A zero trust networking approach to security is paramount for organizations looking to build a robust cybersecurity ecosystem today. Based on the premise of explicit trust, zero trust security ensures complete visibility and control over any enterprise network activity, regardless of which device, application, or user is accessing that resource. This approach avoids the concept of trust inside the network that connects to an untrusted network through a traditional firewall. It also eliminates the implicit trust associated with network location and instead places the onus on continuously monitoring all device and application access for mal-intent and then responding quickly. MSS-Group or MSS-G is a group based segmentation solution. It enables grouping endpoints independent of what VLAN/IP subnet they belong to. This allows endpoints from the same subnet to be classified in different groups or endpoints in different subnets to be part of the same group. This design and deployment guide will focus on MSS-G.

.Multi-Domain Macro-Segmentation Service Group (MSS-G)

Modern day applications deployed in the data centers have become multi-tiered and distributed. This has resulted in an increase in the amount of east-west traffic seen in the data centers. This includes traffic from physical-to-physical (P-to-P), virtual-to-virtual (V-to-V), and between physical and virtual (P-to-V) workload.

.Arista Networks Policy Control Service™ (PCS™)

The purpose of this guide is to provide an overview of the Arista WLAN solution and to offer guidance for network design, configuration and deployment best practices for campus environments.

.Campus WLAN Design and Deployment Guide

The intended audience of this guide is those who are already familiar with EVPN protocol and are planning for, deploying, or maintaining a EVPN based network fabric.

The Overview and Nomenclature sections of this guide are intended to serve as a reference for, and cover in detail, BGP, BGP-EVPN control-plane and VxLAN protocols. It is recommended that the reader has a sound comprehension of these technologies prior to planning and deployment.

The guide describes BGP Based EVPN All-Active Multihoming mechanisms, defined in RFC 7432, allowing network operators to provide resiliency for network system/link faults. If the reader encounters a topic or concept not well understood within the topology and deployment sections, it is recommended that they refer back to the Overview and Nomenclature sections of this document.

.EVPN Multihoming in Data Center Networks

Arista Universal Cloud Network (UCN) brings the designs and operational principles of the largest hyperscale cloud providers to the enterprise offering the highest levels of scale, reliability, and open automation coupled with rich observability and management through Arista CloudVision. UCN is designed to address network requirements from 10s of racks to 1000s with a consistent operating model.

This paper provides deployment guidelines and best practices for customers who want to realize the operational benefits of a hyper converged solution from Dell EMC can couple this with best-in-class data center networking options from Arista.

.EOS-VxRail Deployment Guide

In modern data center environments, the concept of ‘secure the perimeter’ has become effectively irrelevant. Due to the distributed nature of applications with a variety of interaction models, whether it is cross cluster communication or application to database queries etc, the East-west traffic patterns are dominating in the data center. It is no longer sufficient to just have a firewall for north-south traffic to protect the data center. Arista Macro-Segmentation Service addresses a growing gap in security deployment models wherein embedded security in the virtualization hypervisor addresses inter-VM communication and physical firewalls address at-depth protection for north-south traffic leaving the data center.

. Macro-Segmentation Service™ (MSS™) Design & Deployment Guide with Layer-3 Firewalls

The intended audience of this guide is those who are planning for, deploying, or maintaining a Data Center network leveraging a VXLAN data-plane with an EVPN control-plane.

The Overview and Nomenclature sections of this guide are intended to serve as a reference for, and cover in detail, the VXLAN dataplane and EVPN control-plane protocols. It is recommended that the reader has a sound comprehension of these two technologies prior to planning and deployment.

The content found within the topology and deployment sections assumes that the reader is comfortable with VXLAN and EVPN concepts. As such, detail around configuration, deployment recommendations, and validation will be provided. If the reader encounters a topic or concept not well understood within the topology and deployment sections, it is recommended that they refer back to the Overview and Nomenclature sections of this document.

. EVPN Deployment Guide

The Arista Cognitive Campus Design Guide is based upon common use cases seen from real customers. The CCN Design guide shows a set of solutions, features, and applications that are leveraged to meet the customer’s demands. This design guide provides information concerning Arista Networks technology solutions.

. Arista Cognitive Campus Design Guide

This document shares knowledge and strategies gained from existing CVP deployments and focuses on ways that our customers are utilizing CVP to accomplish operational tasks. The examples discussed are meant to provide general guidance with the understanding that all environments are unique and vary based on situation.

. Arista CloudVision Portal (CVP) for Day 2 Network Operations Design Guide

The intention of this guide is to provide a systematic and well thought out series of steps to assist the reader with the design and deployment of a Layer 2 Leaf and Spine (L2LS) topology. The example deployment is based on a design which meets a set of prede ned requirements as listed in the System Requirements section of this guide. This guide was written for network engineers, administrators and cloud architects but can be informative to any role dealing with layer 2 networking. A good working knowledge of networking principles is assumed.

. Layer 2 Leaf & Spine Design and Deployment Guide