Documentation Index

Fetch the complete documentation index at: https://support.appgate.com/llms.txt

Use this file to discover all available pages before exploring further.

Appendix: ZTP technical background

  • Published on Jun 17, 2026
  • 1 minute read
Prev Next

This section briefly describes each ZTP service: its purpose, when it is invoked, and what information it transmits.

Connectivity between an AppGate ZTNA Collective and ZTP services is always initiated by a Controller appliance. All Controller appliances in a connected Collective must have outbound access to ZTP.

ZTP Services

Registration Service

The Registration Service is used only by connected AppGate ZTNA Collectives, and only when initially connecting a Collective to your ZTP account. The service validates the secret registration token (Secret Key) and stores basic information about the registered Collective:

  • Collective ID

  • Collective name

  • Access URLs

For instructions, see Connecting an existing AppGate ZTNA Collective.

AppGate ZTNA Health Check

The AppGate ZTNA Health Check is used by both connected and hosted Collectives. A Controller appliance calls the service once a day. The service receives and analyzes basic telemetry information about the Collective and, when appropriate, responds with information to help administrators maintain their Collective. Responses may include available upgrade notifications, capacity limit alerts, or recommendations to improve performance and security.

The service receives the following information from each Controller:

ZTNA Collective

Appliances

Client

Name and/or unique identifier

Name

Latest version available

Licensed capacity

Function

Utilized capacity

Version

Status

Infrastructure stats: CPU, memory, network, disk

NOTE

No personally identifiable information (PII) or payment card information (PCI) is collected.

Risk Engine

The Risk Engine service is used by both connected and hosted Collectives. A Controller appliance calls the service when a user logs in to AppGate ZTNA and upon token refresh. The service receives information about the user or connecting device, which it uses to retrieve corresponding risk data from third-party providers. The service may receive the following information:

  • OS platform and version

  • Device MAC address

  • Device hostname

  • Device, system, and user claims gathered by the Controller

NOTE

For more information about the data ZTP collects, see the Data retention section.

Application Discovery

Application Discovery can be used by both connected and hosted Collectives that have a LogServer or LogForwarder appliance enabled. The service uses a machine learning system to observe user behavior and access patterns over time. It analyzes this data and generates actionable insights to help administrators define and refine access policies.

Application Discovery collects the following audit log record types from your AppGate ZTNA environment:

  • authentication_succeeded

  • authorization_succeeded

  • ip_access

NOTE

For the specific data fields for each audit log type, see Audit log detail. For further documentation, see Application Discovery.

Related articles
  • ZTP Settings
    Admin Guide > Admin Guide v6.7 > Admin UI  > Settings
  • ZTP Settings
    Admin Guide > Admin Guide v6.6 > Admin UI > Settings
  • Data retention
    ZTP User Guide > Appendix: ZTP technical background