Hi All -
I’m looking for a soluition that will allow remote client/server access, without the need of the firewall, or standing up a connector VM.
Just a simple install the agent on a server and client, but at scale…
We manage a handful of independent 1 server/application locations, that corporate needs to be able to access them all.
We currently user zScaler enterprise-wide, but its a bit overkill to deploy at these small sites.
Any Ideas?
ZPA or just ZIA? If ZPA, are the apps accessed on the same private subnet ranges where you can just do app discovery?
Hi there, you might find it useful to take a look at the list of Mesh Overlay Network vendors listed on https://zerotrustnetworkaccess.info that’s the architecture you’re looking for. Good luck 
Disclosure: co-founder @ enclave.io
You can use Ms entra private access. It’s like zpa, but an agent you install on VMs or machines. It’s in preview right now and is free.
You can use a mesh vpn like tailscale
I would suggestion OpenZiti (https://openziti.io/) if you want open source and NetFoundry (https://netfoundry.io/) if you want a commercial SaaS. They are similar to Zscaler Private Access but goes much further and crucially, supports both tunnelers which can deploy on the server, as well as SDKs which can be embedded into apps. Note, I work on both project/company.
This last part could be game changing as it sounds like (though not sure) you develop an application which you deploy at customer site. This would mean no additional SW, the ‘agent’ is effectively part of your application binary.
TruGrid SecureRDP may be your friend. It has the following features:
It is a cloud SASE solution like zScaler, but much less complicated. It can be setup and running in 1 hour or less
It does not require any firewall exposure
It does not require any hardware. As you prefer, it uses one software agent on the network to broker access to multiple computers on the network
It supports multiple endpoint OS: Windows, Mac, iOS, Android, Chromebook
It works on any network - private datacenters and public cloud
Doesn’t Tailscale need a connector running on-prem?
No, not if you install a client on each server/client