I have 3 networks and they all need to be secure from each other yet be easily managed from a domain standpoint.
Network A = Child domain Network (Secure network)
Network B = Domain Network (Domain)
Network C = Stand Alone Internet Access Network (No domain)
Currently Network A(Secure) and B(Domain) are physically separate to Network C (Internet).
Network B(Domain) can access Network A(Secure) via routing and vice versa.
Network A(Secure network) is currently setup as a child domain and only really needs File Share accessible between Network A(Secure network) and B(Domain), not C(Internet). I don't know why it was setup as a Child domain, it was just done this way for some
manageability I assume, but be separate from the parent domain incase of any contamination, password attack/log/cache from Network A.
Network A(Secure network) is a contamination prone network so it must be extremely locked down and have absolutely NO internet facing interfaces. In case of an outbreak Network A must not be able to breach Network B.
Network B(Domain) is a standard domain network with computers and users.
Network C(Internet) is for internet access only as it is critical that Network A and B are secure from the internet.
Network C(Internet) has separate workstations for internet access not joined to the domain.
I want to be able to access internet for servers only on Network B(Domain) for essential services e.g. NTP, Windows Update, AV Updates.
I want to be able to have control over Network C(Internet) in regards to internet access, DHCP scope and reservation instead of having it as a workgroup network. I was leaning towards Forefront TMG for AD integration and potentially having a RODC in Network
C, although this would expose AD services to an internet facing network. What risks does this pose? Also TMG is end of life, so I have been looking at hardware appliances with AD integration to perform the task. All internet access needs to be audited and
tracked, so having AD integration would allow some sort of control over user based access instead of anyone plugging into the network and obtaining internet access. I will also look at assigning DHCP scopes based on MAC addresses using Server 2008 so we can
keep track of which users have access. A manual process, but there are only a small number of users to update and maintain.
Network A(Secure network) needs to be manageable for deploying images and workstation builds. Is a RODC viable for this Network also? Essentially this network would have standard domain machines and only be able to write to a fileshare seen by Network B only.
Would 1 RODC with multiple interfaces be feasable for servicing Network A and C? Network A must be ideally self-contained.
From a logical view I picture it to be something like.
A<-->B<--RODC<--C
What would be the most secure setup and placement of firewalls to allow for the above?
Any help or suggestions would be appreciated