<div>
<div class="content wysiwyg-content">
Hi<br />
<br />
Looking for some pointers on development of various aspects of security layers when it comes to provisioning access to users who are not within the complete trust zone of an enterprise. The users may fall into below broad categories<br />
<br />
1. Joint Ventures / Acquisitions ( Users needing joint access to certain applications only and their data over Site to Site VPN / Leased Lines - doesn't exist within our active directory- AD yet)<br />
<br />
2. Customers located inside the premises ( Same needs as 1 but from within the LAN)<br />
<br />
3. Road Warriors ( trusted employees access LAN from Remote VPN)<br />
<br />
4. Vendors for software development and support ( Vendors needing complete access to servers both from LAN and internet over VPN - doesn't reside in AD)<br />
<br />
For such permutations, what's the best mechanism to commission the &nbsp;infrastructure security design from ground up?<br />
<br />
TIA
</div>
</div>


Hi

Looking for some pointers on development of various aspects of security layers when it comes to provisioning access to users who are not within the complete trust zone of an enterprise. The users may fall into below broad categories

1. Joint Ventures / Acquisitions ( Users needing joint access to certain applications only and their data over Site to Site VPN / Leased Lines - doesn't exist within our active directory- AD yet)

2. Customers located inside the premises ( Same needs as 1 but from within the LAN)

3. Road Warriors ( trusted employees access LAN from Remote VPN)

4. Vendors for software development and support ( Vendors needing complete access to servers both from LAN and internet over VPN - doesn't reside in AD)

For such permutations, what's the best mechanism to commission the  infrastructure security design from ground up?

TIA

Extranet Security

Network design and methodology, also known as network architecture, is the design of a communication network. It is a framework for the specification of a network's physical components and their functional organization and configuration, its operational principles and procedures, as well as data formats used in its operation. In telecommunication, the specification of a network architecture may also include a detailed description of products and services delivered via a communications network, as well as detailed rate and billing structures under which services are compensated.

Network Architecture

Active Directory (AD) is a Microsoft brand for identity-related capabilities. In the on-premises world, Windows Server AD provides a set of identity capabilities and services, and is hugely popular (88% of Fortune 1000 and 95% of enterprises use AD). This topic includes all things Active Directory including DNS, Group Policy, DFS, troubleshooting, ADFS, and all other topics under the Microsoft AD and identity umbrella.

Active Directory

Network security consists of the policies adopted to prevent and monitor authorized access, misuse, modification, or denial of a computer network and network-accessible resources. Network security involves the authorization of access to data in a network, and covers a variety of computer networks; conducting transactions and communications among businesses, government agencies and individuals. Networks can be private, such as within a company, and others which might be open to public access.