I have always had some sort of home lab my entire career. When I was a consultant, it was a good way to mock up a problem. It also provided me the ability to learn a new skill or software on my home lab. This avoided having my clients becoming guinea pigs for new products.
I had let my home lab slip a bit before COVID-19. Part of the reason was I was a bit burnt out after years of consulting and the last thing I wanted to do was work on computers after a long day at work. We also had a very good lab/test environment setup at work, which mitigates some of the need for a test lab.
Before COVID-19 hit, I started to look at retooling my home lab. I have some great juniper switches which are also layer 3 capable and I have a Palo Alto Firewall at home. What I let slide is my home lab servers. It was a Dell 620 that was over 6 years old with SATA hard-drives. To say it was slow was an understatement.
My first step in rebuilding the lab was taking a retired Exchange Server with over 3.2 TB of storage and 320 GB of ram and levering that the base of my home lab server.
I have always like VMWARE, so I installed VMWARE ESXI 6.5 on that server. I then installed two Active Directory Domain controllers so I could test scripts or Active Directory security lockdowns. My next machines were two windows 10 workstations. I enrolled one of those workstations in the enhanced preview program so I could stay updated on what the next release of Windows 10 looks like.
I am also IT Security professional, so I installed KALI Linux on that server for learning more about penetration testing. That is still an ongoing process.
I left my home lab that way for the first 6 months of 2020. After being locked down in March and April of 2020, I needed something to do. I was speaking to one of my good friends about VMWARE and he mentioned that he built a home lab with two Intel NUC's and a Synology NAS. That got me thinking about what I wanted to put into my home lab.
I started looking into Intel NUC's and figuring out which models would work. One feature I did want was two built-in network cards. The reason for this is I wanted to setup a VSAN and did not want to use a USB network card for the second network connection. I also wanted the ability to install 2 NVME modules, which is a requirement for VSAN.
After much research, I settled on a barebones ZOTAC ZBOX much like this one ZBOX edge MI643 (Barebone) | ZOTAC. I purchased 64 GB of RAM for each and two NVME module's for each, with about 2TB of storage. While these are great devices, they do have a issue preventing them from running VMWARE 7.0. The are running realtek network cards, which is not supported by VMWARE 7.0, so I am stuck on VMWARE 6.7. Since this was purchased during COVID, it took months for the ZBOX's to arrive.
Once They did arrive, it was easy to install VSAN and configure VSAN.
To be legal with VMWARE licensing, they have a program with VMUG called VMUG Advantage, the price is about $200 a year, but you can find discount codes that will bring the cost down.
Once I had the VSAN up and operational, it was time for a new network switch. Along with a switch, I was also looking for a NAS and realized that QNAP has a switch that also can be be configured as a NAS and it can also run virtual machines. This is the switch I selected. This switch can also run ethernet at 2.5 and 5 GB, which is important for WIFI6. I do have an access point that runs at 2.5 GB and also supports WIFI6.
One of my projects the past winter was to run ethernet cables from the basement to my home office and to the attic. I put the access point in the attic and it has been working great. I run ruckus wireless at home, which I feel is one of the better wireless solutions on the Market. I also had an outdoor access point that I had from my consulting days that I also mounted in the attic. This provides very good wireless signal to my back yard. Before I moved the access point to the attic, my wireless was spotty at times.
I also have a Palo Alto PA220 in my homelab, it is a lab bundle, so it includes all subscriptions, it was a nice addition to the homelab and helps keep the network safe. I have all of my internet of things on their own VLAN.
After the VSAN was up and running and stable, I moved most of the machines to the VSAN and tested failing a node, it worked great.
Since I had some additional capabilities, I built a honeypot called TPOT that works great to see what attacks exploits are currently popular.
I have always wanted to have the ability to exam malware on a machine that would go back to default when rebooted. I built a VMWARE Horizon instance with 6 machines that have FlareVM installed on them. I also have the VMWARE Horizon web access configured. When I get some additional time, my next goal is to Deploy a UAG gateway so this system can be accessed remotely. Since I work from home a majority of the time, this is not a great need, but it is still something I would like to get up and operational.
I am also running a PIHOLE DNS server running on UBUNTU and a product called RITA which monitors traffic flows and can highlight suspicious flows.
I recently added a new device called firewalla to my home network/lab. I always have people asking what to do to provide better security at home and for their children. So far I like it and I will provide a full review in another blog post.
(What I like is you don't need a subscription and you don't need to modify the existing home network, you just plug it in and it works, the magic of proxy arp :) Firewalla | Firewalla: Cybersecurity Firewall For Your Family and Business
I do have some items I need to fix/add to my home lab. I would like to get another Intel NUC so I can retire the Dell Server. I also need to get the NAS up an operational. Finally, I need to test installing a Virtual machine on the switch to see how well it can function.
I believe it is important to have a home lab of some sort to keep up to date and to experiment and learn new technology. It can also help when you are testing an idea or theory you have.
If you want to find out about others home labs, check out these links, GitHub - lamw/homelab: VMware Community Homelabs and here Resources for VMUG Members | VMware User Group Collective (vmugcollective.com).