1. Overview

Prisma Cloud offers a rich set of cloud workload protection capabilities. Collectively, these features are called Compute. Compute has a dedicated management interface, called Compute Console, that can be accessed in one of two ways, depending on the product you have.

  • Prisma Cloud Enterprise Edition — Hosted by Palo Alto Networks. Prisma Cloud Enterprise Edition is a SaaS offering. It includes both the Cloud Security Posture Management (CSPM) and Cloud Workload Protection Platform (CWPP) modules. Access the Compute Console, which contains the CWPP module, from the Compute tab in the Prisma Cloud UI.

  • Prisma Cloud Compute Edition - Hosted by you in your environment. Prisma Cloud Compute Edition is a self-hosted offering that’s deployed and managed by you. It includes the Cloud Workload Protection Platform (CWPP) module only. Download the Prisma Cloud Compute Edition software from the Palo Alto Networks Customer Support Portal. Compute Console is delivered as a container image, so you can run it on any host with a container runtime (e.g. Docker Engine).

The following table summarizes the differences between the two offerings:

Capabilities Prisma Cloud Enterprise Edition Prisma Cloud Compute Edition

Management interface

Hosted by Palo Alto Networks (SaaS).

Deployed and managed by you in your environment (self-hosted).



CWPP only.

Security agents

Deployed and managed by you.

Deployed and managed by you.

User management

Configure single sign-on in Prisma Cloud.

Configure single sign-on in Prisma Cloud Compute Edition. Compute Console exposes additional views for Active Directory and SAML integration when it’s run in self-hosted mode.


Supported by Palo Alto Networks Hub.

Supported by a feature called Projects. Projects is enabled in Compute Edition only. It’s disabled in Enterprise Edition.

2. Accessing Compute in Prisma Cloud Enterprise Edition

In Prisma Cloud, click the Compute tab to access Compute Console. Think of Prisma Cloud as the outer management interface, and Compute Console as the inner management interface.

To access the Compute Console UI, users must have the Prisma Cloud (outer management interface) System Admin role. Access is denied to users with any other role.

The following screenshot shows the Prisma Cloud UI, or the so-called outer management interface. It can be accessed directly from the Internet. The format of the URL is:

prisma cloud arch1

The following screenshot shows Prisma Cloud with the Compute Console open. Compute Console is the so-called inner management interface. Compute Console’s GUI cannot be directly addressed in the browser. It can only be opened from within the Prisma Cloud UI. It’s important to make the distinction between the inner and outer interfaces because a number of of Compute components directly address the inner interface, namely:

  • Defender, for Defender to Compute Console connectivity.

  • twistcli

  • Jenkins plugin

  • Compute API

prisma cloud arch2

You can find the address of Compute Console in Prisma Cloud under Compute > Manage > System > Downloads. The address for Compute Console has the following format:


3. Accessing Compute in Prisma Cloud Compute Edition

In Compute Edition, Palo Alto Networks gives you the management interface to run in your environment. In this setup, you deploy Compute Console directly. There’s no outer or inner interface; there’s just a single interface, and it’s Compute Console. Compute Console’s address, whether an IP address or DNS name, is used for all interactions, namely:

  • GUI access from a web browser.

  • Defender to Compute Console connectivity.

  • twistcli

  • Jenkins plugin

  • Compute API