Looking for some pointers on development of various aspects of security layers when it comes to provisioning access to users who are not within the complete trust zone of an enterprise. The users may fall into below broad categories
1. Joint Ventures / Acquisitions ( Users needing joint access to certain applications only and their data over Site to Site VPN / Leased Lines - doesn't exist within our active directory- AD yet)
2. Customers located inside the premises ( Same needs as 1 but from within the LAN)
3. Road Warriors ( trusted employees access LAN from Remote VPN)
4. Vendors for software development and support ( Vendors needing complete access to servers both from LAN and internet over VPN - doesn't reside in AD)
For such permutations, what's the best mechanism to commission the infrastructure security design from ground up?