Deployment Advisory Services (DAS) Service Introduction Ver 4.1 Zscaler Customer Success Team

DAS Overview

DAS Overview What Is DAS ? DAS Goal DAS Value Deployment Advisory Services A paid service to get customers properly started on their deployment DAS Goal Proper design - Design configuration guidance based upon best practices Speed - Get traffic flowing - ensure immediate security protection from the Zscaler service DAS Value Experience – Best practices based upon hundreds of deployments, large or small Speed – Ensuring quick time to value of the service

DAS Entrance + Exit Criteria DAS IS A ONE-TIME SERVICE TO GET YOU LAUNCHED... YOU CONTINUE TO DEPLOY FOLLOWING THE BEST PRACTICE GUIDANCE Entrance Criteria Exit Criteria New Service Start Customer designates a project lead + technical lead, and executive sponsor Customer is ready for fast-paced Deployment Design is complete Traffic is flowing or service expires

DAS Success Speed to Value Proper Design Satisfactio n Success = Get > 25% of user traffic flowing in 90 days Resiliency Redundancy Performance 30, 60, 90 day Check-ins

Best Practice Guidance Cloud Deployments – A Partnership Best Practice Guidance Configure Configure TRAFFIC FORWARDING Customers – Owns and configures, their routers, firewalls, network infrastructure Zscaler - provides best practice guidance, configures cloud-side configuration AUTHENTICATION Customers - Own ID management systems, perform Zscaler recommendations Zscaler - Provides best practice guidance for user identification POLICIES Customers – Provide policy requirements, perform Zscaler recommendations Zscaler - Provides best practice guidance and set-up assistance REPORTING / LOGGING Customers – Provide reporting and logging requirements, SIeM set-up CUSTOMER ZSCALER 5

The 5 Phases Of A Successful Zscaler Roll-out Get traffic flowing and get protected, add complexity later ! Set-up primary and secondary GRE tunnesl (with PAC Files) from main egress points Add Authentication, for granular policy control and reporting Add Road Warriors 1) Traffic Flowing 2) Authentication 3) Road Warriors 4) SSL Inspection Local internet break-out of other sites traffic to Zscaler. (remove back-haul) 5) Break-Out Add SSL Inspection, if desired 1 2 3 4 5

DEPLOYMENT FLIGHT PATH TAKE-OFF TO RIGHT DIRECTION, GET TO CRUISING ALTITUDE, MAINTAIN ALTITUTE EXPAND AUDIT, MAINTAIN BUILD TEMPLATE BASED UPON BEST PRACTICES, GET TRAFFIC FLOWING DAS – DEPLOYMENT ADVISORY SERVICES ONGOING SUPPORT = DAILY-WEEKLY- MONTHLY ENGAGEMENT, MOVE TO 100% TRAFFIC 6 MONTH ARCHITECTURAL REVIEWS, TAM SUPPORT TAM OR ZTAC ONGOING SUPPORT SOLUTION ARCHITECTS. TAM

SYSTEM + SECURITY GRADE = B SYSTEM + SECURITY GRADE = A DAS FOCUS 0% 25% + 100% User Traffic SYSTEM + SECURITY GRADE = B SYSTEM + SECURITY GRADE = A Configuration Traffic Forwarding – Corporate Main sites Traffic Forwarding – Corporate Branch Sites Traffic Forwarding – Some Road Warriors Traffic Forwarding – All Road Warriors Authentication Policies – SSL Inspection Policies - Basic Reporting – CXO Reports DAS TEAM CUSTOMER

DAS Package Comparison DAS PACKAGES PROVIDED PER CUSTOMER TOTAL USER SIZE VALUE Up to 1,000 Users DAS PKG 0 Up To 5,000 Users DAS PKG 1 Up to 10,000 Users DAS PKG 2 Up to 25,000 Users DAS PKG 3 Up to 100,000 Users DAS PKG 6 TOTAL CONSULTING TIME (Remote) DEPLOYMENT ADVISORY ENGINEER DEPLOYMENT ARCHITECT 10 Hours 9 Hours 1 Hour 5 Days 4 Days 1 Day 10 Days 8 Days 2 Days 15 Days 12 Days 3 Days 30 Days 24 Days 6 Days ZSCALER MISSION CRITICAL AUDIT (ZMCA) Report Provided ZSCALER ONLINE TRAINING ZCES-EDU-CREDIT 2 Credits 3 Credits 4 Credits 5 Credits 10 Credits Service Expiration from Purchase 90 Days 120 Days 180 Days

DAS Project

DAS Technical Process Stages DAS designs and launches deployments through best practice guidance, then customers continue to roll-out traffic STAGE 1- DESIGN STAGE 2- BUILD STAGE 3- TRAFFIC ROLL-OUT HAND-OVER DESIGN CONFIGURE GUIDANCE TEST GUIDANCE PILOT PRODUCTION 90-DAY CHECK-IN HAND-OVER Select Users Hand-over from Sales Complete Design + Deployment Traffic forwarding Authentication Policy structure Reporting Internal IT testing Test key applications Test business process Production Hand-over to CSM ZTAC Team for ongoing support 11

DAS Key Milestones 12 DAY 1 (Stage-13) BY DAY 7 BY DAY 15 BY DAY 30 AREA DAY 1 (Stage-13) BY DAY 7 BY DAY 15 BY DAY 30 BY DAY 60 BY DAY 90 ONBOARDING WELCOME EMAIL SENT DAS KICK-OFF CALL COMPLETE DESIGN 1st DESIGN CALL HELD DESIGN + DEPLOYMENT PLAN COMPLETE DEPLOYMENT PILOT ROLLOUT TRAFFIC FORWARDING = PILOT USERS AUTHENTICATION = TESTED POLICIES = COMPLETED PRODUCTION ROLLOUT +TRAFFIC FORWARDING = MAIN CORPORATE LOCATIONS +AUTHENTICATION = COMPLETED + TRAFFIC FORWARDING = ROAD WARRIORS CONSUMPTION PILOT TRAFFIC 10%+ OF PRODUCTION USERS TRAFFIC FLOWING 25%+ OF PRODUCTION USERS TRAFFIC FLOWING 12

Zscaler + Customer Resource Plan SERVICE FUNCTION CUSTOMER RESOURCE NAME ZSCALER RESOURCE NMAE EXECUTIVE SPONSOR Responsible for the overall success of the deployment Customer Success Manager (CSM) PROJECT MANAGER Responsible for delivery of the overall project management Technical Project Coordinator (TPC) TECHNICAL CONTACTS Primary contacts in specific areas Networks Operations (Traffic forwarding) Authentication Expert (Authentication) Desktop Operations (Road Warriors) Deployment Advisory Team (DAS) TECHNICAL SUPPORT Technical support organization ZTAC, Technical Account Managers (TAM ) POST-DAS SUPPORT TAM, CSM, ZTAC 13

Zscaler Deployment Resource Plan DAS Deployment Advisory Services TPC Project Manages DAS Team Advises on deployments TAM Technical Account Manager (If Assigned) In DAS, TAM solves problems Post-DAS TAM continues to assist in roll-out + support ZTAC Zscaler Technical Assistance Center 24x7 Support for problem solving

DAS Key Technical Guides

Design Wizard Wizard is completed by the Zscaler Sales team on behalf of customer, to start the design scope 16

Best Practice Design Considerations (BDPC) Information provided to customers in advance of Project Design Call, explaining concepts 17

Design + Deployment Plan Deployment Design and Implementation Plan 18

Zscaler Recommended Configuration Current Customer Configuration Zscaler Mission Critical Audit (ZMCA) Scorecard – Sample Configuration best practices audit, to ensure high availability and resiliency Area Priority Zscaler Recommended Configuration Current Customer Configuration Score Traffic Forwarding 1 Corporate - Use GRE or Ipsec Tunnels To be verified  Not Met Road Warriors – Use PAC or Zapp NAT - Ensure Tunnel Device Behind NAT 2 Router - Ensure Tunnel Terminates in Router, Not Firewall Resiliency Failover - Ensure Automatic Tunnel Failover Configured Failover Testing - Ensure automatic tunnel failover testing successful Critical Applications O365 - Ensure Office 365 one-click is enabled Service Performance Network Path Verification - Ensure best Internet peering path is used MTU/MSS optimization - Path MTU configured/MTU size is correct Geo-location verification – Ensure best DC is resolved for PAC/ZAPP only locations (if any) Service Availability New CA/PAC servers - Ensure firewall rules open to all cloud hub IP’s Authentication User Authentication - Configure Frequency Configuration as “Once” or Custom > 7 days Account = {{customer}} Audit Date =  {{today}} Overall Score (Priority of 1 = Met, Required to Pass)

Zscaler Recommended Configuration Current Customer Configuration Zscaler Cloud Readiness Scorecard - Sample Key checks to ensure you deployment is cloud-ready Area Priority Zscaler Recommended Configuration Current Customer Configuration Score Performance 2 Traffic gets routed to Internet via branch breakouts {{internet traffic routing}} Not Met 1 Adequate Internet (WAN) bandwidth available at at branches {{bw at the branches}} Remote access VPN tunnel configured in “split” tunnel mode {{vpn mode}} SD WAN solution deployed at branches To be verified  Speed Cloud applications do not require source IP preservation {{source IP preservation}} User Experience Use publicly accessible SAML 2.0 Federation service for user identification {{idp vendor}} Account = {{customer}} Audit Date =  {{today}} Overall Score (Priority of 1 = Met, Required to Pass)

DAS Exit Hand-Overs

DAS Exit Hand-Over to Customer Success Manager (CSM) To ensure your continued success, with a single point of contact Hand-Over to Support For Ongoing 24x7 Support (Zscaler Technical Assistance Center) See Support Best Practices Guide on help portal on how to engage ZTAC TAM Support (For TAM Accounts)

Escalating A Ticket – All Accounts 1) Customer Thermometer Button (Recommended) Find buttons on your ticket email updates from Zscaler Click Yellow or Red button to escalate Be sure to click a green or gold button a 2nd time, once issue is solved and you are happy Alerts sent to 24x7 support leadership team who with review the support ticket 2) Web Portal (Recommended) Click link - https://help.zscaler.com/escalate-ticket2 3) 24x7 Phone: USA Toll Free: +1-800-953-3897 Global Direct: +1-408-701-0534 UK : +44 20 3514 2748 France: +33-1-7418-1777 Germany: +49-2-21-8282-9199 Netherlands: +31-3-0808-0255 Australia: +61-2-8417 2939

Escalating A Ticket – For TAM Accounts (Premium Plus) 1) Customer Thermometer Button (Recommended) Find buttons on your ticket email updates from Zscaler Click Yellow or Red button to escalate Be sure to click a green or gold button a 2nd time, once issue is solved and you are happy Alerts sent to 24x7 support leadership team who with review the support ticket 2) Web Portal (Recommended) Click link - https://help.zscaler.com/escalate-ticket2 3) Contact Your TAM (Technical Account Manager) 1st leverage # 1 or #2 above, to ensure your issue is escalated Then contact your designated TAM, if available, for strategic guidance

Thank you