The centralization of access to shared services provides a common point of policy enforcement and control for all VPNs. This is referred to as the services edge functional area. Services edge has more of a logical than a physical meaning. In a specific network design, the point of policy enforcement can be physically located in a specific area of the network, but in certain cases, it might also be spread around the network. For related information, see the following documents: • Network Virtualization—Guest and Partner Access Deployment Guide (OL-13635-01) • Network Virtualization—Network Admission Control Deployment Guide (OL-13636-01) • Network Virtualization—Path Isolation. | Network Virtualization Services Edge Design Guide The centralization of access to shared services provides a common point of policy enforcement and control for all VPNs. This is referred to as the services edge functional area. Services edge has more of a logical than a physical meaning. In a specific network design the point of policy enforcement can be physically located in a specific area of the network but in certain cases it might also be spread around the network. For related information see the following documents Network Virtualization Guest and Partner Access Deployment Guide OL-13635-01 Network Virtualization Network Admission Control Deployment Guide OL-13636-01 Network Virtualization Path Isolation Design Guide OL-13638-01 Contents Introduction 2 Services Edge Document Scope 4 Unprotected Services 4 Protected Services 5 Integrating a Multi-VRF Solution into the Data Center 5 Shared Services Implementation in the Data Center 8 Shared Internet Access Virtualized Internet Edge Design 11 Firewall in Routed Mode 15 Firewall in Transparent Mode 16 Centralized Web Authentication Services 17 Cisco Clean Access 19 1111 111 CISCO. Americas Headquarters Cisco Systems Inc. 170 West Tasman Drive San Jose CA 95134-1706 USA 2007 Cisco Systems Inc. All rights reserved. Introduction Introduction The term network virtualization refers to the creation of logical isolated network partitions overlaid on top of a common enterprise physical network infrastructure as shown in Figure 1. Figure 1 Network Virtualization Each partition is logically isolated from the others and must provide the same services that would be available in a traditional dedicated enterprise network. This essentially means that the experience of the end user is that of being connected to a dedicated network that provides privacy security an independent set of policies service level and even routing decisions. At the same time the network administrator can easily create and modify virtual work .