061
ENTERPRISE SECURITY BLUEPRINT
APPENDIX
A
Access Network design
pattern – Dedicated
Access Network
Figure A-F
Figure A-f: Access Network design pattern – Dedicated Access Network
DATA CENTER
PRODUCTION
SERVERS
SENSITIVE
SERVERS
MPLS
INTERNET
PRODUCTION
LAN
INTERACTIONS
LAN
INTERNAL
SERVERS
as an enforcement point. Many organizations further segment physical locations
(e.g., between campus buildings or between floors in an office building )
End-users often need access to services outside of the organization. All access to
the external environment (e.g., Internet, Wifi) should be controlled
There are several design patterns for Access Networks that are commonly found in enterprises.
These design patterns may be combined in a single organization on a case-by-case basis.
Dedicated Access Network
The Dedicated Access Network design pattern corresponds to the server segmentation
model described for the data center. End-user workstations are grouped according to their
functions and are allowed to connect to fu ction-specific servers. For xample, production
floor workstations may be connected to manufacturing applications, while being denied access
to external services.
