055
ENTERPRISE SECURITY BLUEPRINT
APPENDIX
A
A design pattern is a general reusable solution to a commonly occurring problem within a
given context. The design patterns described in the subsequent sections are common to most
organizations and can serve as the basis for defining enterprise security architecture. Each
organization creates segmentation templates for distinct types of data processing entities or
sites. These templates are then instantiated with site-specific systems and applications and can
be tailored for different business units. Figure A-A depicts an example of an enterprise that has
defined site templates for several types of sites and services.
In the sections that follow, segmentation principles are explained for different design patterns
including : Servers, Access Networks, Mobile and Cloud. Additional design patterns are
described for Internet access, DMZ and Network Infrastructure. Suggested protections are
provided for each segmentation design pattern.
Design Pattern:
Servers
The servers design pattern is typically used in data centers and medium-to-large offices. This
design pattern describes the collection of servers and supporting network equipment that
provide services both internally and externally.
Data center design pattern
Figure A-B
Figure A-b: Data center design pattern
Data Center
WAN
Servers
NOC/
SOC
DMZ
Internet Access
