Uber-EE experts please - Design considerations R&D lab environment

EE,

I need design considerations, white papers, links, etc. on setting up a separate R&D lab environment.  Any and all ideas welcome.

My plan is to get ideas and consensus and then move forward.

Basically the scenario is that I have an R&D/Engineering department that is wanting to do some software development for some hardware appliances we are manufacturing.  I would like them to be "separate but same", basically letting them do whatever they want in their own test environment, but still have some access (restricted to what is needed) back into the production domain network, such as internet access, file/print access, and maybe a little more.

I have Extreme Networks x450 switches for the networking side, and Juniper SSG-520's (2) for the firewall/routing side, so I can do things like VLAN's, MAC/port lockdown, 802.1X, etc. as needed.

So again, feel free to comment...I'll pick the best answers/comments and split the points accordingly.

(I'd love to assign 1500 points for this, but the rules state 500...sorry)
LVL 23
TheCleanerAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

MarkDozierCommented:
Simple enough to do. You can seperate them using VLAN's.
The rest of them controling access you should do using ACL's. this iwll let you access only the things you want them to have access to
My philosophy is KISS (Keep it simple stupid) when create test labs. Of course the complexity of the lab and size are real considerations too.
pseudocyberCommented:
>>I would like them to be "separate but same", basically letting them do whatever they want in their own test environment, but still have some access (restricted to what is needed)

A sandbox.

I'm not familiar with the Juniper box as a firewall - but that's all you need.

Lab Net
  |
Firewall
  |
Production Net

On your firewall you define rules allowing access from the lab to the production net for specific needs - Internet, file sharing, DNS, DHCP, etc.

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Keith AlabasterEnterprise ArchitectCommented:
I agree about the 'keep it simple'. As 90% of our storage is SAN based, we needed to keep things quite tightly integrtaed. We simply created a new AD forest for our Model Office and then made a one-way trust between the Model AD and the Production AD. They can copy data down from the Prod network etc but they cannot write anything up but they can share the Internet connections/VPN services etc with no real aggravation.
Acronis True Image 2019 just released!

Create a reliable backup. Make sure you always have dependable copies of your data so you can restore your entire system or individual files.

TheCleanerAuthor Commented:
Thanks guys...
Keith AlabasterEnterprise ArchitectCommented:
:) if you decide you need more later, just add to this thread.
TheCleanerAuthor Commented:
I will, thanks...
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Windows Server 2003

From novice to tech pro — start learning today.