In the first paragraph of this chapter, I mentioned that the small network could be a standalone organization, complete unto itself, or a branch of a larger organization. If it is complete, everything that we have described could well apply. However, if it is operating as a branch under a headquarters at the end of a WAN link, a couple of things might change. In the branch's edge, there would probably be no need for incoming VPN termination, although there might well be a VPN connection (site to site or LAN to LAN) to the headquarters. In the branch's campus, the management hosts (both server and any workstations) would probably not exist: They would be provided at the headquarters, and management of the branch's devices would be performed over a VPN tunnel. |