Setting up a new Home Lab - Day 0
Day 0
This is the day zero of TheFlightSims Challenge - A 14-day challenge to set up a full-stack enterprise network at home, with Microsoft Active Directory, DevOps, and so on.
What am I having?
To be honest, I only have
- A Raspberry Pi 5 (8GB of RAM, 256GB of SSD, and 64GB of SD Card)
- A Dell OptiPlex 7050 (16GB of RAM, 238GB of SSD, and 298GB of HDD)
Additionally, I also have the following equipment:
- Two safety sockets (3x sockets and 8x sockets) - as extension and for electronic safety
- A Wifi router (TP-Link WR820N) - as a network router and wireless modem
- A non-configurable switch (TP-Link) - for network physical segmentation
- 2 external cooling fans (one for my Raspberry Pi, another to make the air cycle better for OptiPlex 7050)
Hosting method
Firstly, two servers may be good enough for a local home network. However, as I want to make sure it is also a replication of standard networking in most enterprises, I think it is better to either:
- Buy new devices, sockets, and invest in a new cooling system; or…
- Force both servers to run a bare metal hypervisor
And, as you expected, I chose the second option.
Why? Because:
- It is cheaper.
- Manageability. Instead of managing each physical server with different roles, services, and applications individually, we can manage all servers as VMs on a single physical hypervisor host.
- Scalability. Running a hypervisor means your servers are virtual machines (VMs) that can scale on demand.
Planning Hypervisor host and VMs
Planning on services and where to host
Since all servers are running bare metal hypervisors, I decided to run those servers with hypervisor software.
- Raspberry Pi 5 will run LXD as the management layer, running on top of Ubuntu Server 24.04 LTS.
- Dell OptiPlex 7050 will run Windows Server 2022 with the Hyper-V role enabled. It will host Windows Server VMs, since Active Directory is the core service of my home network, and it runs best on Windows Server VMs hosted on Hyper-V. Note that the Windows Server edition must be Datacenter, because the Standard Edition only supports up to 2 VMs of Windows Server instance running.
Moreover, some roles and services must be installed for manageability, security, or backup.
- File Server with SMB enabled for backup over the network. On Windows Server, it also needs data deduplication, enhanced storage, storage migration services, and storage replicas. On Ubuntu Server, it is configured with Samba.
- Shell service: On Windows Server, it is Windows Remote Management (WinRM) over PowerShell and Windows Management Instrumentation (WMI). However, I prefer using WinRM with PowerShell over WMI, as WMI is designed for complex scripting with .NET Framework 4.8. On Ubuntu Server, it is Secure Shell (
sshd). It may need to disable access using a password and only authenticate with a certificate. - Manage via web interface: On Windows Server, it is Windows Admin Center. On Ubuntu Server, it is Cockpit.
- Additionally, Windows Server will have to install those features for further system investigation and backup: Microsoft Defender Antivirus, Setup and Boot Event Collection, System Data Archiver, System Insights, and Windows Server Backup.
Roles and Services running on VMs
For servers as VMs running on Windows Server Hyper-V:
- Two domain controllers: Active Directory Domain Services (AD DS), Active Directory Certificate Services (AD CS), and DNS Server.
- Authentication server: Active Directory Federation Services (AD FS), Network Policy and Access Services (NPS), and all RSAT features.
- Database server: Microsoft SQL Server 2022.
- Web Server: Web Server (IIS).
For the server as VMs running on LXD:
- The exit relay DNS server: Pi-Hole Ad-blocker.
- DevOps server: GitLab EE.
- DevOps Runner: GitLab Runner, Docker CE.
Networking
Local Domain Names
Since this is only for the home network, the TLDs of the domain should ideally not be published or used publicly to prevent conflicts with the wider Internet. For example, avoid using .com or .net. Also, avoid using the .local domain, as it causes mDNS issues.
As the best practice, look for registered TLDs on IANA to prevent conflicts for a local domain name.
In this case, I will use the domain workshop.neko. Alternatively, web.neko is used for web deployments. (eg. IIS host or GitLab Pages).
Private IPv4 address map
I expect under 100 clients (not servers!) will join into my network, I will use the 192.168.1.0/24 - which has in total of 254 IP addresses.
I segmented it into parts, as you can see in the table below
| Address Range | Max devices | Purposes |
|---|---|---|
192.168.1.1 - 192.168.1.4 |
4 | Routers and Essential Networking Devices (Switches, Load Balancing) |
192.168.1.5 - 192.168.1.9 |
5 | Hypervisor server range |
192.168.1.10 - 192.168.1.29 |
20 | HV01 VMs range |
192.168.1.30 - 192.168.1.49 |
20 | HV02 VMs range |
192.168.1.50 - 192.168.1.109 |
60 | Reserved for VMs in different hypervisor hosts |
192.168.1.110 - 192.168.1.254 |
145 | Client range |
Actual device naming & IP address assignment
| Server Name | Installed Roles based on Software | Operating System | IPv4 assignment | IPv6 assignment (postfix) | Note |
|---|---|---|---|---|---|
| - | Router | - | 192.168.1.1 |
- | Router (TP-Link) |
| HV01 | Hyper-V | Windows Server 2022 | 192.168.1.5 |
- | Hypervisor host |
| HV02 | LXD | Ubuntu 24.04 LTS | 192.168.1.6 |
- | Hypervisor host |
| DC01 | AD DS, AD CS, DNS Server | Windows Server 2022 | 192.168.1.10 |
::fff8 |
Primary Domain Controller |
| DC02 | AD DS, AD CS, DNS Server | Windows Server 2022 | 192.168.1.11 |
::fff9 |
Secondary Domain Controller |
| AUTH | AD FS, NPS, RSATs | Windows Server 2022 | 192.168.1.20 |
- | Federation Services and RADIUS |
| WEB | Web Server (IIS, without .NET 3.5), Windows Container | Windows Server 2022 | 192.168.1.21 |
- | Web Services, with GitLab Runner support |
| DB | SQL Server 2022 | Windows Server 2022 | 192.168.1.22 |
- | Database Server |
| pihole | Pi-Hole DNS Server | Ubuntu 24.04 LTS | 192.168.1.30 |
- | DNS Resolver Server |
| gitlab-devops | GitLab EE | Ubuntu 24.04 LTS | 192.168.1.35 |
- | GitLab EE instance |
| gitlab-runner | GitLab Runner, Docker CE | Ubuntu 24.04 LTS | 192.168.1.40 |
- | GitLab Runner instance |
Hypervisor disk partitioning and disk-based computing for backup plans
On the HV01 (running Windows Server 2022)
HV01 on Dell OptiPlex 7050 has two disks, both in good condition.
Since the system must also have a backup solution, I decided to do the following partition scheme:
- On the SSD: Since the SSD has fast I/O, it will become the primary disk, where it holds both the host operating system and all VM contents (incl. disks, configurations, and snapshots).
- On the HDD: It is much slower, but more reliable, so it becomes the secondary disk for holding backup contents, incl. backup of host machine, backup of VMs (VMs will send backups via SMB to the host).
On the HV02 (running Ubuntu Server 24.04 LTS)
HV02 on Raspberry Pi 5 has 2 disks, both in good condition.
- On SSD: Since it stores both the backup content sent from HV01 over the network, it should be at least the size of the OptiPlex 7050 backup partition, and the rest for the OS and all VMs.
- On the SD card: It is much slower than the SSD, so it will become a backup solution for the operating system on Raspberry Pi 5.
Calculation for disks, including for backup solution
From the above needs, I sum up into a quick calculation
| Host | Disk Type | Disk No. | Partition | Size | Purpose | Note |
|---|---|---|---|---|---|---|
| HV01 | SSD | 0 | 0 | 100 MB | Boot Partition (UEFI) | This partition is automatically created through WinPE |
| 1 | 30 GB | Host Operating System (Windows Server 2022) | This partition is automatically created through WinPE | |||
| 2 | 737 MB | Windows Recovery Environment | This partition is automatically created through WinPE | |||
| 3 | 208 GB | Virtual machine contents | - | |||
| HDD | 1 | 0 | 231 GB | Back up partition | May need Data Deduplication configured to reduce size | |
| 1 | 67 GB | Local Software Repository | Store software such as Windows installation, SQL Server installation, and so on, for fast deployment | |||
| HV02 | SSD | 0 | 0 | 530 MB | Raspberry Pi boot partition | - |
| 1 | 51 GB | Host Operating System (Ubuntu 24.04 LTS) | This partition is locked at 4GB at the time of creation using Raspberry Pi Imager, but you can mount it on Ubuntu Desktop to resize the partition. | |||
| 2 | 8 GB | Swap Partition | Useful when Ubuntu needs a place to free up less used memory space for essential applications | |||
| 3 | 190 GB | Backup partition over SMB | This partition is for backup service via SMB from Windows Server. Host Ubuntu should not backup into this. | |||
| SD Card | 1 | 0 | 64 GB | Backup partition for local host | This partition is for Ubuntu Server itself. |
What's next?
Looking for Day 1? Here you go! ->