Chapter 3. A Basic Virtualized Enterprise

Previous page
Table of content
Next page

In this chapter, we define the technical requirements posed by the need to virtualize the network. Based on these requirements, we propose and architectural framework comprised of the functional areas necessary to successfully support concurrent virtual networks (VNs) over a shared enterprise physical network.

Networks enable users to access services and resources distributed throughout the enterprise. Some of these services and resources are public: those accessed over the Internet, and others that are private and internal to the enterprise. Every enterprise has unique security and service level policies that govern the connectivity to the different services, whether these are public or private.

One of the basic building blocks behind the virtualized network and, in fact, a key driver is security. An important element of an enterprise's security policy is the definition of a network perimeter. In general, the level of trust inside and outside of the network perimeter differs, with end stations inside the perimeter being generally trusted and any access from outside the perimeter being untrusted by default. Communications between the inside and the outside of the perimeter must happen through a checkpoint. At the checkpoint, firewalls and other security devices ensure that all traffic that enters or leaves the enterprise is tightly controlled. Therefore, we refer to the point of entry/exit to/from the enterprise network as the network perimeter.

Note

The network perimeter defines one layer of security and must be complemented with other security mechanisms. It is critical to incorporate mechanisms to protect the network from attacks initiated inside the perimeter. This functionality is generally provided at the network access/edge and is not impacted by the virtualization of the network.


To provide the required connectivity, create a secure perimeter and enforce the necessary policies, it is recommended that an enterprise network be based on certain functional blocks. Figure 3-1 depicts a modular enterprise network and its perimeter. The recommended functional blocks are as follows:

  • The LAN/MAN transport (core and distribution)

  • The LAN edge or access layer

  • The Internet access module

  • The data center access module

  • The WAN aggregation module

  • The WAN transport

  • The branch

When a single enterprise network must service many different groups, it is often necessary to create virtual networks (VNs) so that each group can enjoy

  • Private connectivity over a shared infrastructure.

  • A dedicated perimeter in which independent policies can be enforced per group.

  • User mobility (ubiquitous access to the appropriate virtual network regardless of the user's location).

Figure 3-1. The Modular Enterprise Network and Its Perimeter


At the risk of oversimplifying, a VN can be seen as a security zone. All devices within the security zone trust each other and communicate freely with each other. Meanwhile, any communication with other security zones, or other networks, must happen in a controlled manner over a highly secured perimeter or checkpoint. Thus, a virtualized enterprise network will simultaneously host many security zones, and their dedicated perimeters, over a shared infrastructure.



Previous page
Table of content
Next page
Network Virtualization
Network Virtualization
ISBN: 1587052482
EAN: 2147483647
Year: 2006
Pages: 128
Authors: Victor Moreno, Kumar Reddy
BUY ON AMAZON
CISSP Exam Cram 2
Introducing Microsoft Office InfoPath 2003 (Bpg-Other)
PostgreSQL(c) The comprehensive guide to building, programming, and administering PostgreSQL databases
Extending and Embedding PHP
The Oracle Hackers Handbook: Hacking and Defending Oracle
MPLS Configuration on Cisco IOS Software
flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net
Privacy policy