Prisma Access
Private Application Target Discovery
Table of Contents
Expand All
|
Collapse All
Prisma Access Docs
-
-
- Prisma Access China
- 4.0 & Later
- 3.2 Preferred and Innovation
- 3.1 Preferred and Innovation
- 3.0 Preferred and Innovation
- 2.2 Preferred
-
-
-
- 5.2 Preferred and Innovation
- 5.1 Preferred and Innovation
- 5.0 Preferred and Innovation
- 4.2 Preferred
- 4.1 Preferred
- 4.0 Preferred
- 3.2 Preferred and Innovation
- 3.1 Preferred and Innovation
- 3.0 Preferred and Innovation
- 2.2 Preferred
Private Application Target Discovery
Discovery of private applications by ZTNA Connector.
Where Can I Use This? | What Do I Need? |
---|---|
|
|
In a modern networking infrastructure, thousands of private applications
are deployed across on-premises and in multicloud data centers. The networking
teams are not aware of the applications running in their network or within a
particular subnet in the network leading to a lack of application visibility.
To provide a secure access to applications, you have to manually enter the
FQDN, port, application, and be aware of the dependency this application has on the
other applications.
Private application target discovery provides a way to discover the
applications hosted in the cloud environment and allows those applications to be
onboarded on the ZTNA Connector solution. It also connects to the cloud provider
network, does the discovery, and stores it in the database. It also provides APIs to
the different services to get the discovered applications. If the user has only a
service connection instead of a ZTNA Connector, only application targets are
discovered.
The private application target discovery identifies:
- FQDN
- Port of the application
- Protocol of the application
Make sure you activate cloud identity engine (CIE) before you
enable the private application discovery feature.
Complete the following steps to add a cloud account, an IAM role in AWS, and discover
the target applications.
- Get the CloudFormation template (CFT) to add a cloud account.
- Navigate to Application Targets(WorkflowsZTNA ConnectorApplication Targets).On the Application Targets page, select Discovered Targets, and then select Manage Target Discovery Accounts.Select Enable Target Discovery, and then select Enable.On the Manage Target Discovery Accounts page, select Add Cloud Account.Add the Account Name, and click the check box under Cloud Account Enabled. Add the AWS Account ID , and click Download IAM Role CFT to download the file.Create the IAM role in AWS.
- Navigate to the AWS application, select your account, and Sign in.Navigate to CloudFormationStacksCreate stackWith new resources (standard) to create the stack.On the Create stack page, under Prerequisite-Prepare template, select Choose an existing template. Under Specify template, select Upload a template file. Upload the previously downloaded file in Step 1, and select Next.Add Stack name, AppDisRoleName, and select Next.On the Configure stack options page, don't make any updates, and select Next.Review the changes. Select the check box under Capabilities to acknowledge the creation of IAM resources with custom names, and then select Submit.Navigate to IAMRoles and search for the role name you defined. Select the role name and copy the ARN for the role.Paste the ARN in the IAM Role ARN text field, and then select Verify. When the ARN is verified, select Save.If you add a wrong ARN in the IAM Role ARN text field, the verification fails and an error message appears.After you add the account, you can see the status, account ID, and other details. The refresh period for the discovery is 24 hours. You can also add multiple accounts to the same tenant.To identify the discovered apps, select Discovered Targets. You can find the list of identified applications under Discovered Application Targets.(Optional) Delete the cloud account.To delete your cloud account and add a new one without disabling target discovery, follow this procedure. However, these steps are mandatory if you want to disable target discovery functionality.
- Under Manage Target Discovery Accounts, click the Account Name that you want to delete.Disable Cloud Account Enabled, and select Update. When the account is updated, select Delete. The account is deleted.(Optional) Disable target discovery.Make sure all the cloud accounts are deleted before you disable the target discovery.
- Select Disable Target Discovery, and then select Disable Target Discovery.