Uber-EE experts please - Design considerations R&D lab environment


I need design considerations, white papers, links, etc. on setting up a separate R&D lab environment.  Any and all ideas welcome.

My plan is to get ideas and consensus and then move forward.

Basically the scenario is that I have an R&D/Engineering department that is wanting to do some software development for some hardware appliances we are manufacturing.  I would like them to be "separate but same", basically letting them do whatever they want in their own test environment, but still have some access (restricted to what is needed) back into the production domain network, such as internet access, file/print access, and maybe a little more.

I have Extreme Networks x450 switches for the networking side, and Juniper SSG-520's (2) for the firewall/routing side, so I can do things like VLAN's, MAC/port lockdown, 802.1X, etc. as needed.

So again, feel free to comment...I'll pick the best answers/comments and split the points accordingly.

(I'd love to assign 1500 points for this, but the rules state 500...sorry)
LVL 23
Who is Participating?
>>I would like them to be "separate but same", basically letting them do whatever they want in their own test environment, but still have some access (restricted to what is needed)

A sandbox.

I'm not familiar with the Juniper box as a firewall - but that's all you need.

Lab Net
Production Net

On your firewall you define rules allowing access from the lab to the production net for specific needs - Internet, file sharing, DNS, DHCP, etc.
Simple enough to do. You can seperate them using VLAN's.
The rest of them controling access you should do using ACL's. this iwll let you access only the things you want them to have access to
My philosophy is KISS (Keep it simple stupid) when create test labs. Of course the complexity of the lab and size are real considerations too.
Keith AlabasterEnterprise ArchitectCommented:
I agree about the 'keep it simple'. As 90% of our storage is SAN based, we needed to keep things quite tightly integrtaed. We simply created a new AD forest for our Model Office and then made a one-way trust between the Model AD and the Production AD. They can copy data down from the Prod network etc but they cannot write anything up but they can share the Internet connections/VPN services etc with no real aggravation.
Free Tool: Port Scanner

Check which ports are open to the outside world. Helps make sure that your firewall rules are working as intended.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

TheCleanerAuthor Commented:
Thanks guys...
Keith AlabasterEnterprise ArchitectCommented:
:) if you decide you need more later, just add to this thread.
TheCleanerAuthor Commented:
I will, thanks...
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.