Networks come in different sizes and shapes. Physical requirements for networks are designed around the physical environment, number of users, and endpoints. This includes network topologies, Layer 2 or Layer 3 networking, and foundational network services. In addition, networks must be able to support the applications needed to support business operations. The building blocks for a network’s physical infrastructure include the following:

• Core or backbone network—This network aggregates network connections. The backbone network acts as the primary highway that aggregates the data center, local area networks (LANs), and the wide area network (WAN) together. The primary function of a backbone network is to provide high-speed connections to the organization’s systems and applications. This includes Internet access as well.
• Wide area network—This network supports long-distance network connections. An example of a multisite WAN is Multiprotocol Label Switching (MPLS). Service providers offer different WAN services including MPLS, Metro Ethernet, and point-to-point fiber connections. Servers hosted in a cloud environment also need a WAN for connectivity.
• Data center network—This network connects a backbone network to its servers. This can be a server farm, a virtualized server environment, or cloud-hosted servers. A data center network supports high-speed and redundant connections to the backbone network. Hosted servers in a cloud environment require a WAN connection to the cloud infrastructure.
• Distribution network—This network extends the network connection from the backbone network to outer lying points in the network such as a wiring closet. Wiring closets typically need high-speed distribution network connections because they aggregate network traffic from the department or end point locations.
• Edge network—This network provides endpoint or workstation connections to the distribution network. This includes wireless access point connections where mobile devices are part of the edge network.
• Demilitarized zone (DMZ)/virtual local area network (VLAN)—This network is a public-facing network segment. It is usually a VLAN configured from a router, switch, or firewall and has public-facing Internet Protocol (IP) addresses. A DMZ/VLAN acts as the gateway for remote users. Remote access is supported via Internet Protocol Security (IPSec) virtual private network (VPN) connections with multifactor authentication.

FIGURE 9-1 shows a sample physical network infrastructure. This infrastructure has a public-facing DMZ/VLAN with IP addresses that can be seen on the Internet. A VPN firewall terminates the remote IPSec VPN connection where the encrypted tunnel is connected.