Maybe it’s time to build one!
If you are thinking about a career in IT, or simply want to learn and implement the new technologies you see and hear about, then home lab is a must have. There’s no replacement for the experience of building, maintaining and troubleshooting your own environment and hardware.
Now this does not have to be very expensive or high-tech. I started with a fairly simple and affordable home lab to learn about vSphere and virtualization. That also helped me to get a job in IT. And eventually as I became more interested, I needed to upgrade, add more hardware and finally create a home lab/network that suited my needs.
What Should I Buy?
Your current home PC is most likely powerful enough to start with. First figure out how interested you are and what you actually want from a home lab. My goal when I started was to have a virtualization platform and run a couple of Linux VMs, virtualize my NAS needs and occasionally play around with Windows Server/Client OS. The little server you see HERE, did pretty much all that.
If you are after a more powerful alternative, I would recommend Supermicro’s Xeon-D line of motherboards. They are small, quiet, low TDP and great for home labs. Paul Braren’s Tinkertry is the best place to get a lot of information about Xeon-D platform.
Home Lab Possibilities
Only Limited by Your Imagination!
You’ll find plenty of home labbers and many if not most actually utilize their home labs to help others and the community. They could be helping to test different products, automate work loads or provide a general overview of new technologies out there. And others like me, build their entire home network on and around their lab.
What Do I Run In My Home Lab?
My home lab is not just a “lab” … anymore. It runs the home network, and provides a test or lab environment too. So basically when I get home, I manage and maintain the home “infrastructure”; hardware updates, OS patching, typical DNS/DHCP issues, firewall rules, etc. It is at a much smaller scale and doesn’t require my full and immediate attention all the time but it is nevertheless my second job!
So let’s have a look at the hardware in my lab and what it actually does!
Here’s my home network layout:
- In the living room, where TV, WAP and phone line are:
- ADSL modem in bridge mode provides internet access
- L2 Managed switch (POE capable) powers Unifi WAP and creates VLANs
- Powerline adapter transfers the data (layer 2) to and from the other one in study room.
- In the study room:
- Powerline adapter transfers data to and from its living room buddy
- A larger non-POE L2 managed switch takes care of VLANs
- The two servers provide virtualization platform
The Two Virtualization Hosts:
ASRock quad-core 2GHz Intel Celeron SoC, 12GB RAM, 1 on-board NIC, 3 add-on NICs: 2 via PCI-e card and one via USB, 120GB SSD for host and VMs, 3TB NAS drive passed through for NFS
FW01 - pfSense VM with 3 dedicated physical NICs for WAN, LAN and Sync in HA configuration as Master
2 Ubuntu server VMs:
INF04 - Slave DHCP/DNS server (for core network/VLAN only) in a failover configuration
FILE01 - NFS file server
Supermicro 8 core/16 threads 2.10GHz Xeon-D SoC, 64 GB RAM, 4 on-board NICs, 4 add-on NICs via PCI-e, 16GB flash drive for ESXi, 3 x 512GB Samsung SSDs (1 PCI-e NVMe, 2 SATA) for storage and 1 IPMI port
FW02 - pfSense VM with 3 dedicated physical NICs for WAN, LAN and Sync in HA configuration as Slave
9 Ubuntu server VMs:
INF01 - Master DNS/DHCP server (for core network/VLAN only) in a failover configuration
INF02 - MySQL, MongoDB, intermediate (OpenSSL) CA and LDAP server
INF03 - IPAM, to keep an eye on IP allocation and usage on my network
LINSUS - Ubuntu Landscape server, basically WSUS for Ubuntu servers with one big difference: it actually works as intended!
NOOBSITE - Local copy of ITNOOBS as explained in The First Post
PLEX - Plex server providing content for Plex app on TV
SYSLOG - Graylog server collecting logs from all Ubuntu servers and both firewalls
UNIFI - Unifi Controller to manage the Unifi WAP
NOOBSCA - OpenSSL Root CA which is kept powered off
VCSA -VMware vCenter to manage vSphere host
BAK01 - Unitrends Backup (RedHat based backup solution)
Others (non-essential and for test/lab purposes):
- Windows Server 2016, Windows 10, Hyper-V server, Ubuntu server and desktop
Firewalls in HA
The two firewalls run in active/passive HA for LAN only. On the WAN side I cannot have an HA setup because of ADSL connection and single public IP address. The active firewall will initiate the internet connection (WAN) through the bridged modem and the WAN interface on the passive one is disabled. If and/or when I need to take the active firewall offline for (VM or host) maintenance, I have to manually disable WAN on active firewall, then enable WAN on the passive firewall, and finally transfer the active role (this is a click of a button). This allows me to take either host or firewall down without loss of internet connectivity (except for a minute or two) or DHCP and DNS outage, and it’s perfect for patch Tuesdays!
The 2 pfSense firewalls are configured to operate in Router-on-a-stick mode, utilizing the one LAN interface to provide VLAN routing, DNS and DHCP.
Linux DNS/DHCP Servers
For the core network/VLAN, I have disabled pfSense DHCP/DNS server. Instead the two Ubuntu servers take care of the DNS/DHCP requests just for that VLAN, and here’s why:
- I had created the DHCP/DNS failover before implementing firewalls, so they were already in place and working.
- Once firewalls were up and running, I noticed that host names do not always replicate from master to slave and vice-versa. This is a known issue with pfSense (apparently) and a major issue for me, because all critical or production servers are in core network and depend on internal name resolution for communication.
- I also preferred to keep the core network’s DNS completely isolated, and while pfSense provides internal DNS resolution for the rest of the network, it would not be able to resolve hostnames for core network.
The DHCP/DNS servers in HA cluster, work similar to the pfSense HA cluster with the added bonus that I don’t really have to do any manual work. I can reboot or take one down and the other, will automatically assume full responsibility for DHCP and DNS requests until the partner is back in action and DHCP/DNS responsibility is balanced.
Management of the network and lab is done from here. It is on a separate VLAN of course and only the workstation is allowed through firewall to access the core network. The workstation also gets internal DNS resolution from core network’s name servers.
I also run Veeam Backup & Replication (Free) from the workstation. In addition to Unitrends appliance, Veeam will also run a Monthly backup of important servers.This is achieved by a PowerShell script that runs via scheduled task. I also use Veeam for any adhoc backup, especially before I apply BIND (DNS server), ISC-DHCP (DHCP server) and MySQL patches.
It’s a good idea to wrap up a post with pictures and screenshots of what you just discussed. So here it …
Step by step setup and configuration of virtual hosts and machines discussed here, so check back soon!