Uber-EE experts please - Design considerations R&D lab environment

Posted on 2006-03-22
Last Modified: 2010-04-18

I need design considerations, white papers, links, etc. on setting up a separate R&D lab environment.  Any and all ideas welcome.

My plan is to get ideas and consensus and then move forward.

Basically the scenario is that I have an R&D/Engineering department that is wanting to do some software development for some hardware appliances we are manufacturing.  I would like them to be "separate but same", basically letting them do whatever they want in their own test environment, but still have some access (restricted to what is needed) back into the production domain network, such as internet access, file/print access, and maybe a little more.

I have Extreme Networks x450 switches for the networking side, and Juniper SSG-520's (2) for the firewall/routing side, so I can do things like VLAN's, MAC/port lockdown, 802.1X, etc. as needed.

So again, feel free to comment...I'll pick the best answers/comments and split the points accordingly.

(I'd love to assign 1500 points for this, but the rules state 500...sorry)
Question by:TheCleaner
    LVL 8

    Assisted Solution

    Simple enough to do. You can seperate them using VLAN's.
    The rest of them controling access you should do using ACL's. this iwll let you access only the things you want them to have access to
    My philosophy is KISS (Keep it simple stupid) when create test labs. Of course the complexity of the lab and size are real considerations too.
    LVL 27

    Accepted Solution

    >>I would like them to be "separate but same", basically letting them do whatever they want in their own test environment, but still have some access (restricted to what is needed)

    A sandbox.

    I'm not familiar with the Juniper box as a firewall - but that's all you need.

    Lab Net
    Production Net

    On your firewall you define rules allowing access from the lab to the production net for specific needs - Internet, file sharing, DNS, DHCP, etc.
    LVL 51

    Assisted Solution

    by:Keith Alabaster
    I agree about the 'keep it simple'. As 90% of our storage is SAN based, we needed to keep things quite tightly integrtaed. We simply created a new AD forest for our Model Office and then made a one-way trust between the Model AD and the Production AD. They can copy data down from the Prod network etc but they cannot write anything up but they can share the Internet connections/VPN services etc with no real aggravation.
    LVL 23

    Author Comment

    Thanks guys...
    LVL 51

    Expert Comment

    by:Keith Alabaster
    :) if you decide you need more later, just add to this thread.
    LVL 23

    Author Comment

    I will, thanks...

    Write Comment

    Please enter a first name

    Please enter a last name

    We will never share this with anyone.

    Featured Post

    6 Surprising Benefits of Threat Intelligence

    All sorts of threat intelligence is available on the web. Intelligence you can learn from, and use to anticipate and prepare for future attacks.

    by Batuhan Cetin Within the dynamic life of an IT administrator, we hold many information in our minds like user names, passwords, IDs, phone numbers, incomes, service tags, bills and the order from our wives to buy milk when coming back to home.…
    Learn about cloud computing and its benefits for small business owners.
    It is a freely distributed piece of software for such tasks as photo retouching, image composition and image authoring. It works on many operating systems, in many languages.
    This video discusses moving either the default database or any database to a new volume.

    779 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    18 Experts available now in Live!

    Get 1:1 Help Now