Saturday, July 2, 2016

The Lab

 on  with No comments 
In ,  
In addition to the few Facebook groups and pages that I contribute to, I also spend time occasionally in the /r/homelab subreddit.  There's a couple common questions that come up repeatedly there, and a few people jokingly say that they're going to publish a blog post with their answer so they don't have to reply with the same answer over and over again.  So rather than repeatedly say I'm going to do the blog post, I'm actually going to do it.  I check Reddit a couple times a week if you have a comment of question, but you can also comment here if you came across this post by another means.

I'll update this post when other frequently asked questions inspire me to do so, or if additional stuff pops into my head.  Note that the line between "production network" and "lab network" is very blurred at times even though I do make an attempt at separation.

Question 1: What are you currently running in your lab?

First, the physical stuff.
  • A SonicWall, connected to two different subnets, both which reside on a Extreme Summit 400-48t switch.
  • Two whitebox servers with AMD A4-5000 APU's and 16GB of RAM each.  Both run GNS3 and Hyper-V on Server 2012R2.  
  • One whitebox server with two AMD Opteron 4122's and 64GB of RAM.  This box runs ESXi.
  • One "halftop" running as a domain controller, DNS and DHCP server for the production network. It currently sports an Intel i5 with 4GB of RAM.  And it also runs Hyper-V, though no VMs are currently on it because of the lack of memory following the milk incident that led to it's halftop status.
  • My workstation.  Intel i5 with 12GB RAM.  I run GNS3 and Virtualbox on it, mostly for quick and dirty things I want to check out real quick.
  • A large array of routers, switches, firewalls, access points, and other network devices from various manufacturers.
Next, the VM's that are always on, showing the application and OS.
  • One additional domain controller for the "production network," and two domain controllers for the "lab network" One of the lab network DC's is Server 2016 TP5, the rest are Windows 2012R2. (3 total).  Each domain has one DC on each subnet to simulate multiple AD sites.
  • Multi-tier Certificate Authority for each of the two domains.  Each domain has one root CA, and one issuing CA.  The root CA for the lab network is Server 2008, the other three are Server 2012R2. (4 total).
  • Cisco Secure ACS 4.2.   Server 2000.
  • Cisco Secure ACS 5.6.
  • 2x NTP.  NetBSD 6.1.5 x86.
  • IPAM.  Server 2012R2.
  • WSUS.  Server 2008. - getting phased out in favor of the SCCM box.
  • WINS.  Server 2000.
  • Windows Media Services.  Server 2008R2.
  • VCenter 5.5.  Server 2008R2.
  • Exchange 2016. Server 2012R2.
  • SharePoint 2016. Server 2012R2.
  • Office Online Server 2016.  Server 2012R2.
  • Skype for Business 2015.  Server 2012R2.
  • SQL Server 2014.  Server 2008R2.
  • WDS. Server 2016 TP5.
  • SCCM 2012R2.  Server 2012R2.
  • SCVMM 2012R2.  Server 2012R2.
  • Microsoft Advanced Threat Analytics.  Server 2012R2.
  • Minecraft Server for the kids.  Server 2008R2.
  • TFTP.  NetBSD 6.1.5 x86.
  • Scrutinizer.  CentOS 6.7.
  • PRTG.  Server 2012R2.
  • Imeta WoL Web App.  Server 2003R2.
  • OwnCloud.  CentOS 6.7.
  • Cisco virtual WLC.
  • Cisco CDA.
And finally, a number of VMs that aren't always on such as a couple workstations (multiple flavors of Windows) for both domains, my Windows NT4 domain, Netware 6.1 server, and various virtual firewall, router and switch platforms.  And WSA, ESA, ISE in the very near future.

Question 2: Why do you use Virtual Machines in your lab?  Why not run one server with all these services?

So again, in no particular order:
  • You're going to generally see one application per server in production, so that's how I'm going to learn it.
  • I can't run multiple instances of Active Directory on the same server.  I don't need multiple domain controllers, but you're less likely to lose both of them than you are to lose your only one.  And again, it's more real world.
  • Active Directory Sites.  You need at least 2 sites to do anything remotely useful with this.
  • I can't run a multi-tier Certificate Authority on the same server.  Like many things, I don't know that I necessarily NEED to run a multi-tier setup, but I find you learn the technology better when you go all out.  The different CA's interact with each other, and you miss little nuances when you don't see those interactions.
  • Tied in to the first two, multiple Active Directory domains because Microsoft is REALLY in love with ADFS on their exams.  For anyone who has read the cert guides and attempted the cert exams, that is enough said on the matter. 
  • Hyper-V is also covered extensively on Microsoft exams.  If you're studying for Microsoft exams, you need to know about Hyper-V, period.  You may as well do something useful while you build/migrate/failover your VMs.
  • Not everything runs on Windows Server core.  Server core is another one of those things Microsoft currently is really into, so if you're working on Microsoft exams, you need some hands on with Server core.  Since you can't run certain things on it still, your only server can't be core.  Plus, you need to know how to mange Server core servers from other servers.
  • Many of the apps I run, such as Scrutinizer and Cisco's virtual WLC, come as a prebuilt VM.  This might not be a problem for you if you're just getting started with the Homelab stuff, and may not even matter if you're a systems guy, but there's still the possibility that you'll come across this eventually.
  • Windows, Linux, BSD, Solaris. I can't pick just one.  I've always worked in predominantly Windows environments so my Windows skills have to stay sharp.  But very few environments are Windows only anymore, so I want to know Linux/Unix as well. 
  • The occasional older application that won't run on modern editions of Windows Server cannot coexist with newer apps that will not run on older editions of Windows Server. In other words, if you're using Cisco Secure ACS 4.x (which only play nicely on Server 2000 and 2003), and you're also studying for the MCSA 2012 (so you need your domain at 2012R2 DFL and FFL hence needing Server 2012R2), you need at least 2 systems here.  So if I'm already building one VM for the older apps, why not 2, or 20?
  • No matter how many resources you throw at a single server, you'll max it out eventually.  So ignoring the previous two points, even if you could run everything you use on a single server, you'll need a second server eventually since labs only grow, they never shrink.
  • You can't put one server on both sides of a router or firewall to test your ACLs.  Yes, you can multihome a server and manipulate what traffic goes in and out of what interface, but for the most part, you'll need stuff on both sides of the router or firewall to see how your ACLs effect traffic.  I'd rather be sure that everything is going across the wire and not just across the server.
  • A good number of the firewalls I use in the lab for various purposes run in VMs.  In fact, some are only distributed as VM appliances. So adding a few server VMs isn't much more effort.
  • Being able to isolate the lab from the production.  As I said earlier, the line between production and lab often blurred, but you still have to make an effort.  Kill Internet access to the house because you're messing around with the DNS server and you'll see why that really matters.


Post a Comment

Discuss this post!