I was after a little bit of advice regarding Network Management.
Users will enter the network and hit a remote desktop server. On from this, they will pass through firewalls to the core switch. When they hit the core switch they are heading to a Network Management Server. This has dual NICs. One of these NICs is in the management vlan, the other is in the server/user vlan.
My question would be, when accessing this management server. Should it be directly to the management NIC on the management VLAN? Would it in turn be better to have the management VLAN completely locked down with a deny any on both in and out, allowing the management VLAN to get to all devices on the management VLAN, but nothing to enter or leave the VLAN? So in order to get to the management VLAN, you have to access the management server. Is this a particularly good practice to access it via the production network? In order to ensure the management VLAN remains locked down? Once at the NMS, access is to all management devices, so I am unsure as to the best practice. The NMS will be running software like solarwinds that needs access to the production network.