As we continue laying the foundation of our enterprise-level homelab, we pivot from the hardware side to the software side. In this installment, we focus on an operating system that complements our hardware and brings to the table its virtualization capabilities. Welcome to the realm of a Hyper-v Server running on Windows Server 2019, a Type 1 hypervisor that supports our Dell PowerEdge R710. This ensures our server receives extended security updates until 2029. (Lifecycle: Windows Server 2019 – Microsoft Lifecycle | Microsoft Learn)
As we delve into the operating system and virtualization setup of our homelab, it’s crucial to talk about resource allocation. For our Windows Server 2019, we’ve dedicated 278GB of storage for the host operating system, as visible on the C drive. This ensures that the host OS has ample space for system files, updates, and essential applications.
When it comes to our virtual machines, we’ve allocated a generous 930GB, indicated by the F drive. This partitioning strategy allows us to store multiple virtual machines, providing them with the necessary space to operate efficiently and simulate different enterprise scenarios without storage constraints.
This allows for a clear separation of host and virtual machine data, simplifying management and ensuring that each has the space needed to perform optimally.
In our enterprise-level homelab, Hyper-V’s virtual switches play a pivotal role in network organization and security. Let’s dive into the configuration of each switch and their specific roles within our virtual environment:
Current virtual switches setup.
- WAN Virtual Switch: This switch uses NIC 1 and is our gateway to the internet. Connected to an external network, it allows virtual machines to communicate with the outside world and assigns WAN IPs for services that require external access like our soon-to-be router/firewall pfSense VM.
- Management Switch: Configured as an internal switch, the Management network is the central hub for our administrative operations, hosting critical services like Active Directory on a Windows Server 2019 instance. This switch is meticulously isolated from our main lab network to ensure that only specific services are accessible to devices on the LAN and other networks. To reinforce this controlled access, we implement stringent firewall rules that govern the traffic to and from the Management network, allowing only authorized interactions with Active Directory and other management services. This careful configuration bolsters our network’s security posture and optimizes performance by segregating management traffic from the regular operational load.
- Main Network Switch: This switch uses NIC 2 which also assigns a static IP to the Hyper-v server, allowing for remote management of the Hyper-v server. We wont be using this switch in our enterprise environment since this NIC is mostly for connecting to the Hyper-v server.
- Pentest Switch: Dedicated to penetration testing activities, this switch is where Linux machines like Kali are. It’s configured to access only the Vulnerable Devices Switch, and Active Directory, ensuring a contained environment for testing without external internet access or connections to other networks.
- Vuln Devices Switch: This is the playground for our penetration testing. Devices on this switch are intentionally vulnerable and are used solely for testing security measures. They are isolated from the internet and other internal networks for safety and control.
- LAB Switch: Serving the main lab network, the LAB Switch facilitates main access to the network. From the lab network, certain users will have access to a Splunk instance which will contain logs of all network interfaces and devices, and to Kali machines for penetration testing exercises. It’s a controlled environment where lab devices will be able to practice security testing with various security tools and pentesting with vulnerable local devices, this is all done without exposing them to external threats.
Each virtual switch serves a unique purpose, from providing internet access to creating isolated environments for secure testing. This strategic setup allows us to simulate real-world network segmentation and manage traffic flow effectively in our homelab.
This lab is an everchanging environment and may change as development continues. As of right now, this network contains multiple virtual machines connected to respective switches, which are setup as interfaces on pfSense.
In our homelab setup, we employ a naming convention for each virtual machine that reflects its network association, operating system/service, and a unique number identifier. The name begins with the virtual switch to which the machine is connected, signifying its network segment, followed by the operating system/service the VM is running, and finally, a sequential number to indicate the specific machine. For instance, devices within our lab environment that are connected to the main lab network are named with the prefix “LAB,” denoting their attachment to the LAB switch, which is the primary network for users to remotely access.
In the next post, will go over Network Interfaces and Firewall Rules.