While a data center network presents challenges, the design objectives are like what is depicted in the factory and shown for the ATM use case.

Whether it is an SD-WAN Client Connector, a Device running the Client Software, or an Operator with the Client Software on their laptop, the outbound connectivity requirement is the same to build management, control, and data plane connections. The uniqueness of this environment will come from the desired traffic flows. For example, are intermediary devices in the OT environment for sending data into the data center? Are operators based out of the data center going to need access to the factory DMZ?

1. As shown in the Cloud example, traffic sent to the data center via a Client Connector must be able to route to its destination. This effort is greatly simplified if the Client Connector is set up to NAT the overlay IP traffic. If it is not, then the overlay network will need to be advertised into the data center.
   1. The NAT option simplifies connectivity requirements but may not be desirable as it obfuscates the source IP address of the sending device.
   2. The routed option helps with visibility but requires routing to be present in the environment to support the forwarding of packets.
2. Consider the traffic flow for the Operator using their laptop to access a jump host in the DMZ at the factory. All that needs to be permitted here are the outbound connectivity flows. A secure tunnel will be built from the laptop to the Client Connector or Device running Client software, and the Operator can interact with target resources.