This is the day zero of TheFlightSims Challenge - A 10-day challenge to set up a full-stack enterprise network at home, with Microsoft Active Directory, DevOps, and so on.

Planning for the new network

What am I having?

To be honest, I only have

A Raspberry Pi 5 (8GB of RAM, 256GB of SSD, and 64GB of SD Card)
A Dell OptiPlex 7050 (16GB of RAM, 238GB of SSD, and 238GB of HDD)

Additionally, I also have the following equipment:

Two safety sockets (3x sockets and 8x sockets) - as an extension and for electronic safety
A Cisco Linksys EA2700 as a wireless access point
A Cisco CBS110-8T-D-EU unmanaged network switch.
A small LIVA Z MiniPC as a small, dedicated router, running OPNSense.

Hosting method

Firstly, two servers may be good enough for a local home network. However, as I want to make sure it is also a replication of standard networking in most enterprises, I think it is better to either:

Buy new devices, sockets, and invest in a new cooling system; or...
Force both servers to run a bare metal hypervisor

And, as you expected, I chose the second option.

Why? Because:

It is cheaper.
Manageability. Instead of managing each physical server with different roles, services, and applications individually, we can manage all servers as VMs on a single physical hypervisor host.
Scalability. Running a hypervisor means your servers are virtual machines (VMs) that can scale on demand.

Planning Hypervisor host and VMs

Planning on services and where to host

Since all servers are running bare metal hypervisors, I decided to run those servers with hypervisor software.

Raspberry Pi 5 will run LXD as the management layer, running on top of Ubuntu Server 24.04 LTS.
Dell OptiPlex 7050 will run Windows Server 2022 with the Hyper-V role enabled. It will host Windows Server VMs, since Active Directory is the core service of my network, and it runs best on Windows Server VMs hosted on Hyper-V. Note that the Windows Server edition must be Datacenter, because the Standard Edition only supports up to 2 VMs of Windows Server instance running.

Moreover, some roles and services must be installed for manageability, security, or backup.

Shell service: On Windows Server, it is Windows Remote Management (WinRM) over PowerShell and Windows Management Instrumentation (WMI). However, I prefer using WinRM with PowerShell over WMI, as WMI is designed for complex scripting with .NET Framework 4.8. On Ubuntu Server, it is Secure Shell (sshd). It may need to disable access using a password and only authenticate with a certificate.
Manage via web interface: On Windows Server, it is Windows Admin Center. On Ubuntu Server, it is Cockpit.
Additionally, Windows Server will have to install those features for further system investigation and backup: Microsoft Defender Antivirus, Setup and Boot Event Collection, System Data Archiver, System Insights, and Windows Server Backup.

Roles and Services running on VMs

For servers as VMs running on Windows Server Hyper-V:

2 domain controllers: Active Directory Domain Services (AD DS), Active Directory Certificate Services (AD CS), and DNS Server.
Authentication server: Active Directory Federation Services (AD FS), Network Policy and Access Services (NPS), and all RSAT features.
Database server: Microsoft SQL Server 2022.
Web Server: Web Server (IIS).
Windows Server Update Service
A Keycloak server as compatible layer with OIDC and SAML.

For the server as VMs running on LXD:

The exit relay DNS server: Pi-Hole Ad-blocker.
DevOps server: GitLab EE.
DevOps Runner: GitLab Runner
Disposable DaaS Server: KASM Instance

Networking

Local Domain Names

Since this is only for the home network, the TLDs of the domain should ideally not be published or used publicly to prevent conflicts with the wider Internet. For example, avoid using .com or .net. Also, avoid using the .local domain, as it causes mDNS issues.

As the best practice, look for registered TLDs on IANA to prevent conflicts for a local domain name.

In this case, I will use the domain workshop.neko. Alternatively, web.neko is used for web deployments. (eg. IIS host or GitLab Pages).

Hypervisor disk partitioning and disk-based computing for backup plans

On the HV01 (running Windows Server 2022)

HV01 on Dell OptiPlex 7050 has two disks, both in good condition.

Since the system must also have a backup solution, I decided to do the following partition scheme:

On the nNVME SSD: Since the SSD has fast I/O, it will become the primary disk, where it holds both the host operating system and all VM contents (incl. disks, configurations, and snapshots).
On the SATA SSD: It is much slower, but more reliable, so it becomes the secondary disk for holding backup contents, incl. backup of host machine, backup of VMs (VMs will send backups via SMB to the host).

On the HV02 (running Ubuntu Server 24.04 LTS)

HV02 on Raspberry Pi 5 has 2 disks, both in good condition.

On SSD: Since it stores both the backup content sent from HV01 over the network, it should be at least the size of the OptiPlex 7050 backup partition, and the rest for the OS and all VMs.
On the SD card: It is much slower than the SSD, so it will become a backup solution for the operating system on Raspberry Pi 5.

What am I having?​

Hosting method​

Planning Hypervisor host and VMs​

Planning on services and where to host​

Roles and Services running on VMs​

Networking​

Local Domain Names​

Hypervisor disk partitioning and disk-based computing for backup plans​

On the HV01 (running Windows Server 2022)​

On the HV02 (running Ubuntu Server 24.04 LTS)​