• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 226
  • Last Modified:

Uber-EE experts please - Design considerations R&D lab environment


I need design considerations, white papers, links, etc. on setting up a separate R&D lab environment.  Any and all ideas welcome.

My plan is to get ideas and consensus and then move forward.

Basically the scenario is that I have an R&D/Engineering department that is wanting to do some software development for some hardware appliances we are manufacturing.  I would like them to be "separate but same", basically letting them do whatever they want in their own test environment, but still have some access (restricted to what is needed) back into the production domain network, such as internet access, file/print access, and maybe a little more.

I have Extreme Networks x450 switches for the networking side, and Juniper SSG-520's (2) for the firewall/routing side, so I can do things like VLAN's, MAC/port lockdown, 802.1X, etc. as needed.

So again, feel free to comment...I'll pick the best answers/comments and split the points accordingly.

(I'd love to assign 1500 points for this, but the rules state 500...sorry)
3 Solutions
Simple enough to do. You can seperate them using VLAN's.
The rest of them controling access you should do using ACL's. this iwll let you access only the things you want them to have access to
My philosophy is KISS (Keep it simple stupid) when create test labs. Of course the complexity of the lab and size are real considerations too.
>>I would like them to be "separate but same", basically letting them do whatever they want in their own test environment, but still have some access (restricted to what is needed)

A sandbox.

I'm not familiar with the Juniper box as a firewall - but that's all you need.

Lab Net
Production Net

On your firewall you define rules allowing access from the lab to the production net for specific needs - Internet, file sharing, DNS, DHCP, etc.
Keith AlabasterCommented:
I agree about the 'keep it simple'. As 90% of our storage is SAN based, we needed to keep things quite tightly integrtaed. We simply created a new AD forest for our Model Office and then made a one-way trust between the Model AD and the Production AD. They can copy data down from the Prod network etc but they cannot write anything up but they can share the Internet connections/VPN services etc with no real aggravation.
Free recovery tool for Microsoft Active Directory

Veeam Explorer for Microsoft Active Directory provides fast and reliable object-level recovery for Active Directory from a single-pass, agentless backup or storage snapshot — without the need to restore an entire virtual machine or use third-party tools.

TheCleanerAuthor Commented:
Thanks guys...
Keith AlabasterCommented:
:) if you decide you need more later, just add to this thread.
TheCleanerAuthor Commented:
I will, thanks...

Featured Post

Concerto Cloud for Software Providers & ISVs

Can Concerto Cloud Services help you focus on evolving your application offerings, while delivering the best cloud experience to your customers? From DevOps to revenue models and customer support, the answer is yes!

Learn how Concerto can help you.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now