Updated on 2025-05-22 GMT+08:00

SEC04-01 Partitioning the Network

Network partitioning splits a network into separate areas to isolate sensitive traffic and resources, enhancing overall security.

  • Risk level

    High

  • Key strategies

    Network partitioning can:

    • Isolate sensitive data: Sensitive data and applications are isolated in independent network partitions to reduce the risk of unauthorized access.
    • Provide scalability: Partitioning and layering help manage and scale complex network architectures, making maintenance and expansion easy.
    • Limit network traffic: Controlling communication traffic between different network partitions ensures that only authorized traffic can flow.
    • Improve performance and availability: Network partitioning helps optimize network performance and availability, and avoid network congestion and single points of failure (SPOFs).

    Define the border of each partition and allocate addresses to each network partition for easy management and control. For example, for a web workload, you can create a web area, an app area, and a data area. The most important border lies between the public network (Internet) and your internal applications. This border is the first line of defense for your workloads. Huawei Cloud VPCs and subnets can be used to establish borders for each network partition.

    • VPC planning: Specify a proper CIDR range for a VPC to determine its IP address range.
    • Subnet planning: Create multiple subnets in a VPC and deploy different resources in different subnets.
  • Related cloud services and tools

    Virtual Private Cloud (VPC)