I have to agree with getting a consultant. Especially if manager will want to get production data on the office side of the network. Be very careful with keep the office network and control networks separate.
Patching on systems can create a lot of problems for control systems. Also would consider having different IP ranges and subnet mask for traffic control. For example:
PLC on one network
IP Adress 10.2.0.xxx
Subnet Mask 255.255.254.0
This will give you 512 IP Adresses
HMIs on another
IP Address 10.2.2.xxx
Subnet mask 255.255.254.0
We servers and or database server also have them on another network. This is to assist with communications from getting "bogged" down for PLC to process.
Patching on systems can create a lot of problems for control systems. Also would consider having different IP ranges and subnet mask for traffic control. For example:
PLC on one network
IP Adress 10.2.0.xxx
Subnet Mask 255.255.254.0
This will give you 512 IP Adresses
HMIs on another
IP Address 10.2.2.xxx
Subnet mask 255.255.254.0
We servers and or database server also have them on another network. This is to assist with communications from getting "bogged" down for PLC to process.