Created: 10/17/23

Updated: 10/17/23

Home-Lab: what is in the lab

The home lab has evolved a lot over the years.

Back in 2014, I was rocking Cisco 3750G and 3750X along with Dell R610 and along the way upgraded to Dell R720xd’s. My storage used to be a tired and true QNAP TS-420 running WD Enterprise Raptors in RAID 10.

Over the past 5 years, I’ve upgraded from 1G networking to 10G networking and also upgraded the TS-420 to a TS-832X and TS-1277XU-RP to utilize the 10G networking both for VMware storage and data requirements. I’ve also acquired a few dedicated TS-45x series NASs for Veeam backups, PLEX hosting of all of my DVD and converted VHS movies/TV shows, and normal backups as well as offsite NAS repositories at trusted & secured locations for data replication of localized backups.

I’ve set up an offline low-powered domain running on Latte Panda’s for when the ESXi environment was offline and I still need AD, DNS, AD CS (PKI), NPS (RADIUS 802.1X), and Azure AD Connect to service local area network operations.

In the past 3 years, I’ve bought into Microsft cloud offerings and acquired Microsoft E5 licensing, Defender for Endpoint, Defender for Identity, acquired supplemental Intune and Exchange licensing on top of singular-use licensing for niche edge cases.

In the past 2 years, I’ve upgraded my edge to include not one but 2 firewalls, one on the inside separated by a DMZ switch connecting to an edge outside the firewall. I’ve set up several wireless AP’s in the outside firewall zones for IoT which I don’t trust but want to be secured to trusted inside wireless for my own personal devices. I’ve also deployed a 4 tier PKI with the root being locked away, literally. Been using localized certificates for logins, VPN, and securing localized devices.

In the past year, I’ve deployed an outside SIEM appliance with the name being redacted for security reasons, with another SIEM on the inside trust LAN zone with the name redacted state. I’ve deployed a network monitoring appliance via a well-known and trusted solution from the Linux space whose name is also redacted.

In recent months, I’ve added enhancements to the home lab in the form of Server 2022 refreshes, restructuring of my PKI, and enablement of phishing-resistant authentication. I’ve also retired my aging Dell R610s and Dell R720xds in favor of Protectli VP4670s for my VMware workloads as they support CoreBoot and TPM-based encryption of the servers at the BIOS-boot level further increasing the security of my home lab while also reducing my OPx costs of maintaining a home lab for learning and tinkering.

I haven’t made a posting about my home lab in a very long time, and I felt a posting like this would be useful for those curious about my learnings and what I do in my spare time. ^_^

~Cheers