How to Solve the Challenge of Connectivity in China

Last November, we launched Zscaler China Premium Access. Since then, we’ve had countless interactions with customers asking us to help them with connectivity for their users in mainland China. 

But before I jump to the details of our solutions, let me cover the background of using Zscaler in China and the genesis of this unique product. 

China is the second largest economy in the world. With annual exports totalling $2.2T, it’s one of the largest manufacturing hubs in the world. Pair this with the fact that it’s also the fastest growing consumer market in the world, and it’s easy to see why there’s no shortage of companies with a level of economic interest in China. There is, however, a catch.

China’s domestic network suffers from very poor quality of service. Traffic is often subjected to throttling, DNS injections, packet loss, and high latency. Additionally, extra traffic inspection by the “great firewall” of China makes it extremely difficult to access websites and SaaS applications outside of China. All of this makes it a challenge for businesses to align users in China with their cloud transformation strategy. 

Prior to launching China Premium Access, Zscaler customers had two ways to address this challenge. The first was to route international traffic over an independent private network connection or MPLS in China to egress to international destinations. The second was to route traffic through select Chinese providers offering special premium networks for better performance when accessing international sites. 

Both approaches required local IT support, and both were costly and complex to manage. But, more importantly, these approaches went against these customers’ cloud transformation initiatives and their goals of reducing reliance on on-premises solutions. 

So, what exactly is Zscaler China Premium Access?

Put simply, Zscaler China Premium Access is an extension of the Zscaler Zero Trust Exchange operating over a premium network in China. It enables users to enjoy a positive user experience without the complexity of running a private network. 

Because each customer's needs are different, we’ve created multiple options to address each one. Let's start with the first and the most popular option, China Premium Access.

Zscaler's unique hyperscale architecture allows us to simplify this solution and extend our cloud to a partner network, giving our customers the opportunity to leverage premium connectivity coupled with the airtight security only Zscaler can provide. 

By collaborating with partners like CBC and Zenlayer, we’ve built China Premium Access to be offered as a network as a service (NaaS) solution. 

 

Instead of deploying in an expansive and complex data center, Zscaler customers can simply forward their traffic to our premium data center using their Client Connector, Cloud Connector, or tunnel using IPSEC/GRE from their branch. This approach supports all types of traffic, from web to that of real-time applications (Zoom, Teams, GoTo Meetings, Unified Communications). 

Zscaler enforces policy using our service engine, the Zscaler SSMA (Single Scan Multi Action). Since this is an integrated part of our cloud, the customer will see this traffic using its single-pane-of-glass administration UI. 

Other solutions can only support either domestic traffic or international traffic, but with our architecture, all traffic traverses a premium network once inspected (premium = quality user experience, low latency, high throughput, and very low packet loss). Our partner's premium network has both domestic connectivity with all three C’s (China Unicom, China Telecom, and China Mobile) and premium access to the global internet. 

And, customers can rest assured about concerns about local compliance. Why? Because our partners are fully licensed to operate in China, meaning there’s no obfuscation or bypassing of any local regulations. 

In addition to the normal SLA we provide for our service, this unique access option has a supplemental four-point SLA that covers availability, mean time to remediate (MTTR), latency, and packet loss.

What has China Premium Access done so far? And, what about our “Plus” option?

In the last year, users in China experienced events such as the Chinese new year, the winter olympics in Beijing, and tightening COVID restrictions. All these events would have impacted the effectiveness of traditional solutions, but not Zscaler China Premium Access. We delivered our high-quality service without a hiccup. 

Zscaler China Premium Access has provided customers with an amazing upgrade over the domestic internet service they would otherwise leverage. They’ve seen application access improve by a factor of 6X, latency reduced by 40-60%, and faster service overall.

But some customers were asking us to go even further and provide a private link with Zscaler enforcement. So, with China Premium Access Plus, this is exactly what we’re doing.

The “Plus” lies in our private infrastructure hosted in CBC premium network that provides a private link for each customer. It’s the easiest and most compliant way to attain a private link, exclusive for customer users in China, that allows them to access both international websites and domestic Chinese applications. 

When we gave legacy MPLS customers the chance to try Premium Access Plus, they raved about the unparalleled user experience, simplicity, and simple onboarding process. 

With the added cost of private infrastructure, we see this solution is mostly applicable for customers with a major user base in China that require many Mbps of connectivity. 

There’s also an underlay…

Before we were able to offer our customers China Premium Access, we worked with Alibaba, who helped us improve our backend connectivity from our data centers in China to our back-office control plane in Europe and the United States. 

With the use of the Alibaba Cloud Enterprise Network (CEN), we improved connectivity to match that of any other data center. We did so by getting rid of persistent issues like log delays, authentication issues, and latency in delivering threat intelligence to the processing nodes in China. 

As part of China Premium Access, we also provide an underlay option with China Alibaba that matches our solution: 

With the China Premium Access Underlay, we can provide a private VPC in China + CEN + VPC anywhere in the world where both Alibaba and Zscaler are located (Frankfurt, San Francisco, Zurich, Mumbai, Tokyo, London, Washington, and many more). 

The China Premium Access Underlay completes our portfolio of choices; Generic, China Premium Access; Private, China Premium Access Plus; and Specialized, China Premium Access Underlay.
 

Where to go from here

With the help of our local partners, we’ve delivered something quite remarkable—easy access to applications outside of China without the need for a complex solution. We already have many customers that have taken advantage, so contact your sales representative to add China Premium Access for your employees working in mainland China.