Wednesday, November 12, 2014

Chapter 1: Hierarchical Network Designs Part 2

Cisco's Enterprise Architecture Modules


©2014 Cisco Press, Connecting Networks Companion Guide
These are different modules laid out by Cisco.

Enterprise campus module

 

consists of a building or groups of buildings on an enterprise network within a fixed geographic area.

Consists of sub-modules:
  • Building Access- Same as the access layer but applies the whole building.
  • Building Distribution- Same as the distribution layer but applies to the whole building.
  • Campus Core- Same as the core layer but applies to the whole building.
  • Server Farm/ Data Center- Data center module connected directly to the Campus core layer.
The Building access, Building Distribution, and Campus Core sub modules are collectively called the Campus Infrastructure Module. These sub-modules provide high availability, integrate IP communications/mobility/advanced security, Uses multicast traffic and QoS to optimize traffic, and provides increased security and flexibility using access control management, VLANs, and IPSec VPNs.

The Data Center module provides high capacity connectivity between server resources and users. It also includes network management services. Consists of internal email, application, file, print and Domain Name System (DNS) services.

The enterprise campus module provides; high availability with multilayer design, redundant hardware and software, automated failover, and integrated security.

Cisco Enterprise Edge Module

 

Provides connectivity for voice, data, and video services outside the enterprise. Acts as a barrier between the Enterprise Campus Module and other external modules. In plain terms it acts as the DMZ.

Consists of sub-modules:
  • E-commerce networks and servers module supports E-commerce applications. Designed for high-availably. Devices in the sub module are web, application, and database servers; firewall and firewall routers; and network intrusion prevention systems (IPS). In plain terms it's a datacenter accessible on the web so it's coated in security.
  • Internet connectivity and DMZ module provides secure connectivity to internet services: public servers, email and DNS. The module is able to connect using multiple ISPs. Devices included are firewalls and firewall routers, internet edge routers, FTP and HTTP servers, SMTP relay servers, and DNS servers.
  • Remote access and VPN module provides remote access termination services, including authentication. Devices included are firewalls, dial-in access concentrators, Cisco Adaptive Security Appliances (ASA) and network intrusion prevention system (IPS) appliances.
  • WAN module provides WAN technologies for routing traffic between remote sites and the central site. Technologies included are Multiprotocol Label Switching (MPLS), Metro Ethernet, leased lines, Synchronous Optical Network (SONET) and Synchronous Digital Hierarchy (SDH), PPP, Frame Relay, ATM, cable, digital subscriber line (DSL), and wireless.  (what this book/class teaches)

Service Provider Edge Module

 

Provides connectivity between the Enterprise Edge module and the remote enterprise data center, enterprise branch, and enterprise teleworker modules. Includes internet service providers (ISPs), WAN services, and public switched telephone network (PTSN) services. This module allows connectivity over long distances, converges voice/data/ video services over a single IP communications network, supports QoS and service level agreements, and supports security using VPNs (IPsec / MPLS) over layers 2 and 3 WANS.

Redundancy options:

  • Single-homed- A single connection to a single ISP
  • Dual-homed- Multiple connections to a single ISP
  • Multihomed- A single connection to multiple ISPs
  • Dual-Multihomed- Multiple connections to multiple ISPs
©2014 Cisco Press, Connecting Networks Companion Guide
©2014 Cisco Press, Connecting Networks Companion Guide

Remote Functional area

 

To try to confuse people, instead of having this area like the others where it would be called the remote module with sub modules, this is a "Functional area" that has modules in it. The remote functional area is about remote locations connecting through the SP edge module to the Enterprise Campus Module. The Enterprise Branch Module, Enterprise Teleworker Module, and the Enterprise Data Center Module are in this functional area.

Enterprise Branch Module


Allows employees at remote branches to connect securely to the Enterprise Campus. The locations are typically in charge of providing security, telephony, and mobility options to workers. Requires the SP edge module to connect to the Enterprise Campus module.

Enterprise Teleworker

Responsible for providing connectivity to workers who operate in different locations including, home offices, hotels, or client sites. Recommended to connect using local ISP or DSL. Use VPN service for security. Worker gains access to Enterprise Campus resources securely and cheaply.

Enterprise Data Center

 

Same as the campus data center but at a remote location which provides an added layer of security should disaster recovery be necessary.

This chapter will be continued in Part 3.
Posted by at
Labels: ,

No comments :

Post a Comment

Subscribe to: Post Comments ( Atom )