I would appreciate your opinions and suggestions on how to approach the following situation:
We currently host equipment (workstations, servers, etc.) from several clients in our facility. For the sake of security and confidentiality, each client and its associated equipment (which from now on I will refer to as simply “client”) should be isolated into its own network. In addition, we have vendor-specific backend systems that are not related to the clients but still need to be accessed by them. Each backend system is a collection of a few servers. Due to limited building space we usually have 2-3 clients in a single room and/or one client in separate rooms but there’s only 1 (maybe 2) Ethernet ports per room that lead to our network closet. Also, client equipment gets moved to different rooms occasionally (due to the same lack of space.)
Here’s what I need to achieve:
- A client should not see other clients on the network.
- Client personnel should be able to access their equipment from the outside world through VPN.
- Every client should be able to access the Internet.
- Each client should be able to access only the vendor-specific backend systems that are assigned to it.
I have too many ideas on how to achieve this but I can’t seem to come up with a final and cost-effective solution. One of them was to install at least one managed switch per room and then enable MAC-based authentication for dynamic VLAN assignment using a RADIUS server and perform some routing, etc.
Our budget is limited so unfortunately purchasing top of the line network equipment is out of the question.
Thanks in advance for your help!