What is enterprise networking?

An enterprise network privately connects branch offices, internal data centers, and employee devices. Today, enterprise networking is rapidly evolving.

学习目标

阅读本文后,您将能够:

  • Explain basic enterprise networking concepts
  • Contrast old enterprise networking models vs. new ones like secure access service edge (SASE)
  • Understand how Cloudflare supports enterprise networking

复制文章链接

What is enterprise networking?

A network is a group of connected computers, and an enterprise network is such a group constructed to serve the needs of a large business. Enterprise networks are composed of local area networks (LANs) that in turn connect to wide area networks (WANs) and the cloud.

In an enterprise setting, data centers, branch offices, public and private clouds, Internet of Things (IoT) devices, and the individual employees of an organization all need reliable network connections. These connections enable enterprises to exchange data, run business processes, and analyze what happens on the network — essentially, the network makes running the business possible.

Unlike the Internet, enterprise networks are not open to anyone who wants to connect. Enterprise networks limit connectivity to specific users, devices, and facilities. They often encrypt the data that passes over them by using virtual private networks (VPNs) or Transport Layer Security (TLS) encryption.

Enterprise networking is also distinct from other types of networking because of its scale. The average person may have access to a home LAN that connects a few devices to the Internet via a single router. But enterprises run internal networks that connect thousands of devices to each other and to the Internet. (Some enterprise networks are large enough and connected enough to be assigned an autonomous system number, or ASN — learn more about ASNs.)

How does enterprise networking work?

For many years, the main focus for enterprise networks was connecting everyone and everything to the on-premise, self-hosted centralized data centers where data was saved and applications ran. This access was provided by connecting users and devices to the LAN in the corporate office. Each office's LAN was connected to the other offices via a large enterprise WAN, usually constructed via dedicated multiprotocol label switching (MPLS) routes.

Hub-and-spoke network model, traffic through central data center

Enterprise networking infrastructure was comprised of physical appliances, connected to each other and to personal computers, printers, and IoT devices through a combination of Ethernet cables and WiFi signals. The networking appliances used included:

  • Routers send data from one network to another, enabling network-to-network connections and Internet access.
  • Switches forward data within a network to individual devices.
  • Gateways provide connections between different networks using multiple protocols and at multiple layers of the OSI model.
  • Firewalls process all traffic coming into and out of a network to block potential attacks.
  • Load balancers distribute network traffic among multiple servers in a data center to ensure no server becomes overloaded (load balancers can do the same for web applications).
  • VPN servers establish and terminate VPN connections to provide secure access to the internal network.

Often, connecting to the enterprise network required connecting to a VPN. The VPN encrypted traffic between the user and the VPN server, at which point the user could access the internal LAN.

How enterprise networking is changing

Enterprise networking today is very different from how enterprise networking worked just a few years ago. A combination of cloud migration and new security challenges has made the enterprise networking model described above ill-suited to the needs of a modern business, even though it is still in use by many organizations.

Employees are now likely to connect to the network from both inside and outside the office. They connect to the cloud and on-premise data centers (a hybrid cloud model), or exclusively to the cloud. This makes centralized networking infrastructure inefficient, because the network becomes a bottleneck for traffic flowing to and from the cloud.

Data center becomes bottleneck for cloud traffic. MPLS connections between data center, offices, remote users.

In addition, many of the hardware appliances described above are now available as software or as virtualized cloud services. Scaling up a network using hardware-based infrastructure requires purchasing and activating more hardware. But scaling up a network using software-based infrastructure (like an SD-WAN) is possible with inexpensive commodity hardware instead of vendor-specific hardware. And scaling up using cloud infrastructure (for example, if NaaS is used — see below) is as simple as purchasing more services from the cloud vendor.

With all these ongoing trends, an efficient, modern enterprise network architecture might look more like this:

Data center becomes bottleneck for cloud traffic. MPLS connections between data center, offices, remote users.

Gartner, a global research and advisory firm, coined the term secure access service edge (SASE) to describe this new networking model. In SASE, networking services are tightly integrated with security services, and network access is no longer centralized in a handful of physical locations.

SASE incorporates several technologies and services into one platform:

  • Software-defined WAN (SD-WAN): An SD-WAN allows for the use of several different connection methods in addition to MPLS.
  • Secure web gateway (SWG): An SWG filters threats out of web traffic regardless of where employees are connecting from.
  • Firewall-as-a-service (FWaaS): FWaaS is a cloud-based firewall that takes the place of the old hardware-based firewalls used by traditional enterprise networks.
  • Cloud access security broker (CASB): CASB combines several security functions for cloud-based applications and infrastructure.
  • Zero Trust Network Access (ZTNA): ZTNA prevents data breaches by continually verifying users and devices, and by only allowing access on an as-needed basis.

Together, these technologies make effective contemporary enterprise networking possible. However, most enterprises today are still caught between the old model and the new one, so full SASE adoption by the market will take some time.

Since many enterprises still rely partially on legacy on-premise infrastructure, they need to make sure they implement a SASE platform that can work with both traditional data centers and the cloud.

What is enterprise network-as-a-service (NaaS)?

Network-as-a-service (NaaS) is a cloud service model in which enterprises rent networking services from a cloud provider instead of constructing their own networks. NaaS can help enterprises replace on-premise hardware, MPLS network connections, and other legacy configurations with virtualized infrastructure.

What is enterprise network security?

Enterprise network security is the process of defending networks and the data within them from external attacks and internal compromise. Traditionally, this involved defending the network perimeter via firewalls, intrusion prevention systems (IPS), and other security products. However, the network perimeter is far less clearly defined because of cloud migration and the rise of remote work, and defending the network perimeter alone is no longer sufficient for stopping attacks.

Today, enterprise network security incorporates identity and access management (IAM), data loss prevention (DLP), ZTNA, and other technologies. Learn about network security in more depth.

How does Cloudflare support enterprise networking?

Enterprises need a way to quickly move to a SASE networking model. Cloudflare One provides network connectivity with built-in Zero Trust security. It is infrastructure-agnostic, integrating easily with any cloud provider and with on-premise infrastructure. Learn more about Cloudflare One.