata Logging Service—We manage the delivery mechanism
for logs.
Fault Tolerance—We manage the availability of the
service.
Auto Scaling—We automatically scale the service when
you add service connections or remote networks, or when additional
mobile users log in to one or more gateways in a single region.
Provisioning—We provision the infrastructure with
everything that is required.
Service Monitoring—We monitor the service status and
keep it functioning.
Compute Region Mapping—Each Prisma Access location
is mapped to security compute location based on optimized performance
and latency, which means that, unless otherwise modified by a system
administrator, the traffic in certain countries will be directed
to a defined compute location. See the
Prisma Access Privacy Data Sheet for
the location-to-compute region mapping.