A Chief Information Officer wants to ensure that network devices cannot connect to the public Internet and the local network to directly perform firmware updates. The IT team must manually perform the update process by using a portable device. Which of the following architecture types best fits this description?

Microservices architecture involves breaking down applications into smaller, independent services that communicate over the network. While it promotes flexibility and scalability, it does not inherently restrict network access or prevent devices from connecting to the Internet. Therefore, it does not meet the requirement of isolating network devices from public or local networks for firmware updates.

Software-defined networking (SDN) focuses on managing network resources through abstraction and centralized control. Although SDN can implement security policies, it does not inherently provide the isolation required to physically separate devices from external networks for firmware updates. Consequently, it does not meet the criteria of preventing direct connections to the Internet or local network.

Serverless architecture allows developers to build and run applications without managing the underlying infrastructure. While it simplifies deployment and scaling, it does not address the specific need for network isolation to protect devices from unauthorized access during firmware updates, making it unsuitable in this context.