2.2- Application Scheme Generation

In the previous test, NCE-Fabric gathered all the application intents along with the defined interconnection requirements. Based on this input, it suggested several deployment options for each application and for the inter-application connectivity. The user could then choose the suitable option depending on user-specific design goals or operational constraints.

For App3, which consisted of two security zones and three services, NCE-Fabric proposed two deployment solutions. In Solution 1, the system grouped services into two Virtual Private Clouds (VPCs), each representing one security zone. A shared logical gateway connected both zones, enabling inter-zone communication. This solution was optimized for large-scale environments, balancing resource efficiency with centralized policy control.

In Solution 2, NCE-Fabric deployed three separate VPCs, assigning each service to its own isolated security zone. Communication between VPCs was configured based on the defined application intent. For instance, where the intent permitted communication between services in different zones, NCE-Fabric established routing paths accordingly. This solution provided strict isolation by default and selectively enabled inter-zone communication through explicitly defined interconnection logic, trading increased resource usage for greater segmentation and control.

For App1 and App2, NCE-Fabric provided a single deployment option in each case, as both applications were simple in structure, consisting of a single service within a single security zone.

After selecting the preferred deployment solution, we moved to the solution generation step. In this phase, the user specifies the server-facing interfaces on the leaf switches where the application will be deployed and assigns a VLAN tag to classify the traffic. For inter-application connectivity, the user also defines which subnets are permitted to communicate between the security zones.