Product architecture
Table of Contents
Product architecture
Prisma Cloud offers a rich set of cloud workload protection capabilities.
Collectively, these features are called Compute.
Compute has a dedicated management interface, called Compute Console, that can be accessed in one of two ways, depending on the product you have.
- Prisma Cloud Enterprise Edition— Hosted by Palo Alto Networks. Prisma Cloud Enterprise Edition is a SaaS offering. It includes both the Cloud Security Posture Management (CSPM) and Cloud Workload Protection Platform (CWPP) modules. Access the Compute Console, which contains the CWPP module, from theComputetab in the Prisma Cloud UI.
- Prisma Cloud Compute Edition- Hosted by you in your environment. Prisma Cloud Compute Edition is a self-hosted offering that’s deployed and managed by you. It includes the Cloud Workload Protection Platform (CWPP) module only. Download the Prisma Cloud Compute Edition software from the Palo Alto Networks Customer Support Portal. Compute Console is delivered as a container image, so you can run it on any host with a container runtime (e.g. Docker Engine).
The following table summarizes the differences between the two offerings:
Capabilities | Prisma Cloud Enterprise Edition | Prisma Cloud Compute Edition |
|---|---|---|
Management interface | Hosted by Palo Alto Networks (SaaS). | Deployed and managed by you in your environment (self-hosted). |
Modules | CSPM and CWPP. | CWPP only. |
Security agents | Deployed and managed by you. | Deployed and managed by you. |
User management | Configure single sign-on in Prisma Cloud. | Configure single sign-on in Prisma Cloud Compute Edition.
Compute Console exposes additional views for Active Directory and SAML integration when it’s run in self-hosted mode. |
Multi-tenancy | Supported by Palo Alto Networks Hub. | Supported by a feature called Projects.
Projects are enabled in Compute Edition only.
It’s disabled in Enterprise Edition. |
Accessing Compute in Prisma Cloud Enterprise Edition
In Prisma Cloud, click the
Compute
tab to access Compute.You must have the Prisma Cloud System Admin role.
Access is denied to users with any other role.
The following screenshot shows the Prisma Cloud administrative console.
The format of the URL is:
https://app<opt-num>.<opt-region>.prismacloud.io
The following screenshot shows the Compute tab on Prisma Cloud.
To access the Compute tab, you must log in to the Prisma Cloud administrative console; it cannot be directly addressed in the browser.
image::prisma_cloud_arch2.png[width=800]
You can find the address of Compute Console in Prisma Cloud under
Compute > Manage > System > Utilities
.
The address for Compute Console has the following format:https://<region>.cloud.twistlock.com/<customer>
The following Compute components directly connect to the Compute console address provided above:
- Defender, for Defender to Compute Console connectivity.
- twistcli
- Jenkins plugin
- Compute API
Accessing Compute in Prisma Cloud Compute Edition
In Compute Edition, Palo Alto Networks gives you the management interface to run in your environment.
In this setup, you deploy Compute Console directly.
There’s no outer or inner interface; there’s just a single interface, and it’s Compute Console.
Compute Console’s address, whether an IP address or DNS name, is used for all interactions, namely:
- GUI access from a web browser.
- Defender to Compute Console connectivity.
- twistcli
- Jenkins plugin
- Compute API