The Internet edge network infrastructure provides connectivity to the Internet and acts as the gateway from the enterprise to cyberspace. A modular building-block design approach helps enable flexibility in network design to meet the needs of customers and businesses of differing sizes and requirements.

The Internet edge infrastructure serves most areas of the enterprise network, including the data center, campus, and remote branches. The proper design and implementation of the Internet edge infrastructure is crucial to help ensure the availability of Internet services to all enterprise users.

The Internet edge infrastructure includes the following functional elements:

• Service provider (SP) edge
• Corporate access and demilitarized zone (DMZ)
• Remote access VPN
• Edge distribution
• Branch backup

The Internet edge enables many essential Internet-based services, and providing these services in a highly secure manner is essential to business continuity and availability. This design guide presents best practices for securing these services in the Internet edge context.