cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
464
Views
5
Helpful
1
Replies
Highlighted
Beginner

Service Layer design

Dear guys

hi

i have a question about service layer in datacenter

as i see, servers that want to get services to Internet (out of DC block) placed in service layer and behind the WAF/IDS/IPS, and other servers that just get service to DC block, placed in Access (server farm) layer.

tell me plz, this type of design is accurate or not?

because i heard, all servers should stay in Access (server farm) layer and those should get service to Internet (out of DC block), should be place behind another firewall.

 

Best Regatds

Reza

1 REPLY 1
Highlighted
Cisco Employee

Reza, Hello!

 

Your understanding is correct. In a typical Datacenter design, all the devices that need access to the Internet or any external networks must be placed inside the Demilitarized zone (DMZ), which is a seperate layer constructed in-between the Datacenter LAN and public/external networks.

 

Best Regards,

Santhosh

Content for Community-Ad