I need to know if there is anyone out there that has a totally secure domain for testing that does not allow anyone outside of testing to access. We currently have an environment like this but we are now getting some resistence from our network guys on keeping this private. My thought is that we have to keep a controlled environment where we are aware of our environment at all times. Any Thoughts? Looking for some more reasons we need to keep our environment the way it is.
Your thought is a good one. I'll add this little story:
We once ran a test where we deliberately crashed our test server to see how the application would recover. At exactly the same time that we did our test, one of the company's major sales support systems failed.
It turned out the two incidents were unrelated, but it went far to convince the powers-that-be that everyone was better off if testing maintained a separate environment.
On the other hand, one might argue that if the test environment is too clean, then it is not a reflection of the user's environment where the application would be running alongside several other business apps.
Interesting. We've actually considered testing be its own domain (it isn't currently.) This is due to the fact that our test machines often aren't patched, and rarely have virus scanners installed. By separating the test systems, we are free to do what we need to, without being a security risk to the rest of the company.
My last company had both a private test network and test boxes on the corporate network. They were always patched at the latest patch level. The thinking there is that most companies should be keeping the patches up on their machines, they're stupid if they don't, and the real world aspect of the corporate LAN yields better results. We would even do performance tests on the test LAN and the corporate LAN and conpare results.