ORBTR vs Zscaler ZPA
Zscaler Private Access is a mature cloud-proxy ZTNA — all traffic routes through Zscaler's cloud. ORBTR takes a fundamentally different approach: direct mesh connections, no App Connectors, and full device management built in.
Key differences
Direct mesh + management
Traffic flows device-to-device. No App Connectors to deploy. Full device management (jobs, scripts, inventory, remote access) in the same agent. L3–L7 Virtual Wire with per-flow policy and DNS enforcement, not just L7. Transparent per-device pricing.
- ✓ Direct mesh — no cloud proxy
- ✓ No connectors or appliances
- ✓ Full device management built in
- ✓ L3 – L7 Virtual Wire
- ✓ Transparent per-device pricing
Cloud-proxy ZTNA
All traffic routes through Zscaler's cloud. App Connectors required at each application site. Mature and well-suited for large enterprises with complex web app access patterns, but no device management beyond posture.
- × All traffic proxied through Zscaler cloud
- × App Connector required per site
- × Posture only — no fleet management
- × L7 only
- × Enterprise contract pricing
Side-by-side comparison
| Capability | ORBTR | Zscaler ZPA |
|---|---|---|
| Architecture | Direct mesh P2P | Cloud proxy |
| Connectors required | None | App Connector per site |
| Device management | Full — jobs, scripts, inventory, remote access | Posture checks only |
| Network layers | L3 – L7 (Virtual Wire) | L7 only |
| P2P connections | Yes — sub-5ms direct | No — proxied through Zscaler cloud |
| Offline operation | Full mesh + cached policies | No connectivity without cloud |
| Policy propagation | Mesh gossip (offline capable) | Cloud push only |
| DNS policy | Full engine + mesh-assisted | ZIA DNS (separate product) |
| Job orchestration | ScriptPacks + scheduled jobs | — |
| Remote access | Built-in with approvals | ZPA Privileged Remote Access (add-on) |
| Setup complexity | Single agent install | App Connectors + ZPA config + Zscaler Client Connector |
| Pricing | Per device, unlimited users | Enterprise contract only |
| Free tier | 9 devices forever | — |
When to choose ORBTR over Zscaler
You don't want a cloud proxy
ZPA routes all traffic through Zscaler's cloud — adding latency and creating a dependency on a third-party network. ORBTR connects devices directly with sub-5ms P2P latency.
You want to eliminate connectors
ZPA requires App Connectors at every application site. ORBTR's agent is the entire data plane — no connectors, no appliances, no site-specific infrastructure.
You need device management
Zscaler checks device posture but doesn't manage your fleet. ORBTR runs jobs, deploys scripts, collects inventory, and provides remote access from the same agent.
You want transparent pricing
Zscaler requires enterprise contracts with opaque pricing. ORBTR publishes per-device rates, includes unlimited users, and offers a free tier — start with 9 devices today.