Zscaler’s multi-tier cloud architecture is separated into distinct planes: the control plane, enforcement plane, and logging plane. The control plane is implemented by the Central Authority and is described in Zscaler architecture material as the “brains” of the platform, responsible for policy definition, administration, orchestration, and the admin UI. Crucially, this same layer also exposes the API interfaces that automation tools and scripts use. In architecture slides, the control plane is explicitly associated with “Admin UI” and “API,” showing that all administrative programmability terminates there.
The enforcement plane (Public/Private Service Edges) is focused on inspecting and enforcing policy on user traffic, while the logging plane is dedicated to storing and streaming Nanolog data to SIEM or analytics tools. Neither of these planes provides administrative configuration APIs. Study content for the ZDTE exam reinforces that the API infrastructure enables programmatic access to configure the Zero Trust Exchange and is part of the central management layer, not the traffic or logging tiers.
Therefore, when an administrator makes API calls, they are communicating with the Control Plane.
Contribute your Thoughts:
Chosen Answer:
This is a voting comment (?). You can switch to a simple comment. It is better to Upvote an existing comment if you don't have anything to add.
Submit