I'm looking for advice on how to properly establish a dedicated Active Directory sandbox for development and testing. We work in a large company and currently lack a test environment. Whenever the idea of creating one comes up, our Cyber Security team raises concerns that make our AD management hesitant. What are the best practices to ensure that the sandbox is set up securely and provides proper isolation?
5 Answers
We keep our sandbox on an isolated VLAN and run nightly backups. This way, if we mess something up during testing, we can easily roll back. We also use an approved remote access tool to reach devices in that VLAN, which means we don’t need custom firewall rules for access.
We have our AD sandbox on a separate VLAN, completely isolated from the rest of the network. To access it, you have to use a VPN, and only a couple of people have a direct port to connect their workstations. Even when connected via VPN, your workstation can’t interact directly with the environment; you can only RDP into a machine in the sandbox for testing.
I don’t understand why your Cyber Security team is against this. There's really nothing dangerous about having a sandboxed environment as long as it's properly set up.
I had a sandbox connected to our vSphere network, where I could clone production VMs over. To interact with any of the VMs, you needed to be physically connected to a port in my office.
Our sandbox is set up as a separate network segment, with very tight restrictions – nothing can go in or out without proper approval. The setup can be either virtual machines or physical servers, depending on what you prefer.
Related Questions
Can't Load PhpMyadmin On After Server Update
Redirect www to non-www in Apache Conf
How To Check If Your SSL Cert Is SHA 1
Windows TrackPad Gestures