@@ -376,7 +376,16 @@ How the IDP has set up in the network context is relevant to this document as it
**Figure 4.4.2.2-1: Telecom network**
- Large enterprise network
A telecom network inherits the most of the components of an office network, with the obvious added complexity of everything.
The provided services needs to handle more load, the identity providers are often used to create segmentation and redundancy, and the routers and switches can be basesations serving thousands of users simultaneously.
The division of northbound and southbound describes the abstraction levels, where towards south, one has the hardware that is controlled, and towards north, there are applications and users controlling the network.
The supporting services, internal and third party, are often modelled as east-westbound, depending on the objectives of the modelled architecture. In the above figure, SIEM is an example service that is adjacent to the NMS, and is often used in modern deployments.
It is not uncommon to have a in-house Public Key Infrastructure (PKI), that declares it's own Certificate Authority or authorities, that are deployed to managed machines within the company.
How many, and how the CAs are used dependents on design of the network.
The NMS can even provide its own certifactes to the devices to form an independent and segregated trust ring.
