MALj
← Back to projects

Systems Architecture

Zero Trust–Aligned Network Architecture for Engineering Workflows

Designed a segmented network architecture to support secure, low-latency remote engineering workflows, combining peer-to-peer connectivity with firewall-based access control to reduce attack surface without sacrificing usability.

Year

2025

Role

Engineer / Network Architect

Client / Context

Internal engineering environment

Duration

Architecture design and staged planning

Context

Problem Context

Remote engineering access was functional and performant, but VPN connectivity still exposed too much of the internal network, increasing risk if a traveling or remote endpoint were compromised.

Constraints

Constraints and Operating Conditions

  • Need to maintain low latency for CAD workflows
  • Limited team size for implementation and maintenance
  • Budget constraints compared to enterprise network stacks
  • Requirement to integrate with existing infrastructure rather than replace it wholesale

Decision Process

System Design and Decisions

A Zero Trust–aligned architecture was defined around peer-to-peer connectivity, centralized firewall control, and service-level access rules to restrict communication to only the systems required by engineering workflows.

Implementation

Implementation Sequence

01

Assess current remote access model and identify overexposed network access.

02

Define desired access boundaries around engineering services.

03

Select firewall and routing direction based on flexibility and cost.

04

Design service-level restrictions rather than network-wide trust.

05

Align the target model with existing remote CAD and server infrastructure.

Engineering Decisions

Key Design Decisions

  • Peer-to-peer connectivity retained for low-latency performance.
  • Firewall-based segmentation introduced as the primary control layer.
  • Service-level access model designed to restrict lateral movement.
  • Balanced security, usability, cost, and vendor independence.
  • Architecture prepared for future scaling across distributed engineering environments.

Execution

Tools and Platforms

ZeroTierParsecNetgatepfSenseUnifi

Outputs

System Outputs

  • Target network architecture
  • Service-level access model
  • Firewall and segmentation direction for staged implementation

Outcome

Result and Impact

The work produced a clear architecture for introducing segmentation and access boundaries while preserving the low-latency remote experience already achieved through ZeroTier and Parsec.

Limitations and Lessons

Limitations and Lessons

  • Security and usability must be balanced rather than optimized independently.
  • VPN access should be limited to required services, not full networks.
  • Open and flexible platforms can outperform expensive managed ecosystems when designed well.

Next Step

Need to structure or implement a similar system?

This project reflects an engineering approach centered on system structure, operating constraints, and long-term usability. If you are working through a similar infrastructure, workflow, or remote engineering challenge, get in touch.

ContactView more projects