Zero Trust–Aligned Network Architecture for Engineering Workflows

Remote engineering access was functional and performant, but VPN connectivity still exposed too much of the internal network, increasing risk if a traveling or remote endpoint were compromised.

• Need to maintain low latency for CAD workflows
• Limited team size for implementation and maintenance
• Budget constraints compared to enterprise network stacks
• Requirement to integrate with existing infrastructure rather than replace it wholesale

A Zero Trust–aligned architecture was defined around peer-to-peer connectivity, centralized firewall control, and service-level access rules to restrict communication to only the systems required by engineering workflows.

1. 01

   Assess current remote access model and identify overexposed network access.

2. 02

   Define desired access boundaries around engineering services.

3. 03

   Select firewall and routing direction based on flexibility and cost.

4. 04

   Design service-level restrictions rather than network-wide trust.

5. 05

   Align the target model with existing remote CAD and server infrastructure.

• Peer-to-peer connectivity retained for low-latency performance.
• Firewall-based segmentation introduced as the primary control layer.
• Service-level access model designed to restrict lateral movement.
• Balanced security, usability, cost, and vendor independence.
• Architecture prepared for future scaling across distributed engineering environments.

• Target network architecture
• Service-level access model
• Firewall and segmentation direction for staged implementation

The work produced a clear architecture for introducing segmentation and access boundaries while preserving the low-latency remote experience already achieved through ZeroTier and Parsec.

• Security and usability must be balanced rather than optimized independently.
• VPN access should be limited to required services, not full networks.
• Open and flexible platforms can outperform expensive managed ecosystems when designed well.