Sounds fine - don't try anything fancy with the subnets, there's no point.
First, rack your switches and connect them up. You have a star topology, with a 5400 "Core" in the middle, and 4x 2920s patched in between each other using 10GB SFP+ transceivers.
Create three VLANs on your "Core".
VLAN 10 name SERVER
VLAN 20 name WORKSTATION
VLAN 30 name PRINTER
VLAN 99 name MANAGEMENT
Configure an IP address for each VLAN
VLAN 10
ip address 10.1.10.1 255.255.255.0
VLAN 20
ip address 10.1.20.1 255.255.255.0
ip helper-address 10.1.10.42
VLAN 30
ip address 10.1.30.1 255.255.255.0
ip helper-address 10.1.10.42
VLAN 99
ip address 10.1.99.1 255.255.255.0
I assume the Servers are patched to the "Core"?
Configure the Server ports for the Server VLAN:
VLAN 10 untag A5,A6,A7,A8
Now add the VLANs to the "Core" uplinks to the switches
VLAN 20 tag A1,A2,A3,A4
VLAN 30 tag A1,A2,A3,A4
VLAN 99 tag A1,A2,A3,A4
Now get on each edge switch and create the WORKSTATION, PRINTER & MANAGEMENT VLANs.
On the edge switch uplink port, configure VLANs 20,30,99 as tagged.
Give each edge switch a management IP address in the 99 subnet.
That's your basic network.
You then need to add a default GW to your "Core" pointing at your gateway router/firewall.
Not sure how your VPN users fit into this. Presumably they are coming into your DMZ somewhere?