If you truly need total separation then I'd strongly encourage you to push
for separate networks.
Take your VLAN setup for example: For both virtual networks to reach the
server, the server *cannot* be on a VLAN, and thus the two networks would
"touch" at that point. The server can obviously be configured to not route
traffic, but in theory the networks are not *completely* isolated and since
that seems to be a concern if the Feds do an audit, that would not stand up
to the test.
In short? Never take shortcuts with your infrastructure. Whether that is
with servers (white box home-built servers always have the most problems),
backups, or staff....every time a company tries to pinch a penny, they pay a
"Art DeKneef" <art.dekneef@newsgroup> wrote in message
> Client has asked about having another company added to the network.
> Currently small business, 10 employees, SBS 2008.
> New company will be minority owned and according to him the businesses
> must be separated. When I asked for clarification he wasn't sure. Instead
> saying the Federal government was looking closer because of the level of
> fraud they have been finding. Anyone doing something like this that can
> offer insight?
> He would like to NOT have a complete second network if possible. On the
> server side I could create a new partition and store the second company
> data there protected with permissions. Create separate domain on Exchange.
> Segment the network with two VLANs and have second company on VLAN 2.
> Install a couple of dedicated computers for the second company. Employees
> from company one will be working on projects for company two.
> Anything I'm missing or better ideas?