This README serves as a quick start guide to deploy Zscaler VZEN resources in Microsoft Azure using Terraform.
Use this repository to create the deployment resources required to deploy and operate VZEN in a new or existing resource group and virtual network. The examples directory contains complete automation scripts for both greenfield and brownfield use.
Our Deployment scripts are leveraging Terraform v1.1.9 which includes full binary and provider support for macOS M1 chips, but any Terraform version 0.13.7 should be generally supported.
- provider registry.terraform.io/hashicorp/azurerm v3.116.x (minimum 3.108.x)
- provider registry.terraform.io/hashicorp/random v3.3.x
- provider registry.terraform.io/hashicorp/local v2.2.x
- provider registry.terraform.io/hashicorp/null v3.1.x
- provider registry.terraform.io/providers/hashicorp/tls v3.4.x
- Azure Subscription Id link to Azure subscriptions
- Have/Create a Service Principal. See: how-to-create-service-principal-portal. Then Collect:
- Application (client) ID
- Directory (tenant) ID
- Client Secret Value
- Azure Region (e.g. westus2) where VZEN resources are to be deployed
- Install Terraform CLI
- Must have Zscaler VZEN SKUs Subscription.
The examples section covers two deployment templates:
Use the Custom Deployment template with Azure Load Balancer to deploy your VZEN with resources (Resource Group, VNET, Subnets, NSGs, Public IPs, Load Balancer) and load balance traffic across multiple VZENs. You can use "byo" variables to deploy VZEN with existing resources. Zscaler's recommended deployment method is Azure Load Balancer. Azure Load Balancer distributes traffic across multiple VZENs and achieves high availability.
Use the Custom Deployment template without Azure Load Balancer to deploy your VZENs with resources (Resource Group, VNET, Subnets, NSGs, Public IPs) without load balancing capablities. You can use "byo" variables to deploy VZEN with existing resources.
Note: The examples provided in this document illustrate the usage of the various modules. You are encouraged to reuse and adapt these modules as per your specific requirements to suit your use case.