A "ZTNA server" is typically a component within a ZTNA ecosystem, often called a controller or access broker/gateway.

Unlike a VPN server, which is a network device that terminates an encrypted tunnel for full network access, the ZTNA component’s job is purely to act as a secure intermediary. It verifies the user's identity and device posture against policies and then establishes a secure, encrypted, one-to-one connection directly to the specific application, not the network.

In modern SASE/ZTNA solutions, this "server" functionality is often a distributed, cloud-native service rather than a single physical piece of hardware.