I hope that someone here with far better knowledge than me will be able to help check that my logic is correct.
We have a single UK office and are about to have a temporary 2nd office go live.
We are looking at putting in a point to point 100Mb fibre connection between these offices which if i understand correctly will allow the 2nd office to appear as if it is directly on our main network, utilising DHCP, DNS, AD etc?
Based on the above being correct we will need to restrict access to some of our servers back in the main office. Most of these only have a single network socket. My thoughts were to create a seperate vlan (We have HP Procurves everywhere) which will have all of the 2nd offices computers on and the point to point, then tag any ports that the servers are connected to they need access to (AD servers, emails servers, web filters etc) as belonging to both vlans.
If that is correct i assumed that this would enable all computers in the remote office to share DNS, Email servers, some app servers, take DHCP leases from the main office whilst still preventing access to those couple of servers which the 2nd office must not be able to get to without putting in second IP ranges, vans and other joyous tech.
Am i right? (please say i am, ok, please honestly say I am)