Blogs

Stay updated with expert perspectives on key topics.

Back

Blog

Beyond Renewal: Modernizing Zscaler Infrastructure

Home / blog / Beyond Renewal: Modernizing Zscaler Infrastructure

As we approached contract renewal with this customer, something interesting happened.

Instead of focusing purely on pricing — they paused and asked a bigger question: “If we’re renewing anyway… should we also modernize?”

That single question changed the direction of the conversation.

Where We Started

Their environment was stable and well-designed.

They were running Zscaler workloads:

  • ZIA Virtual Service Edge (VSE)
  • ZPA Private Service Edge (PSE)

All hosted on customer-owned VM hardware, supported by physical switches and CPE devices.

It worked. But it was also tied to:

  • Hardware lifecycle management
  • Capacity ceilings
  • Refresh cycles
  • CAPEX planning
  • Operational overhead

In other words — stable, but not agile.

The Shift in Mindset

Instead of renewing the same setup, we asked:“What if we keep the architecture… but remove the hardware burden?”

So we migrated the entire Zscaler workload into CBC Private Cloud in Beijing — without changing their Zero Trust design.

No redesign.
No disruption.
Just modernization underneath.

What Changed

  • Physical switches and CPE eliminated
  • Fully virtualized infrastructure
  • Dual eNet Cloud Routers (ECR) deployed for redundancy
  • Scalable VM resources for VSE, PSE, and App Connectors

The infrastructure became software-defined, elastic, and cloud-native.

What Stayed Exactly the Same

  • ZIA & ZPA reference architecture
  • CBC Tech’s congestion-free IP backbone & Internet gateways
  • Security posture
  • User experience

From the users’ perspective — nothing changed.
From the infrastructure perspective — everything did.

The Business Impact

  • Reduced hardware dependency
  • Improved scalability and agility
  • Simplified operations
  • Predictable OPEX instead of hardware CAPEX
  • A future-ready platform for expansion

Most importantly, the customer now has room to grow — without waiting for the next hardware refresh cycle.

A Reflection

Contract renewal is often treated as a commercial exercise.

But sometimes, renewal is the perfect moment to step back and ask: “If we were building this today — would we build it the same way?”

In this case, the answer was no.

So we renewed smarter.
And modernized while we renewed.

And that made all the difference.

ABOUT THE AUTHOR

Picture of Dave Woon

Dave Woon

Associate Director Solution Architect

With over 25 years in the ICT industry, Dave has built a strong career in enterprise pre-sales, specializing in secure networking and cloud connectivity solutions. He works closely with IT and security stakeholders to translate business requirements into scalable architectures across SD-WAN, SASE, Zero Trust, global MPLS, and multi-cloud environments. Beyond technical design, he leads solution strategy, conducts workshops, manages bid responses, and ensures architectures balance performance, security, resilience, and cost efficiency. He is passionate about delivering impactful pre-sales engagements that simplify complexity and drive successful digital transformation outcomes.

Subscribe to

Newsletter

Subscription Form

Explore other Blog Articles

Read More

Hong Kong: Time to Catch the Next Wave of Data and AI

The Global Energy Leader’s Network Leap: CBC Tech’s SD-WAN Solution Reshapes Multinational Business Connectivity 

From Visibility to Action: How Monitoring and Observability Power CBC Tech’s eNet SD-WAN

Breaking Down Silos: CBC Tech’s Unified DevOps Approach

Navigating the Over-the-Top (OTT) Landscape:, Cloud, and Cross-Border Connectivity from China to the World

Navigating China’s Public Cloud Landscape: Challenges and Connectivity Solutions

Scroll to Top