What’s the Purpose of the Network?

ccde-written
Published

April 10, 2026

Overview

The network is the information highway for the business applications of today. For a business to be successful, its applications must be able to communicate properly between users, devices, data, databases, and other application components. This chapter examines how application models, service models, cloud strategies, and data management all tie back to a single purpose: enabling business success.

Business Applications

Application Models

Network designers need to understand how an application is built in order to properly design the network for that application. The following are the different application models in use today and their associated design elements.

  • Single-server model: The simplest application model, equivalent to running an application on a personal computer. All required components for the application to run exist on a single server.

  • 2-tier model: Similar to client/server architecture, where communication takes place between a client and a server. The presentation layer (user interface) runs on the client side, while the dataset layer is executed and stored on the server side. There is no intermediate application layer between client and server.

  • 3-tier model: The most common model at the time of writing. It has three distinct tiers:

    • Presentation: The front end of the application that all end users access. This is how a user sees and interacts with the application, often called the web tier or GUI tier. Its main function is to translate tasks and results into something the end user can understand.
    • Intermediate: The layer where all application functions and logic occur. It processes tasks, makes decisions, performs calculations, and moves data between the presentation and database layers. This is often referred to as the application or logic layer.
    • Database: Where information is stored and retrieved. Data is passed back to the intermediate layer and eventually back to the end user.

Breaking an application into different layers, as n-tier architectures do, allows network designers to design the network for each tier individually. Each layer may need its own load balancing, source NAT, DNS, source routing, and traffic engineering. This means more design work, but it produces a better purpose-built environment for each tier and allows the different layers to scale out as needed.

Table 1 shows the network design elements for each layer of the 3-tier model along with leading questions to help elicit the information needed for a proper design.

Table 1: 3-Tier Application Model Network Design Elements
Tier Traffic Pattern Network Design Elements Questions to Ask
Web tier End user and application layer access only. No database layer access. The web tier needs to be globally accessible for end users. Normally located in a DMZ. How are end users accessing the web tier globally? How are the web tier networks/IP addresses being routed? What is the web tier high-availability architecture? (Active/active, active/standby, anycast, etc.)
Application tier Web and database access only. No end user should ever access this tier directly. This tier is internally accessed only, so no external addresses or routing are needed. Load balancing should be implemented, but how depends on the other tier’s communication method with this tier (SNAT, NAT, Sticky, etc.). Normally located internally behind multiple security layers. How does the web tier communicate with the application tier? How does the database tier communicate with the application tier?
Database tier Application layer access only. No end user or web tier should have access. This tier is internally accessed only, so no external addresses or routing are needed. Normally located internally behind multiple security layers. How is replication being done between the different database member servers? How are database changes synchronized? This is especially critical when there are multiple data center locations.

Application Constraints and Requirements

As a network designer, there are a number of common application constraints and requirements to be aware of. These are topics a network designer should be asking about as a network is being designed to support an application. This is by no means an all-inclusive list.

  • Multicast: Usually leveraged between a cluster of servers to keep data synchronized, such as a backend database replication architecture, or as a transport mechanism for data streaming applications like IPTV and real-time stock market updates. In these situations, not having multicast breaks the application in question.

  • Layer 2 extension: Probably one of the most common network design requirements after an application has completed its development process. As the application is being deployed, it is quickly identified that the application servers do not communicate outside of their Layer 2 segments. It then becomes the network designer’s job to provide Layer 2 extension options that allow the application to function properly. This leads to bad network designs with large Layer 2 fault domains that are generally unreliable. Even though these are poor network design options, they do solve the application requirement and thus make the business successful. If there is a requirement to extend Layer 2, some of these limitations can be mitigated with overlay technologies while still allowing for an expanded Layer 2 environment.

  • Hardcoded items: These do happen, and that is why network designers need to know about them. Hardcoded items bring a security element into the mix with compliance controls and overall security requirements for the application. From a network design perspective, solutions like Network Address Translation (NAT), traffic engineering, and source routing can be leveraged to help mitigate this issue.

  • High availability: How an application is designed for high availability has a large impact on the network supporting it. Is the application in multiple locations, such as geographically separated data centers? If so, how is the application data synchronized between these locations? How do end users access the applications in each location? Is one location preferred over the other at all times (active/standby), or can the application be accessed from either location at any time (active/active)? What about load-balancing options? Is the application leveraging DNS load balancing or a physical load balancer? Does the application require the use of source NAT (SNAT) between its different application layers? There are many network design questions that must be asked and answered to properly facilitate a network design that makes the application successful.

When creating a network design whose goal is to make an application successful, it often comes down to applications and services being created incorrectly. Network designers have been forced to provide band-aid solutions like Layer 2 extension because of these problems. This is not solving the true issue of proper application development. We simply extend Layer 2 as a short-term solution that ends up becoming a permanent one. This is similar to hardcoding IP addresses and hostnames in application code.

To solve these issues, a network designer and a security specialist should be part of the team that builds and reviews an application, to ensure network design and security controls are properly considered. It is not fair to expect an application developer to know and understand the details of network design or security. Network designers have to help them, teach them, and show them.

If we want to change these situations, we need to be part of the creation process so we can explain the reasons to the business at those critical steps. A network designer can tell the business why they should not rely on a Layer 2 extension for the application, why they should not hardcode IP addresses, hostnames, usernames, and passwords in code, and why they should ensure security controls are implemented during the creation process. In the end, it all comes back to business decisions and the respective trade-offs.

Review Questions

1. Which of the following options is the correct application model for the statement “This is the simplest application model and it is equivalent to running the application on a personal computer”?

  1. 3-tier model
  2. Single-server model
  3. 2-tier model
  4. SaaS

b. The single-server model is the simplest application model, and it is equivalent to running the application on a personal computer. All of the required components for an application to run are on a single application or server.

2. Which of the following application models is like the client/server architecture?

  1. 3-tier model
  2. Single-server model
  3. 2-tier model
  4. SaaS

c. The 2-tier application model is like a client/server architecture, where communication takes place between client and server. In this model, the presentation layer or user interface layer runs on the client side while the dataset layer gets executed and stored on the server side.

3. Which of the following application models has web, application, and database layers?

  1. 3-tier model
  2. Single-server model
  3. 2-tier model
  4. SaaS

a. The 3-tier application model has three tiers or layers called presentation (also known as web), intermediate (also known as application), and database.

4. Which application model has three distinct tiers: presentation, intermediate, and database?

  1. Single-server model
  2. 2-tier model
  3. 3-tier model
  4. N-tier model

c. The 3-tier model is the most common application model and consists of three distinct tiers: the presentation (web/GUI) tier, the intermediate (application/logic) tier, and the database tier. The single-server model runs all components on one machine. The 2-tier model has only a client and a server with no intermediate layer.

5. Which application constraint is most commonly required when a cluster of servers needs to keep data synchronized?

  1. Layer 2 extension
  2. Hardcoded IP addresses
  3. Multicast
  4. Source NAT

c. Multicast is usually leveraged between a cluster of servers to keep data synchronized, such as in a backend database replication architecture. It is also used as a transport mechanism for data streaming applications like IPTV and real-time stock market updates.

Service Models

The different service models determine where the application is located and what elements of the application are owned and managed by the business. The following are the most common service models.

Note

There are other service models not covered in this section, such as Database as a Service (DBaaS), Compliance as a Service (CaaS), and Security as a Service (SECaaS). What is covered here are the most common service models at the time of writing.

  • On-premises: The service model where a business owns and manages an application. The business procures all of the infrastructure required to run the service and then fully manages, maintains, and operates it. In some situations, the management is outsourced but the infrastructure is procured and owned by the business.

  • Software as a Service (SaaS): A vendor makes its software available to users, usually for a monthly or annual subscription fee.

  • Platform as a Service (PaaS): A vendor provides hardware and software tools, and people use these tools to develop applications. PaaS users tend to be application developers.

  • Infrastructure as a Service (IaaS): A pay-as-you-go service model for storage, networking, and virtualization. IaaS gives users cloud-based alternatives to on-premises infrastructure, so businesses can avoid investing in expensive onsite resources.

Table 2: Service Model Comparison
Service Model Characteristics Advantages When to Use
On-premises Business owned and managed. Available locally. Hosted within the business’s server environment. Full control over all components of the application. When a business requires full control of all components within the application. Most often seen with security compliance and data classification requirements.
SaaS Available over the Internet. Hosted on a remote server by a third-party provider. Scalable, with service offerings based on need. No need to install and run software on any computer. Access to software can be from any device, at any time, with Internet connectivity. When a business wants an application to run with ensured availability but without the headache of maintaining that application at any level.
PaaS Accessible by multiple users. Scalable. Built on virtualization technology. Easy to run without extensive IT knowledge. Developers do not need to start from scratch when creating applications. When a business wants to create a unique application without spending a large amount of money or taking on all the responsibility.
IaaS Highly flexible. Highly scalable. Accessible by multiple users. Cost-effective. On-premises IT infrastructure is expensive. The business maintains control over the infrastructure. When a business requires complete control over its infrastructure and wants to operate on a pay-as-you-go basis.

Review Questions

6. Which service model is best used when a business requires full control of all components within an application?

  1. PaaS
  2. IaaS
  3. SaaS
  4. On-premises

d. On-premises is the service model where a business owns and manages the infrastructure. A business will procure all of the infrastructure required to run the service and then fully manage, maintain, and operate it. In some situations, the management is outsourced but the infrastructure is procured and owned by the business.

7. Which service model is best for application developers?

  1. PaaS
  2. IaaS
  3. SaaS
  4. On-premises

a. Platform as a Service (PaaS) is a service model where a vendor provides hardware and software tools, and customers use these tools to develop applications. PaaS users tend to be application developers.

8. Which service model is best if a business wants complete control over its virtual infrastructure but also wants to operate on a pay-as-you-go basis?

  1. PaaS
  2. IaaS
  3. SaaS
  4. On-premises

b. Infrastructure as a Service (IaaS) is a pay-as-you-go service model for storage, networking, and virtualization. IaaS gives users cloud-based alternatives to on-premises infrastructure, so businesses can avoid investing in expensive onsite resources.

9. Which service model is best if a business wants an application to run with ensured availability but does not want the headache of managing the application in any form?

  1. PaaS
  2. IaaS
  3. SaaS
  4. On-premises

c. Software as a Service (SaaS) is a service model where a vendor makes its software available to users, usually for a monthly or annual subscription service fee.

10. Which service model gives a business full control over all components of an application?

  1. SaaS
  2. PaaS
  3. IaaS
  4. On-premises

d. The on-premises service model is where a business owns and manages the application and all of its infrastructure. This gives the business full control over all components. This is most often seen with security compliance and data classification requirements.

11. Which service model is best described as a pay-as-you-go model for storage, networking, and virtualization?

  1. SaaS
  2. PaaS
  3. IaaS
  4. On-premises

c. Infrastructure as a Service (IaaS) is a pay-as-you-go service model for storage, networking, and virtualization. It gives users cloud-based alternatives to on-premises infrastructure so businesses can avoid investing in expensive onsite resources.

The Cloud

When a business starts planning to leverage cloud in any form, there are three use cases that network designers should consider throughout the design process:

  • Securely extending a private network to a single or multiple public cloud environments: Includes multiple clouds (for example, multiple AWS and Azure environments), multiple regions in a cloud, or multiple VPCs in a cloud; VPN; multi-cloud and multi-VPC connectivity; scaling; and performance optimization of transit VPC. Also supports extending data centers into the cloud and enabling direct branch-to-cloud connectivity.

  • Optimizing data center and branch connectivity performance to cloud IaaS and SaaS: Includes best path to a destination, cloud segmentation, monitoring to assure the best performance, visibility into traffic going to applications, and traffic shaping/Quality of Service (QoS). Also supports extending data centers into the cloud and enabling direct branch-to-cloud connectivity.

  • Securing access to the Internet and SaaS from the branch: Includes connecting and protecting branch office users directly to the multi-cloud environment using Direct Internet Access (DIA) and properly securing them.

Cloud Connectivity Models

When businesses start to leverage cloud in any form, be it public, private, hybrid, or multi-cloud, how the business connects to cloud environments is a topic for a network designer to address. There are multiple options, each with its own pros and cons.

Direct Cloud Access

Direct cloud access (DCA) allows a remote site to access SaaS applications directly from the Internet and through dedicated private connections. The cloud permits only the designated application traffic to use the directly connected Internet transport securely, while all other Internet-bound traffic takes the usual path, which could be through a regional hub, a data center, or a carrier-neutral facility (CNF). This feature allows the remote site to bypass the latency of tunneling Internet-bound traffic to a central site, subsequently improving the connectivity to the prioritized SaaS application. This feature is commonly referred to as Direct Internet Access (DIA). The edge router chooses the most optimal Internet path for access to these SaaS applications. Different applications could traverse different paths because the path selection is calculated on a per-application basis.

If any SaaS application path becomes unreachable or its performance score falls below an acceptable level, the path is removed as a candidate. If all paths fail to qualify because of reachability or performance, then traffic to the SaaS application follows the normal routed path (Figure 1).

SaaS
Application
SaaS...
Internet
Internet
ISP A
ISP ABranch
ISP B
ISP BData Center
DIA Site SaaS Traffic
DIA Site SaaS TrafficText is not SVG - cannot display
Figure 1: DCA/DIA Remote Site with DIA to Access SaaS Applications

Cloud Access Through a Gateway (Cloud Access Point)

Many businesses do not use DIA at the branch office, because either their sites are connected only by private providers (MPLS, VPLS, etc.) or centralized policy or security requirements do not permit it. They may use data centers, regional hubs, or even CNFs to enable Internet connectivity. In this case, SaaS traffic is tunneled to the best-performing gateway site, where it is subsequently routed to the Internet to reach the requested SaaS application service.

Note

Different remote sites and different applications may use different gateway sites and paths, depending on the application and measured application performance. Remote sites that use gateway sites for Internet access are referred to as client sites.

As shown in Figure 2, a branch office tunnels SaaS traffic to a gateway location and then uses the Internet at the gateway location to access the SaaS application.

SaaSApplicationInternetISP ABranchISP BData CenterGateway SiteSaaS TrafficIPsec Traffic
Figure 2: Cloud Access Through a Gateway

Hybrid Approach

It is possible to have a combination of DIA and client/gateway sites. When defining both DIA and gateway sites, SaaS applications can use either the DIA exits of the remote site or the gateway sites for any given application, depending on which path provides the best performance. DIA sites are, technically, a special case of a client site, but the Internet exits are local instead of remote.

Cloud Types

When selecting a cloud solution, there are a number of different types to choose from, each with its own associated benefits and limitations.

  • Private cloud: A private cloud consists of cloud computing resources used by one business. This cloud environment can be located within the business’s data center footprint, or it can be hosted by a cloud service provider (CSP). In a private cloud, the resources, applications, services, data, and infrastructure are always maintained on a private network and all devices are dedicated to the business.

  • Public cloud: The most common type of cloud computing. The cloud computing resources are owned and operated by a CSP. All infrastructure components are owned and maintained by the CSP. In a public cloud environment, a business shares the same hardware, storage, virtualization, and network devices with other businesses.

  • Hybrid cloud: The use of both private and public clouds together to allow a business to receive the benefits of both cloud environments while limiting their negative impacts.

  • Multi-cloud: The use of two or more CSPs, with the ability to move workloads between the different cloud computing environments in real time as needed by the business.

Table 3: Cloud Types Detailed Comparison
Cloud Type Control Maintenance Flexibility Scalability Migration Cost
Private cloud Most control High Least flexibility High scalability Hard migration High cost
Public cloud Least control None Flexibility High scalability Hard migration Lowest cost
Hybrid cloud Mix of both Medium Flexible Lowest scalability Ease of migration High cost
Multi-cloud Least control No maintenance for each CSP, but across the CSPs is high Most flexibility Highest scalability Hardest migration Highest cost

Cloud-Agnostic Architecture

A cloud-agnostic architecture is one that has no vendor-specific features and functionality that are proprietary. It focuses on leveraging the same cloud capabilities across different cloud providers regardless of vendor. When looking at cloud service providers and migrating applications to the cloud, there are three primary focus points within a cloud-agnostic architecture:

  • Portability: Moving to the cloud inherently provides a level of portability, but if not carefully architected, applications and services can lose their portability as they get locked into specific CSP services. Portability here specifically allows mobility between different CSPs with a proper abstraction layer.

  • Abstraction: Leveraging an abstraction layer within the cloud architecture allows for a decoupling from the underlying cloud-specific platform functionality, which provides a direct cost reduction and an increase in flexibility. For example, using this abstraction layer to seamlessly invoke the same cloud capability between cloud provider one and cloud provider two, when there are different mechanisms and processes to do so. In addition, this same capability could be proprietary, but using this abstraction layer mitigates a potential hardcoded proprietary service call.

  • Interoperability: Developing applications and services with cloud interoperability as a key priority means they will not be tied to a specific cloud feature set. This allows these applications and services to leverage different cloud platforms without major redevelopment or changes, specifically enabling a cloud-agnostic approach.

To achieve a cloud-agnostic architecture, network designers should consider adopting the following practices.

Decoupling

There are two perspectives to think about for decoupling. First, all applications should be designed to be inherently decoupled from the underlying cloud platform they are on. This can be accomplished by leveraging service-oriented architecture (SOA), which is discussed in detail later in this chapter. Second, all cloud components should be decoupled from the applications that leverage them.

Containerization

All applications should follow a containerized architecture. This is critical for cloud applications as well as on-premises data center applications. Ensuring all applications are developed with containerization in mind allows for real cloud adoption and portability. Container technology helps decouple applications from the cloud-specific environment, which provides an abstraction layer away from any of the CSP dependencies. The goal is to ensure that it is relatively easy to migrate applications between different cloud vendors if the mission requires it.

Agnostic Versus Proprietary Cloud Services

Each cloud service provider is different and has unique services, with its own avenues to provision them to customers. There is a need to provide a mechanism to differentiate where these specific services interact with applications while also allowing for the standardization of agnostic services. Figure 3 illustrates how you should plan to migrate applications to a CSP: clearly delineate between cloud-agnostic services (containers, orchestration, provisioning, monitoring, CI/CD, code, apps, services, security, source control) and cloud-proprietary services (platform infrastructure, availability services, security data, compute, storage, network).

CI/CDMonitoringAppsServicesSecuritySourceControlContainersOrchestrationAvailabilityCommuteServicesStorageSecurityNetworkDataCodeServicesPlatformInfrastructureProvisioningCloud-AgnosticServicesCloud-ProprietaryServices
Figure 3: Agnostic vs. Proprietary Cloud Services

Service-Oriented Architecture

To ensure a successful cloud-agnostic architecture, incorporating service-oriented architecture (SOA) is critical. SOA is a style of software design where services are provided to other parts of an application component through network communication protocols. The underlying principles are vendor and technology agnostic. In SOA, services communicate with other services in two ways: by simply passing data between the different services, or by logistically coordinating an activity event between two or more services. There are many benefits to SOA:

  • Code can be created so that it is reusable, which cuts down on time spent in the development process.
  • Developers can leverage multiple coding languages with SOA because it uses a central interface, which allows for flexibility and scalability within the software development cycle.
  • With SOA, a standard communication process is created that allows systems to function on their own and communicate effectively between them.
  • SOA is much more scalable, limiting client-server interaction, which allows for a direct increase in efficiency.

Cloud Containerized Architecture

Containerization is a large part of a cloud-agnostic architecture. The progression from a traditional on-premises deployment to a containerized cloud deployment covers three stages (Figure 4).

VirtualizationOperating SystemHardwareVMHypervisorOperatingSystemLibraryAppAppVMOperatingSystemLibraryAppAppContainerizationOperating SystemHardwareContainerContainer RuntimeLibraryAppAppContainerLibraryAppAppTraditionalOperating SystemHardwareAppAppAppApp
Figure 4: Progression from Traditional to Containerized Deployment

Traditional Deployment Architecture

Traditionally, organizations ran applications on physical servers. Multiple applications could be deployed on the same physical server, but there was no way to properly restrict resources or set up controls to govern application guidelines. Because of these issues, there were a number of allocation and performance problems. Most of the time, each physical server was dedicated to a single application because of these limitations. This increased cost and resources and limited overall scalability.

Virtualization Deployment Architecture

Virtualization allows for multiple virtual machines (VMs) to be deployed on a single physical server. Each VM is isolated from other applications with its own resources and security controls allocated to it individually. Virtualization allows for better utilization of resources on a physical server and scales better because applications (VMs) can be added and removed as needed depending on the required resources. Each VM runs all components that a physical server would run, such as the application and the operating system.

Container Deployment Architecture

Containers are similar to VMs but have less stringent isolation controls that allow them to share the operating system among other applications. Because of this, containers are lightweight. A container has its own file system and shares CPU time, memory, process space, and more. Because containers are decoupled from the underlying infrastructure, they are moveable between different fabrics as needed by the underlying business requirements.

Containers provide a number of benefits:

  • Agile application creation and deployment (CI/CD)
  • Separation of responsibilities between development and operational tasks
  • Real-time application-level health analytics
  • Standardization and consistency across all environments and enclaves
  • Real-time distribution with the capability to port into other operating systems and locations as required
  • Increased overall predictability of application performance and requirements
  • Increased resource efficiency

Cloud Application Strategy

As a business readies its applications for migration to the cloud, it is highly recommended that the business incorporate an application assessment process. As part of this process, an application assessment team should be created with the following roles and purposes:

  • Line of business owner: The business stakeholder for this application. They understand the application’s business role and impact, the implications of this application, and can appropriate business resources and priorities to this effort.

  • Security specialist, compliance auditor: The security team member in charge of security controls, compliance regulations, and auditing of code. These are critical roles that will direct decisions and actions from a risk management perspective for this application.

  • Application owner, application developer: The software engineering member responsible for this application. Creates code, modifies current code, and drives associated technical requirements for the application.

  • Network engineer, network designer, network architect: Facilitates the network resources to properly service the application based on the different requirements from the line of business owner, security specialist, and application owner.

Each application will have different requirements as it is being reviewed in this process. The team will need to properly identify what the application is dependent on and make appropriate decisions to ensure the application is ready for migration to the cloud environment.

The application assessment team will document everything that is discovered, decided on, and implemented for this application in an application binder (or run book). The application binder should include all requirements and where they originated from, all security controls and regulatory standards that this application must comply with, and where the application is in the migration process and what is needed for it to be successful.

Review Questions

12. Which cloud type has the highest cost?

  1. Hybrid cloud
  2. Private cloud
  3. Multi-cloud
  4. Public cloud

c. Multi-cloud is the use of two or more cloud service providers (CSPs), with the ability to move workloads between the different cloud computing environments in real time as needed by the business. It carries the highest cost.

13. Which cloud type is best if a business wants the most control possible?

  1. Hybrid cloud
  2. Private cloud
  3. Multi-cloud
  4. Public cloud

b. A private cloud consists of cloud computing resources used by one business. In a private cloud, the resources, applications, services, data, and infrastructure are always maintained on a private network and all devices are dedicated to the business, giving it the most control possible.

14. Which cloud type is best if a business wants to ease into a cloud computing environment over a long period of time?

  1. Hybrid cloud
  2. Private cloud
  3. Multi-cloud
  4. Public cloud

a. A hybrid cloud is the use of both private and public clouds together to allow a business to receive the benefits of both cloud environments while limiting their negative impacts. This makes it ideal for a business that wants to gradually transition into cloud computing.

15. Which cloud connectivity model allows a remote site to access SaaS applications directly from the Internet, bypassing the need to tunnel traffic to a central site?

  1. Cloud access through a gateway
  2. Hybrid approach
  3. Direct cloud access (DCA) / Direct Internet Access (DIA)
  4. Private cloud access

c. Direct cloud access (DCA), commonly referred to as Direct Internet Access (DIA), allows a remote site to access SaaS applications directly from the Internet. This bypasses the latency of tunneling Internet-bound traffic to a central site, improving connectivity to the prioritized SaaS application.

16. Which cloud type uses resources owned and operated by a CSP, where a business shares hardware, storage, and network devices with other businesses?

  1. Private cloud
  2. Public cloud
  3. Hybrid cloud
  4. Multi-cloud

b. A public cloud is the most common type of cloud computing. The cloud computing resources are owned and operated by a CSP, and in a public cloud environment, a business shares the same hardware, storage, virtualization, and network devices with other businesses.

17. Which cloud type provides the most flexibility and highest scalability but also carries the highest cost and the hardest migration?

  1. Private cloud
  2. Public cloud
  3. Hybrid cloud
  4. Multi-cloud

d. Multi-cloud provides the most flexibility and highest scalability because it leverages two or more CSPs with the ability to move workloads between them in real time. However, it also carries the highest cost and the hardest migration complexity.

18. Which three elements are the primary focus points of a cloud-agnostic architecture?

  1. Portability, abstraction, and interoperability
  2. Scalability, redundancy, and security
  3. Containerization, virtualization, and automation
  4. SOA, CI/CD, and IaC

a. The three primary focus points of a cloud-agnostic architecture are portability (mobility between different CSPs), abstraction (decoupling from underlying cloud-specific platform functionality), and interoperability (developing applications that are not tied to a specific cloud feature set).

19. Which software design style uses network communication protocols to provide services to other parts of an application component, with underlying principles that are vendor and technology agnostic?

  1. Containerization
  2. Service-oriented architecture (SOA)
  3. Infrastructure as code (IaC)
  4. Microservices

b. Service-oriented architecture (SOA) is a style of software design where services are provided to other parts of an application component through network communication protocols. The underlying principles are vendor and technology agnostic, making it a key enabler of cloud-agnostic architecture.

20. Which deployment architecture allows multiple virtual machines to run on a single physical server, each with its own resources and security controls?

  1. Traditional deployment
  2. Container deployment
  3. Virtualization deployment
  4. Single-server deployment

c. Virtualization deployment allows for multiple virtual machines (VMs) to be deployed on a single physical server. Each VM is isolated from other applications with its own resources and security controls allocated to it individually.

21. Which deployment architecture is lightweight because it shares the operating system among applications, and is decoupled from the underlying infrastructure?

  1. Traditional deployment
  2. Virtualization deployment
  3. Container deployment
  4. Single-server deployment

c. Container deployment is lightweight because containers share the operating system among other applications rather than each running their own. Containers are decoupled from the underlying infrastructure, making them moveable between different fabrics as needed.

Data Management

Data is the most critical resource that all other resources will be leveraging. We have to manage all data effectively, accurately, and securely so that these additional resources can properly leverage that data with ensured integrity, availability, and confidentiality. Data management lays the foundation for data analytics. Without good data management, there will be no data analytics. Data management can be broken down into 11 pillars:

  1. Data governance: The planning of all aspects of data management. This includes availability, usability, consistency, integrity, and security of all data within the organization.

  2. Data architecture: The overall structure of an enterprise’s data and how it fits into the enterprise architecture.

  3. Data modeling and design: The data analytics and the corresponding analytics systems. This includes the designing, building, testing, and ongoing maintenance of these analytics systems.

  4. Data storage and operations: The physical hardware used to store and manage the data within the enterprise.

  5. Data security: Encompasses all security requirements, controls, and components to ensure the data is protected and accessed only by authorized users.

  6. Data integration and interoperability: The transformation of data into a structured form to be leveraged by other systems and resources.

  7. Documents and content: All forms of unstructured data and the work necessary to make it accessible to the structured databases.

  8. Reference and master data: The process of managing data in a way that allows it to be redundant, and if there are any errors or mistakes, they can be normalized by standard values.

  9. Data warehousing and business intelligence: Involves the management and application of data for analytics and business decision making.

  10. Metadata: Involves all elements of creating, collecting, organizing, and managing metadata (data that references other data).

  11. Data quality: Involves the practices of data monitoring to ensure the integrity of the data being delivered is maintained.

For a true data management model, all of these pillars need to be included. Without one of these pillars, there is an area of data management that is not being addressed. For example, if there is no solution for metadata management, the business loses the ability to easily categorize data. Without data quality being ensured, all data is at risk and the analytics of that data becomes useless.

Review Questions

22. Which option is the proper data management pillar for the definition “The planning of all aspects of data management”?

  1. Data quality
  2. Data governance
  3. Data architecture
  4. Data security

b. Data governance is the planning of all aspects of data management. This includes availability, usability, consistency, integrity, and security of all data within the organization.

23. How many pillars make up a complete data management model?

  1. 5
  2. 7
  3. 9
  4. 11

d. A complete data management model consists of 11 pillars: data governance, data architecture, data modeling and design, data storage and operations, data security, data integration and interoperability, documents and content, reference and master data, data warehousing and business intelligence, metadata, and data quality.

24. Which data management pillar involves the planning of all aspects of data management, including availability, usability, consistency, integrity, and security?

  1. Data architecture
  2. Data governance
  3. Data quality
  4. Metadata

b. Data governance is the planning of all aspects of data management. This includes availability, usability, consistency, integrity, and security of all data within the organization.

25. Which data management pillar involves the practices of data monitoring to ensure the integrity of the data being delivered is maintained?

  1. Data governance
  2. Data security
  3. Data quality
  4. Reference and master data

c. Data quality involves the practices of data monitoring to ensure the integrity of the data being delivered is maintained. Without data quality being ensured, all data is at risk and the analytics of that data becomes useless.

Summary

What is the purpose of the network? To ensure business success. This chapter went into great detail on how a network designer can accomplish this. It covered how businesses rely heavily on the network and the corresponding services and applications riding on it. It also covered application and service models, showing how the location and architecture of the application or service directly affect the required network design elements.

In addition, this chapter highlighted the multitude of cloud options and the associated advantages of each option. It highlighted the preference for agnostic cloud services over proprietary cloud services, to ensure a business does not lock itself into a specific cloud service provider, and how adopting a service-oriented architecture can be beneficial to the business.

Last but not least, this chapter gave a quick overview of the importance of data and data management by highlighting the 11 data management pillars. Ensuring the confidentiality, integrity, and availability of a business’s data is paramount to the business’s success. If a business’s data is compromised, it can no longer make valid decisions on that data, which handicaps the business until the data is fixed.