You can send my consulting check via TechRepublic. First off, there is no reason to consider any topology other than ethernet. It is the almost universal, de facto network choice for the topology. 500 to 600 users? You forgot about the layout of the building(s), which could change things a little.
I would start with two sets of routers. One for you corporate network and the second to interface the outside world. Two routers each, running VRRP between each other so you have redundancy on both networks. They, in turn, talk OSPF between the two set of routers. That gives you the ability to limit what is passed out from your corporate network.
The corporate set of routers should have both fiber and copper gig ports available. That way you can expand for any need that pops up. And the do pop up. You can hang much cheaper layer 2 switches off of these routers for end user ports and interfaces to servers.
The WAN, as I will call them, routers should have more copper ports, and a lot less VLANs. You don’t really need fiber here because there should not be great distances. Logically. all it needs is one routing instance to talk to the corporate network. It in turn, will route what you want into your DMZ. It can also interface with everything outside of the “main” location, such as remote offices, VPN appliances, firewalls, etc..
Any more information and I would want to be paid.