Test environment - at work - FMVperformance.com : The site for all your Ford Mazda and Volvo needs
Reply
 
LinkBack Thread Tools
post #1 of 11 (permalink) Old 10-10-2007, 09:32 PM Thread Starter
Short Track Racer
 
Join Date: Jul 2006
Location: Honolulu, Hawaii
Posts: 154
Test environment - at work

Techies, I have a question...

I'm wanting to thoroughly test some software before it's put into production.
Therefore, I'm wanting to setup a "test environment" with a server and multiple computers while at work.
I'm wanting to have this "test environment" completely separate from the work domain.

Here's the thing for the test environment:
The "test" server is now a DNS with Active Directory
How do I get these computers to connect to the internet WITHOUT having any impact on the work network?
The "test" computers are NOT on the work domain, they are on their own workgroup
I'm worried that if I use the work gateway and TCP/IP configuration for the "test" computers (to allow them to get out to the internet) it will somehow impact the live work domain.
bustrhimn is offline  
Sponsored Links
Advertisement
 
post #2 of 11 (permalink) Old 10-11-2007, 11:08 AM
F1 Driver
 
Join Date: Jan 2005
Location: DC
Posts: 3,147
Re: Test environment - at work

1) if you have a domain controller that is not a member of the same domain as everything else at work, then the test computers shouldn't be part of a workgroup at all, but members of the test domain. And if you don't need them to join a domain, then you shouldn't be using a DC anyway.

2) a simple workstation utilizing the production network won't have any impact on that network (except in terms of whatever bandwidth it is using) unless the application you are testing requires AD, DNS, etc. And even then it won't actually do anything unless the app makes changes to AD/DNS (a bad thing that shouldn't happen anyway) or needs you to make changes to those services in order to function. And if that's the case, then see #1 above because the computer you are testing it on shouldn't be a member of a workgroup as you have it configured but a member of the test domain that you have created on your test domain controller.

3) you can use the production gateway and DHCP without a problem. You should probably add a new scope to the DHCP server for the test environment, and specify the test DC for DNS. The DC should obviously have a static IP on that subnet. Or you can set up DHCP in your test environment and block DHCP with an ACL on the router that separates your test and production environments. If these options are not possible, then you still shouldn't have any problems just using the production DHCP server, just remember to give your test domain DC a static IP.. You need to remember that domain controllers only service members of their respective domains. So as long as your test machines are members of the test domain, you won't have any issues with the production domain. The routers in your network will handle TCP/IP just the same, regardless of which domain it is from. The routers can't see such things, so it doesn't matter.

Can you be more specific about the app you are testing, and the network infrastructure of your environment? Is it a fairly simple so/ho type network with a single router? Or are you using enterprise class routing and switching gear, with multiple networks, etc.

murph182 is offline  
post #3 of 11 (permalink) Old 10-11-2007, 12:09 PM
F1 Driver
 
Join Date: Jun 2007
Location: Under your bed. NoVA
Posts: 5,041
Send a message via AIM to jcutler Send a message via Yahoo to jcutler
Re: Test environment - at work

Quick fix provided you are using Cisco equipment. Create a Vlan for just the test bed equipment that you are trying to get out to the internet, and several small configs on the router. If you want me to help you I will send you a config template minus your IP addresses. This is provided you are using cisco routers and switches and not some off brand

If I fill half my tank with Shell V-Power gas and the other half with Chevron with Techron gas will I have V-TEC gas?

To view links or images in signatures your post count must be 0 or greater. You currently have 0 posts.
jcutler is offline  
post #4 of 11 (permalink) Old 10-11-2007, 10:52 PM Thread Starter
Short Track Racer
 
Join Date: Jul 2006
Location: Honolulu, Hawaii
Posts: 154
Re: Test environment - at work

[quote author=murph182 link=topic=91395.msg1773419#msg1773419 date=1192115300]
1) if you have a domain controller that is not a member of the same domain as everything else at work, then the test computers shouldn't be part of a workgroup at all, but members of the test domain. And if you don't need them to join a domain, then you shouldn't be using a DC anyway.

2) a simple workstation utilizing the production network won't have any impact on that network (except in terms of whatever bandwidth it is using) unless the application you are testing requires AD, DNS, etc. And even then it won't actually do anything unless the app makes changes to AD/DNS (a bad thing that shouldn't happen anyway) or needs you to make changes to those services in order to function. And if that's the case, then see #1 above because the computer you are testing it on shouldn't be a member of a workgroup as you have it configured but a member of the test domain that you have created on your test domain controller.

3) you can use the production gateway and DHCP without a problem. You should probably add a new scope to the DHCP server for the test environment, and specify the test DC for DNS. The DC should obviously have a static IP on that subnet. Or you can set up DHCP in your test environment and block DHCP with an ACL on the router that separates your test and production environments. If these options are not possible, then you still shouldn't have any problems just using the production DHCP server, just remember to give your test domain DC a static IP.. You need to remember that domain controllers only service members of their respective domains. So as long as your test machines are members of the test domain, you won't have any issues with the production domain. The routers in your network will handle TCP/IP just the same, regardless of which domain it is from. The routers can't see such things, so it doesn't matter.

Can you be more specific about the app you are testing, and the network infrastructure of your environment? Is it a fairly simple so/ho type network with a single router? Or are you using enterprise class routing and switching gear, with multiple networks, etc.


[/quote]

Thanks so much for your time!

the software Im testing is System Center Essentials 2007
it requires a DNS and AD so that's why I have that setup
3 computers all plugged into a netgear 4-port firewall that plugs into our work connection

the only reason why Im hesistating is because I had it on the work domain while testing and it created some objects in the Group Policy on the DC and threw all the computers on the network off (firewall settings)

I'm pretty sure your answer will provide me with the help I need
once again, thanks so much, I just needed to hear someone else confirm
bustrhimn is offline  
post #5 of 11 (permalink) Old 10-12-2007, 08:57 AM
F1 Driver
 
Join Date: Jan 2005
Location: DC
Posts: 3,147
Re: Test environment - at work

the firewall is a router. I'm going to further assume that the wan interface on the router is either statically configured with an IP on your production network or is pulling one via DHCP. As long as you a) aren't using a dhcp server on your test network OR B) you are, but bootp/dhcp is blocked on the router with an acl, then you won't cause any tcp/ip problems. As long as the test computers are members of the test domain, you won't cause any problems with the other domain controllers on your network. And finally, as long as port security on your production lan switches isn't shutting ports down for bpdu's (which can create network loops, and thus a general practice is to disable a port that sees bpdu's coming through), you should be fine for sending traffic from your test network to the internet (assuming that dns (port 53) http (port 80), etc, aren't blocked on your firewall).
murph182 is offline  
post #6 of 11 (permalink) Old 10-12-2007, 09:24 AM
F1 Driver
 
Join Date: Jun 2007
Location: Under your bed. NoVA
Posts: 5,041
Send a message via AIM to jcutler Send a message via Yahoo to jcutler
Re: Test environment - at work

[quote author=murph182 link=topic=91395.msg1775693#msg1775693 date=1192193847]
the firewall is a router. I'm going to further assume that the wan interface on the router is either statically configured with an IP on your production network or is pulling one via DHCP. As long as you a) aren't using a dhcp server on your test network OR B) you are, but bootp/dhcp is blocked on the router with an acl, then you won't cause any tcp/ip problems. As long as the test computers are members of the test domain, you won't cause any problems with the other domain controllers on your network. And finally, as long as port security on your production lan switches isn't shutting ports down for bpdu's (which can create network loops, and thus a general practice is to disable a port that sees bpdu's coming through), you should be fine for sending traffic from your test network to the internet (assuming that dns (port 53) http (port 80), etc, aren't blocked on your firewall).
[/quote]


^ Must do IT work for the Gov.

I am in DC as well, well NoVA and do IT work for the Gov. Where do you work.

I work at CACI as a Wan Engineer.

If I fill half my tank with Shell V-Power gas and the other half with Chevron with Techron gas will I have V-TEC gas?

To view links or images in signatures your post count must be 0 or greater. You currently have 0 posts.
jcutler is offline  
post #7 of 11 (permalink) Old 10-12-2007, 09:30 AM
F1 Driver
 
Join Date: Jan 2005
Location: DC
Posts: 3,147
Re: Test environment - at work

[quote author=jcutler link=topic=91395.msg1775732#msg1775732 date=1192195444]
^ Must do IT work for the Gov.

I am in DC as well, well NoVA and do IT work for the Gov. Where do you work.

I work at CACI as a Wan Engineer.
[/quote]

not directly for the .gov at the moment, but most of our contracts are .gov. I'm the in-house network/security admin.

work in Tysons. I've known quite a few people who work for CACI, but none in IT. You guys really have your hands in everything, it seems.
murph182 is offline  
post #8 of 11 (permalink) Old 10-12-2007, 01:31 PM
Senior Member
 
Join Date: Aug 2005
Location: Ellicott City, MD
Posts: 9,451
Re: Test environment - at work

I was thinking something similar (that it sounds like you work for the gov). I tend to keep the networking stuff at arms length unless it is something I am dealing with on my home network or setting something up for a friend.
-Matt
azazel1024 is offline  
post #9 of 11 (permalink) Old 10-12-2007, 02:56 PM
F1 Driver
 
Join Date: Jan 2005
Location: DC
Posts: 3,147
Re: Test environment - at work

[quote author=azazel1024 link=topic=91395.msg1776375#msg1776375 date=1192210276]
I was thinking something similar (that it sounds like you work for the gov). I tend to keep the networking stuff at arms length unless it is something I am dealing with on my home network or setting something up for a friend.
-Matt
[/quote]

I used to keep it at arms length, until I realized that whenever I would ask for something the "engineers" would pull out the cisco book and learn how to do it for the first time. If someone is going to make bank by learning on the job, it's going to be me, dammit!
murph182 is offline  
post #10 of 11 (permalink) Old 10-12-2007, 10:18 PM Thread Starter
Short Track Racer
 
Join Date: Jul 2006
Location: Honolulu, Hawaii
Posts: 154
Re: Test environment - at work

[quote author=murph182 link=topic=91395.msg1775693#msg1775693 date=1192193847]
the firewall is a router. I'm going to further assume that the wan interface on the router is either statically configured with an IP on your production network or is pulling one via DHCP. As long as you a) aren't using a dhcp server on your test network OR B) you are, but bootp/dhcp is blocked on the router with an acl, then you won't cause any tcp/ip problems. As long as the test computers are members of the test domain, you won't cause any problems with the other domain controllers on your network. And finally, as long as port security on your production lan switches isn't shutting ports down for bpdu's (which can create network loops, and thus a general practice is to disable a port that sees bpdu's coming through), you should be fine for sending traffic from your test network to the internet (assuming that dns (port 53) http (port 80), etc, aren't blocked on your firewall).
[/quote]

Would I be better off using a simple Linksys 5-port DHCP switch as opposed to the Firewall?
bustrhimn is offline  
Sponsored Links
Advertisement
 
Reply

  FMVperformance.com : The site for all your Ford Mazda and Volvo needs > Misc > Lounge

Quick Reply
Message:
Options

Register Now



In order to be able to post messages on the FMVperformance.com : The site for all your Ford Mazda and Volvo needs forums, you must first register.
Please enter your desired user name, your email address and other required details in the form below.

User Name:
Password
Please enter a password for your user account. Note that passwords are case-sensitive.

Password:


Confirm Password:
Email Address
Please enter a valid email address for yourself.

Email Address:
OR

Log-in










Thread Tools
Show Printable Version Show Printable Version
Email this Page Email this Page



Posting Rules  
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are On

 
For the best viewing experience please update your browser to Google Chrome