Congrats on the honeymoon. Much of this depends on how autonomous the sub company is with its own IT - especially it's firewall handling. So, in part this is a political question.
If you have been handling that anyway, then definitely the second option - one machine is easier to do than two. If they are going to fight you on the firewalling, then you will need to get policy set by the executive staff to sort this out, and make your choice at that point. Kurt On Thu, Jul 15, 2010 at 09:58, Cameron Cooper <ccoo...@aurico.com> wrote: > We will be moving our office to a new building around Oct. 1st (for most of > which I’ll be gone on honeymoon in sept.) and with the move one of our > sub-companies will move into the same office space. Currently they are on a > separate network and will need to remain on a separate network due to the > information and the type of services they offer (can hear the jokes now). > At the same time, we will be removing our servers from a hosted datacenter > and will bring them onsite (which of course means more work for me and less > play time). > > > > So what I was thinking of setting up with the new network would be one of > two ways: > > > > 1st option: > > - Internet Frac T3 --> FW --> Managed switch > > - At the managed switch we would setup a DMZ and then point the > sub-companies server to the switch, our DC to the switch and the ‘production > servers’ to the switch > > - The sub company wouldn’t be able to get onto our network and we > wouldn’t be able to get on their network (only exception to this would be > the CEO, COO and myself) > > > > 2nd option: > > - Internet Frac t3 -->FW > > - FW would have four nics in it… one for the sub-company, one for > our main company, one for the production servers and one for direct > connection to the router(s) > > > > We will also be putting in place better security since we will be bringing > our production servers (email, SQL, web, terminal) onsite and have client > nationwide accessing our system. As I mentioned above, the sub company > needs to use the same internet connection as the rest of the company, but > needs to remain separate from the main company’s network. > > > > Which option would work the best? Or is there a better option than what’s > listed above? > > > > _____________________________ > > Cameron Cooper > > Network Administrator | CompTIA A+ Certified > > Aurico Reports, Inc > > Phone: 847-890-4021 | Fax: 847-255-1896 > > ccoo...@aurico.com | www.aurico.com > > > > > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~
