I am currently in the planning stages for implementing a corporate network, comprising two logical networks with separate domains, all within the same physical infrastructure.

One of these networks will be air-gapped from the public network, while the other will have controlled public access.

My challenge lies in implementing DNAC & ISE to enable automatic domain selection and endpoint provisioning based on the username, including VDIs.

Additionally, we aim to secure VDI users with data leak prevention and security measures.

I kindly request your valuable inputs for designing the network.