We help IT Professionals succeed at work.

We've partnered with Certified Experts, Carl Webster and Richard Faulkner, to bring you a podcast all about Citrix Workspace, moving to the cloud, and analytics & intelligence. Episode 2 coming soon!Listen Now

x

Uber-EE experts please - Design considerations R&D lab environment

TheCleaner
TheCleaner asked
on
Medium Priority
247 Views
Last Modified: 2010-04-18
EE,

I need design considerations, white papers, links, etc. on setting up a separate R&D lab environment.  Any and all ideas welcome.

My plan is to get ideas and consensus and then move forward.

Basically the scenario is that I have an R&D/Engineering department that is wanting to do some software development for some hardware appliances we are manufacturing.  I would like them to be "separate but same", basically letting them do whatever they want in their own test environment, but still have some access (restricted to what is needed) back into the production domain network, such as internet access, file/print access, and maybe a little more.

I have Extreme Networks x450 switches for the networking side, and Juniper SSG-520's (2) for the firewall/routing side, so I can do things like VLAN's, MAC/port lockdown, 802.1X, etc. as needed.

So again, feel free to comment...I'll pick the best answers/comments and split the points accordingly.

(I'd love to assign 1500 points for this, but the rules state 500...sorry)
Comment
Watch Question

Simple enough to do. You can seperate them using VLAN's.
The rest of them controling access you should do using ACL's. this iwll let you access only the things you want them to have access to
My philosophy is KISS (Keep it simple stupid) when create test labs. Of course the complexity of the lab and size are real considerations too.

Not the solution you were looking for? Getting a personalized solution is easy.

Ask the Experts
Top Expert 2004
Commented:
>>I would like them to be "separate but same", basically letting them do whatever they want in their own test environment, but still have some access (restricted to what is needed)

A sandbox.

I'm not familiar with the Juniper box as a firewall - but that's all you need.

Lab Net
  |
Firewall
  |
Production Net

On your firewall you define rules allowing access from the lab to the production net for specific needs - Internet, file sharing, DNS, DHCP, etc.
Keith AlabasterEnterprise Architect
CERTIFIED EXPERT
Top Expert 2008
Commented:
I agree about the 'keep it simple'. As 90% of our storage is SAN based, we needed to keep things quite tightly integrtaed. We simply created a new AD forest for our Model Office and then made a one-way trust between the Model AD and the Production AD. They can copy data down from the Prod network etc but they cannot write anything up but they can share the Internet connections/VPN services etc with no real aggravation.

Author

Commented:
Thanks guys...
Keith AlabasterEnterprise Architect
CERTIFIED EXPERT
Top Expert 2008

Commented:
:) if you decide you need more later, just add to this thread.

Author

Commented:
I will, thanks...
Access more of Experts Exchange with a free account
Thanks for using Experts Exchange.

Create a free account to continue.

Limited access with a free account allows you to:

  • View three pieces of content (articles, solutions, posts, and videos)
  • Ask the experts questions (counted toward content limit)
  • Customize your dashboard and profile

*This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

OR

Please enter a first name

Please enter a last name

8+ characters (letters, numbers, and a symbol)

By clicking, you agree to the Terms of Use and Privacy Policy.