Product architecture

Prisma Cloud offers a rich set of cloud workload protection capabilities. Collectively, these features are called
Compute
. Compute has a dedicated management interface, called
Compute Console
, that can be accessed in one of two ways, depending on the product you have.
  • Prisma Cloud Enterprise Edition
     — Hosted by Palo Alto Networks. Prisma Cloud Enterprise Edition is a SaaS offering. It includes both the Cloud Security Posture Management (CSPM) and Cloud Workload Protection Platform (CWPP) modules. Access the Compute Console, which contains the CWPP module, from the
    Compute
    tab in the Prisma Cloud UI.
  • Prisma Cloud Compute Edition
    - Hosted by you in your environment. Prisma Cloud Compute Edition is a self-hosted offering that’s deployed and managed by you. It includes the Cloud Workload Protection Platform (CWPP) module only. Download the Prisma Cloud Compute Edition software from the Palo Alto Networks Customer Support Portal. Compute Console is delivered as a container image, so you can run it on any host with a container runtime (e.g. Docker Engine).
The following table summarizes the differences between the two offerings:
Capabilities
Prisma Cloud Enterprise Edition
Prisma Cloud Compute Edition
Management interface
Hosted by Palo Alto Networks (SaaS).
Deployed and managed by you in your environment (self-hosted).
Modules
CPSM and CWPP.
CWPP only.
Security agents
Deployed and managed by you.
Deployed and managed by you.
User management
Configure single sign-on in Prisma Cloud.
Configure single sign-on in Prisma Cloud Compute Edition. Compute Console exposes additional views for Active Directory and SAML integration when it’s run in self-hosted mode.
Multi-tenancy
Supported by Palo Alto Networks Hub.
Supported by a feature called Projects. Projects is enabled in Compute Edition only. It’s disabled in Enterprise Edition.

Accessing Compute in Prisma Cloud Enterprise Edition

In Prisma Cloud, click the
Compute
tab to access Compute Console. Think of Prisma Cloud as the outer management interface, and Compute Console as the inner management interface.
To access the Compute Console UI, users must have the Prisma Cloud (outer management interface) System Admin role. Access is denied to users with any other role.
The following screenshot shows the Prisma Cloud UI, or the so-called outer management interface. It can accessed directly from the Internet. The format of the URL is:
https://app<opt-num>.<opt-region>.prismacloud.io
prisma_cloud_arch1.png
The following screenshot shows Prisma Cloud with the Compute Console open. Compute Console is the so-called inner management interface. Compute Console’s GUI cannot be directly addressed in the browser. It can only be opened from within the Prisma Cloud UI. It’s important to make the distinction between the inner and outer interfaces because a number of of Compute components directly address the inner interface, namely:
  • Defender, for Defender to Compute Console connectivity.
  • twistcli
  • Jenkins plugin
  • Compute API
prisma_cloud_arch2.png
You can find the address of Compute Console in Prisma Cloud under
Compute > Manage > System > Downloads
. The address for Compute Console has the following format:
https://<region>.cloud.twistlock.com/<customer>

Accessing Compute in Prisma Cloud Compute Edition

In Compute Edition, Palo Alto Networks gives you the management interface to run in your environment. In this setup, you deploy Compute Console directly. There’s no outer or inner interface; there’s just a single interface, and it’s Compute Console. Compute Console’s address, whether an IP address or DNS name, is used for all interactions, namely:
  • GUI access from a web browser.
  • Defender to Compute Console connectivity.
  • twistcli
  • Jenkins plugin
  • Compute API

Recommended For You