What all do you run for software / servers at home?

D

Da Fan Man

[H]ard|Gawd
Joined
May 20, 2001
Messages
1,671
Like many of you I'm an IT professional and general geek. I enjoy playing around with various hardware and software at home, both from a 'cool factor' standpoint and for learning. It got me curious as to what everyone runs at home for software/servers?

I currently have a Synology NAS that handles my file server duties, torrents, Radius, and TFTP, then an ESXi box that's running a few different VM's, Sophos UTM for router/firewall/utm duties, a Windows Server 2012 Box that is supplying DHCP and Active Directory, Cisco Communications Manager for Voice. I also have a Vera Lite for home automation, DSC Security system with IP interface, and am probably going to add a Kodi/XBMC box soon once my theater is completed. I've been considering getting some kind of graphing loaded like Cacti or Observium, and SNMP monitoring would be nice as well but I'm not sure what is available that's good and free, I use SevOne at work which I like quite a lot but can't justify spending money on licensing for home use. .

So, what all do you run and why?
 
Last edited:
EdgeRouter Lite (aka ERL) for a router. I waffled back and forth between an ERL and a pfSense build, ultimately the ERL did everything in physical and power footprint similar to regular consumer routers. It also runs Linux which as a Linux nerd was bonus points. The ERL runs my DHCP, DNS, and NTP servers

TPLink Archer C7 v2 for an wireless AP (I'm currently screwing around with OpenWRT on this). Cheap 802.11ac, compatible (for the most part) with open source firmware.

CentOS 6.6 box. The host OS runs ZFS on Linux, Samba, and KVM. I used CentOS because I'm very familiar with RHEL, its stable, and its easy for me to harden the system. I run VMs with KVM (via libvirt). My VMs are usually Arch Linux based and I use them as a development environment for various software projects. The host system also runs my TFTP server which I use for PXE booting other machines on the LAN with PartedMagic, memtest86, or install images.
 
ESXi hypervisor - get my feet wet in VMs

Server2k12 Domain controller - started off just to learn AD, now i Just use it to easily manage my other PCs/users at home., also to test stuff im too scared to test at work in production

Server2k12 FileServer/Plex media serever

PFSense - way better than my crappy linksys was.

Debian - learn linux
 
I have dual internet connections, a primary 50meg cable connection for all my home entertainment, kids internet ipads, etc.

And an 18Mbit Uverse connection for my lab, VPN, extranet connectivity. I policy route all the inbound primarily into my ASA, but the uverse connection also has an IP-SLA monitor outbound to monitor for a drop, and if I lose my uverse connection, Pfr will route all my lab traffic out the Cable connection (dmvpn).


ASA 5525x Firepower perimeter firewall with IPS, AppControl and URL Filtering, dumping into a single FireSight instance inside (vm). I also estream all my FireSight data into Splunk! running the Cisco Enterprise Security app. and a few custom dashboard widgets for customer demos.

I have a Meraki MS-22 cloud managed switch for my access hosts, trunked over to a C3750X switch with 2 x esxi 5.2 hosts running all my various VMs. I'm using local storage on each of the VMware hosts, and running a FreeNAS VM in one of the spare VMs, for PLEX, and SFTP servers. Most of my APs, and controller, and a couple of physical hosts I use to test ISE policies on wired 802.1x run off the 3750x, since it supports COA, and TrustSec SGT inline tagging.
 
vpshere, pfsense, several centos based servers -freepbx, a nagios box for client monitoring, file server on a dell T110-II. Also a hp microserver running zfs for bulk storage & backups.
 
pfsense for firewall
CentOS 6.x for most OSes
Vmware ESXi for my main production VM envornmient.
DNS,
email,
apache/php/mysql for various web based tools and development
main NAS is also CentOS, using md raid. Pretty much EVERYTHING is on there including VMs and raw data.
Unifi for wifi
2 Dell switches for switching/vlans. (pfsense handles intervlan routing/fw rules)
custom apps for hvac control and home/network monitoring.
APS 750 inverter-charger and 400AH of battery for power backup

This is just the main stuff off the top of my head. Probably missing lot of stuff. :p

Most of my servers are Supermicro. pfsense is an Asus I bought for cheap off someone here a while back. Intention was to test new virtualization solutions on it but it did not have VT so it replaced my P3 PFsense box.

I have a white box core2quad as well, I need to retire that. It's still running my email and DNS on Fedora Core 9. Ridiculously old install but it does lot of oddball things that I just have not gotten around to migrating and it's been fairly solid. I'd do a P2V of it TBH... but I've never gotten that to work in Linux so probably wont bother even trying. The email will be the hardest as I ahve all sorts of custom procmail stuff I'll have to redo. I don't even think procmail exists anymore. DNS should be easy, just copy the zone files over and done. Probably use the same IP on whatever server I migrate that to so I don't have to change it everywhere, because I'm lazy like that. :p Though a lot of my static stuff is through DCHP now so probably would not have to change it that many places anyway.
 
How much do you guys pay for all this hardware and server OS, etc?

Or do you get discounts, being in the business, that aren't available to the rest of us who are just enthusiasts?
 
Nice Feedback so far guys, keep em coming, it's interesting to see the different ways people are leveraging this tech at home. I guess I forgot to include network hardware beyond my Sophos install. I'm using a Cisco Meraki MR18 AP that I've been pretty happy with. I also have a Brocade FastIron GS648P Gigabit POE switch, been VERY happy with this purchase since it was less than $300 shipped (ebay) for a 48 port gig poe switch. Not too terrible noise wise either.

@x509 - Most of my stuff is fairly inexpensive (Ebay Switch, Whitebox ESXi server, etc) VMWare ESXi is free, Linux is free, Sophos UTM for home use is free. About the only things I've gotten due to work connections are the Meraki AP, I'm sure others experiences will differ. Making pretty good money + being able to use some of this stuff to learn / expand my professional knowledge is good justification for dropping some money on hardware / software too.
 
Firewall - Juniper SSG5 - ebay snag for $100. Already managed several at work so no learning curve. Also does DHCP and NTP for internal Lan.
NAS - Dlink DNS-325 w/2 2TB mirrored. Both were bought just before the great SE Asia flood spiked HD prices.
WiFi - DLink DGL-4300 - ancient by today's standards but works well enough.
Also have 2 networked printers.
Switches are whatever gigabit unmanaged switches were on sale when I was in purchase mode. Different brands/models purchased at different times.
Network cable was salvaged when the government agency I worked for at the time moved. We were told to take all we wanted as the several floors we had occupied were going to be stripped to the bare concrete and redone. Got several hundred feet. Should have got more. :confused:
 
x509 said:
How much do you guys pay for all this hardware and server OS, etc?
Click to expand...

Know what you want and look for a good deal on used gear such as on Ebay or Craigslist. If you have connections you might even be able to score some used stuff that a company was going to throw out (or you could even dumpster dive for used gear if you know where to look - Dave Jones from EEVBlog has scored a lot of good stuff this way).
 
HP server with ESX coloed at work in one of our DC's
various 2k8/2k12 and debian VMs for internet heavy stuff (game/web servers etc)

Supermicro ESX at home for playing and home "services"
Paloalto VM
Sophos VM
PFsense VM
Fortigate VM
juniper SSLVPN
1 debian for monitoring (checkMK and observium)
1 debian for xmbc DB and various php apps
2k12 - essentials for AD/dhcp/dns etc
2k12 - 2nd dns/dhcp
windows 7 - my remote PC
Freenas with 6x4tb in ZFS2 (XBMC storage) - looking at moving to synology DS1815+ at the moment
PBXiaF


Network:
Internet 50/10 VDSL
Main firewall - Fortigate 60D
other firewalls - ns5gt, SSG5, SRX100h2
main switch - Juniper Ex2200C POE
2x Netgear gs108T
various "dumb" switches througout the appartment

Home automation
MAX! Cube controlling 10 radiator thermostats
Various radio power outlets (400mhz) probably being replaced UBNT mPower outlets soon
2 DECT controlled power outlets from AVM which also log power usage


wlan - boring AVM wlan stuff
Phones AVM Dect phones

Media - XBMC in various rooms on "leftover" hardware from various upgrades and VU+ duo2 with 2 cable receivers as PVR

also variuos "mini PCs" (sheevaplug, raspberry, pcengines ALIX) doing various things which should probably be migrated to vms at somepoint


Power costs - arround 1600 euros/year
hardware costs - a fraction of what my wife knows
 
x509 said:
How much do you guys pay for all this hardware and server OS, etc?

Or do you get discounts, being in the business, that aren't available to the rest of us who are just enthusiasts?
Click to expand...

I try to stick to all open source/free stuff, so my only cost is the hardware. That too I tend to go more the DIY route. Ex: building my own NAS instead of buying premade. My whole rack setup was more or less DIY as well including the big UPS. You're not going to find a 4 hour+ run time expandable UPS for under $1,000. :p Still need to design and build the hvac system, that will all be DIY as well.

Some people who work for certain companies may get lucky enough to get discounts and stuff though.
 
Network Hardware:
  • 50/5 Cable connection
  • EdgeRouter Lite ER-3 Router (love the CLI)
  • Dell Powerconnect 2748 managed 48 port gigabit switch.
  • 2 UniFi APs (1 pro, 1 regular AP)

Server (I use that term lightly as it's all just consumer grade gear except for the NIC):
►ESXi Whitebox (G620/1.8 TB/16 GB RAM/Intel NIC), running the following VMs as solo appliances:
  • OpenVPN Server - Ubuntu 12.04-64LTS
  • PureFTPD - Centos 6.6-64
  • UnifiController 3.2.7 - Ubuntu 12.04-64LTS
  • FreePBX
  • Bind DNS1 - Centos 6.6-64
  • Bind DNS2 - Centos 6.6-64
  • NN+ LAMP stack - Ubuntu 12.04-64LTS
  • ZoneMinder- Centos 6.6-64
  • SABNZND/SickBeard with custom post-processing/encoding - Windows 7
  • SquidProxy (Transparent) - Ubuntu 12.04-64LTS


Also, I'm not in the IT industry in any way. It's something I have a passion for but never managed to find a job in. Wish I could, but I have absolutely zero formal training - I've always just dug in and figured things out on my own - usually with a healthy dose of RTFM, oh well... /shrug.
 
Entirely VMs!

Running on two ESXi 5.5 hosts:
pfSense for firewall/dhcp/dns
OmniOS + nappit for VM storage
SUSE Linux for vCenter + vCenter Operations Manager
Windows Server 2012 R2 for AD
Windows Server 2012 R2 for SMB file sharing and storage
Ubuntu 14.04 for ADS-B receiver (PiAware + dump1090)
Debian (latest) for web server 1 (guacamole web rdp client)
CentOS 6.6 for web server 2 (will eventually be merged with web server 1)
CentOS 6.5 for PBXiaF
Windows 7 for "HTPC" (TV Recording and storage)
Windows 8.1 for Plex transcoding
Windows 8.1 for poor man's single seat VDI :D

Another 10+ VMs that aren't regularly on for testing (like Win 10TP)

Everything's going through a Cisco SG200-26, and wireless is AirPort Extreme. I want to switch to a Unifi eventually though.
 
Running on VMware ESXi 5.5:
1 Server 2012 R2 - DC, DHCP, DNS, Print, WDS, and MDT
2 Server 2012 R2 - DC, DNS
1 Server 2012 R2 - Windows only vSphere programs. (mainly update manager right now)
1 FreePBX - Home Phones off Google Voice
1 OmniOS + nappit - NAS/SAN, 8 disks passthrough, backing up to CrashPlan
1 Ubuntu - Plex Media Server
1 Ubuntu - media gathering software
1 VMA and 1 Appliance - UPS management
1 pfSense - Router, VPN and traffic monitor
2 Quantum appliances to backup VMs
1 vCenter appliance


All above running 24x7, bunch of other VM's (Ubuntu, FreeBSD, Mac OS X, and Windows 7-2012R2) for testing and other odd jobs, about 30 in all.

Hardware:
ESXi Home-Lab:
Main ESXi: 2x Intel E5520 2.26Ghz, 56GB Ram, 4x 1TB WD RE4 RAID-Z, 4x 2TB WD Red RAID-Z, 1 pool 7.9TB usable spanned over both vdevs, 500GB OS DataStore, 16GB USB Boot Drive
Second ESXi: Rackable C2004, 2x Intel E5345 2.33Ghz, 32GB Ram, 500GB Boot and OS DataStore

Network:
Dell 5324 Switch
Linksys WRT54GL - Old but still working only mobile device and laptop are wireless so speed isn't a big problem.
2 small gigabit switches, HP and D-Link
Cisco 7940 Phone
Old Polycom Sip phone

Almost all my hardware I bought used off eBay for pretty cheap, you just have to shop around.
My software I was a Action Pack subscriber and soon I think I will be again now that they have killed Technet. The VMware I just recently got from the VMUG EVALExperience so I am starting to a a bunch of VMware products now.
 
Here's my home config running on VMware ESXi v5.5:

Software
1 - Server 2012 R2 Standard - Active Directory, DNS
1 - Server 2008 R2 Standard - Active Directory, DNS
1 - Server 2008 R2 Standard Core - Active Directory, DNS
1 - Server 2012 R2 Standard - SQL Server 2014
1 - Server 2012 R2 Standard - Windows Deployment Services, Microsoft Desktop Toolkit, WSUS
1 - Server 2008 R2 Standard - DHCP
1 - Server 2008 R2 Standard - Exchange Server 2010
1 - Server 2008 R2 Standard - Remote Desktop Gateway, VPN
1 - SUSE Linux Enterprise v11 - VMware vCenter v5.5 Appliance
1 - CentOS v6.5 - Running AsteriskNOW/FreePBX
1 - CentOS v6.5 - Running Observium Logging Server
1 - Windows 7 SP1 Workstation - Kids Minecraft Server (highly critical)

Hardware
1 - ASUS Z8NA-D6C Dual LGA 1366 Intel 5500 ATX Dual Intel Xeon, 24GB Ram, 2x1TB WD HDD's

@artbird - Any chance I can get a copy of your 79xx phone configs for FreePBX/Asterisk?
 
I've slimmed down my home lab in the last year or so save on power.

Comcast 50/10 internet service at home.
Sun x4170, 2x Quadcore Xeon, 72GB RAM running ESXi 5.1 and dual 10GbE to Storage
Dell NS12 12bay Storage service with an Areca RAID running 2012R2 and serving up media to network and NFS storage to ESXi host.
Dell 5324 and Enterasys C3G124-24P for POE
Yealink VP2009 and T26, and Aastra 57i

Running the following in VM:
PFsense
PBX-in-a-Flash
2012R2 - AD, DNS and DHCP
2012R2 - AD, DNS and Radius
Ubuntu 12.04 Desktop for Unifi Controller and Plex
Ubuntu 12.04 LTS Server for Observium
Windows 8.1 for 3CX and testing
Windows 10 for testing
 
Last edited:
I work for an MSP, so I got my server from a bad eBay transaction. We ordered some 1U dual Opteron quad-core servers and they were damaged in shipping. All the rack ears were trashed, the drive chassis's were broken, the cases dented badly, etc. Neither the shipper nor UPS claimed responsibility, so eBay got our money back and we kept the servers. I gutted the motherboard, processor, and memory and moved to a 4U Norco case with 2x Norco 5 drive bays. I did have to do a little bit of custom cutting on the rear plate, but I didn't mind. So I have a dual quad-core Opteron system with 32GB of RAM.

Server
-Windows 2012 Standard with Hyper-V
--VM - FreePBX
--VM - Server 2012 Standard - Minecraft Server
--VM - Arch linux - MySQL VM
--VM - Arch linux - nginx VM
--VM - Arch linux - SSH VM (disabled password SSH on MySQL and nginx VM, have to login with keys from SSH VM)

-Planning for redundancy testing:
--VM - Server 2012 Standard - DC/DNS x2
--VM - Server 2012 Standard - Exchange 2013 x2
--VM - Server 2012 Standard - SQL Server 2012 R2 x2
--VM - Server 2012 Standard Core - Misc

Network
-UBNT EdgeRouter Lite
-UBNT UniFi Access Point Long Range
-UBNT ToughSwitch-5
-Whitebox wireless bridge (doing testing for buddy who works for teleco offering streaming TV)
 
Last edited:
TWC EMTA for internet and phone
Apple Airport Extreme router and wifi for first and second floor
Dell 2824 switch in the basement
Meraki AP in the basement
Windows Server 2003 (yeah, I know) DC, file share, testing
couple laptops and desktops
Several analog/digital phone systems, Inter-Tel IP phone for my dad's work
 
Unlike most here, I have a server for what I need and not to just say "yeah i got one of those"

I have a single Windows Home Server (i think 2011?) that acts as a file server. It's where all my movies/tv shows are stored as well as anything else I need. It's a RAID5 system with I believe 8 2TB drives.

Nice and simple.
 
Adam said:
Unlike most here, I have a server for what I need and not to just say "yeah i got one of those"

I have a single Windows Home Server (i think 2011?) that acts as a file server. It's where all my movies/tv shows are stored as well as anything else I need. It's a RAID5 system with I believe 8 2TB drives.

Nice and simple.
Click to expand...

Agreed; I run a copy of server 2012 R2 I got from dreamspark and have a few VMs for various purposes (and I could probably get around to cutting down on those as well). I just need something to put my files on that runs well and is reliable. I also like to have a spare bit of power incase I need to transcode/encode things. Essentially:

*File server - non VM
*Ventrillo server - non VM
*Web Server - debian VM
*Media server (mediabrowser instead of plex) and WMCserver installation for old cablecard I don't use anymore.
*Remote work connecting VM to avoid network card crashes from the awful citrix adapter

That's pretty much it. I used to do a whole lot more, but it honestly just complicated things needlessly. I can't imagine ever putting something like AD on a VM and actually using it for anything more than testing. That just sounds over the top for my purposes. I also like my networking devices completely independent; if something happens to my server for whatever reason, I'd rather not have to take down my WAN connection. I never really understood setting up a windows VM (or linux, whatever you want) just for DNS/DHCP. What's the big advantage vs. a Tomato/DDWRT/OPENWRT/Pfsense router handling this along with all the other networking stuff? I used to actually run my own email server because I was young and thought it was pretty cool, but then comcast shut down all the email ports so I couldn't receive emails from other domains. That was fun.... I've considered messing around with a pfsense build for fun, but I think I'd prefer they migrate it to something like the edgerouter lite. I'd just like to mess around with packet inspection a bit sometime.
 
Last edited:
ESXi whitebox:

Debian server
Ubuntu server
Mac OSX
Windows 2008
Windows 7
 
Pylor said:
I never really understood setting up a windows VM (or linux, whatever you want) just for DNS/DHCP. What's the big advantage vs. a Tomato/DDWRT/OPENWRT/Pfsense router handling this along with all the other networking stuff?
Click to expand...

A couple big advantages:
  • Updates - since it's the "real" package I can update and not be dependent on say.... the Tomato devs adding new build / compatibility.
  • Separate systems mean I can mess with things and if I botch something badly I don't need to take down the entire network because a change went wrong. I only need to take down the VM to restore an image/correct the issue. Modularity is an advantage, it's the same reason a self built desktop PC is more robust/easier to fix than an off the shelf all-in-one PC.
  • Sometimes features work differently on new versions vs old versions of packages. Sometimes dependencies create a conflict that would force you to update both packages when you only want to update one package. Maybe I want the newest feature in package A, but to leave package B on a legacy stable version.

As for the DNS server:
  • My ISP hijacks my DNS. Even if I direct it to an external DNS server, they reroute the traffic to their own DNs server, which returns "suggested results" on typos, etc. I want 404's not BS ads/hijacks.
To get around this I have my own DNS forwarders setup that communicate over an encrypted link to a VPS running bind on a nonstandard port. IE. My ISP can't fuck with my DNS.
 
Adam said:
Unlike most here, I have a server for what I need and not to just say "yeah i got one of those"

I have a single Windows Home Server (i think 2011?) that acts as a file server. It's where all my movies/tv shows are stored as well as anything else I need. It's a RAID5 system with I believe 8 2TB drives.

Nice and simple.
Click to expand...

I'm with you! I see a lot of people making a VM for a single use. It seems like a management nightmare, because now you have to update 14 VM's every couple of weeks instead of tracking one or two systems (VM or bare metal). For most, one or two boxes can do everything you need, maybe with a couple exceptions. This is for a home "production" network. I'd put home labs, where you're actively learning a system in a closed environment in a totally different category.

Pylor said:
Agreed; I run a copy of server 2012 R2 I got from dreamspark and have a few VMs for various purposes (and I could probably get around to cutting down on those as well). I just need something to put my files on that runs well and is reliable. I also like to have a spare bit of power incase I need to transcode/encode things. Essentially:

*File server - non VM
*Ventrillo server - non VM
*Web Server - debian VM
*Media server (mediabrowser instead of plex) and WMCserver installation for old cablecard I don't use anymore.
*Remote work connecting VM to avoid network card crashes from the awful citrix adapter

That's pretty much it. I used to do a whole lot more, but it honestly just complicated things needlessly. I can't imagine ever putting something like AD on a VM and actually using it for anything more than testing. That just sounds over the top for my purposes. I also like my networking devices completely independent; if something happens to my server for whatever reason, I'd rather not have to take down my WAN connection. I never really understood setting up a windows VM (or linux, whatever you want) just for DNS/DHCP. What's the big advantage vs. a Tomato/DDWRT/OPENWRT/Pfsense router handling this along with all the other networking stuff? I used to actually run my own email server because I was young and thought it was pretty cool, but then comcast shut down all the email ports so I couldn't receive emails from other domains. That was fun.... I've considered messing around with a pfsense build for fun, but I think I'd prefer they migrate it to something like the edgerouter lite. I'd just like to mess around with packet inspection a bit sometime.
Click to expand...

The Edgerouter is nice, but I'd probably suggest something like a J1900 system with dual NICs and Pfsense, or something similar (roll your own). The Edgerouters are awesome for what they are, but I think an actual lightweight system is a little more reliable.

If you're just curious about learning network monitoring, pick up a copy of Richard Bejtlich's book, The Practice of Network Security Monitoring, and put Security Onion on an old machine for a couple of months and watch what it catches. It's an interesting learning experiment, but probably not something I'd run all the time.
 
Wow.... a bunch of you guys are running some serious gear for home office and home tech lab use.

I was running m0n0wall on a WRAP based box for my firewall. Had to scrap that when it ran out of steam at 22Mbs on my 30Mbs cable connection (worked fine when I was on slower DSL). I'm currently using an old DI-634M wireless router as my main firewall and it's keeping up for now, though it's not nearly as cool as m0n0wall (m0n0wall project was just recently discontinued sadly). Glad to see somebody else posted he is still using an old D-Link wireless router too. I am getting the itch to buy a better firewall on Ebay though, maybe an old Cisco box, or maybe do Pfsense since I liked m0n0wall so much. Running a simple D-Link 8 port gigabit switch.

Years ago I was just running 2000 Server on a P3 box as my file/print server. Actually worked fine, but finally decided I needed something a bit "beefier" around 6-7 years ago. :)

Bought a low end Dell PE SC430 server on Ebay for $60. It still had the 2003 SBS sticker on it which was perfect for me. Bought a new pair of 500GB drives and a cheap Marvell RAID controller and I had a perfect server for my uses. Great that I could play around with Exchange on it too. I also use the Remote Workplace feature of SBS so I have live access to all of my customer records when I'm out on calls. Much safer than carrying around customer data with me.

I support small businesses so my home office environment is a perfect match for the environments that I support. Would be great to have some bigger/better newer stuff, but I really don't need it.
 
Last edited:
iroc409 said:
I'm with you! I see a lot of people making a VM for a single use. It seems like a management nightmare, because now you have to update 14 VM's every couple of weeks instead of tracking one or two systems (VM or bare metal). For most, one or two boxes can do everything you need, maybe with a couple exceptions. This is for a home "production" network. I'd put home labs, where you're actively learning a system in a closed environment in a totally different category.
Click to expand...

Thats why you use a real OS on your VMs. Install a flavor of linux, update it every 5 years or so.
 
Adam said:
Unlike most here, I have a server for what I need and not to just say "yeah i got one of those"

I have a single Windows Home Server (i think 2011?) that acts as a file server. It's where all my movies/tv shows are stored as well as anything else I need. It's a RAID5 system with I believe 8 2TB drives.

Nice and simple.
Click to expand...

This is not something I'd expect to read on [H] from a 12 year member. It's super you have your simple needs and WHS is adequate for them, but others have different needs and desires. I'd imagine most of us are either professionals, enthusiasts or both.

At any rate the opening comment is pretty rude.
 
wizdum said:
Thats why you use a real OS on your VMs. Install a flavor of linux, update it every 5 years or so.
Click to expand...

Not necessarily a good plan from a security standpoint, but I've done it in the past and it gets by. There are vulnerabilities all the time in operating systems, including in "real" ones. If it's not the core OS that gets you, it's the packages you're running on it. We just had *another* significant one announced in linux just a couple weeks ago.
 
iroc409 said:
Not necessarily a good plan from a security standpoint, but I've done it in the past and it gets by. There are vulnerabilities all the time in operating systems, including in "real" ones. If it's not the core OS that gets you, it's the packages you're running on it. We just had *another* significant one announced in linux just a couple weeks ago.
Click to expand...

Right. Thats why its a good idea to run the "cloud" versions of a distro. You get just the bare minimum and only install what you need. In a "home" environment I imagine you would be safe enough if you just blocked access to these VMs from outside the network. At my work place...I don't even want to think about what would happen if an attacker got on our LAN, and found the RHEL3 boxes.
 
wizdum said:
Thats why you use a real OS on your VMs. Install a flavor of linux, update it every 5 years or so.
Click to expand...

Just make sure you pick a LTS version. I've been burned by that before. Install latest version of XYZ and 6 months later they pull off the repositories. But yeah I tend to stick with CentOS and it's rock solid and very easy to update.

I tend to split stuff in VMs but only to a certain extent as it does become a bit more work to manage, but way I see it if one decides to crap out for whatever reason at least only that service is down. I need to move my DNS, email and few other things to a VM but I'll probably still keep those things together. One of these days I want to code a management system that makes it super easy to manage/setup new Linux VMs though, like a web interface to configure all the repetitious stuff like fail2ban, firewall rules, etc. I'd make it sorta into like a "cloud" system. If I setup email I can easily migrate the service and settings to another server etc.
 
Last edited:
Not sure I'm aware of "cloud" versions, unless you're talking about a service like AWS or something. I agree that the interior of most networks are soft and squishy, and admit to running a FreeBSD file server at home basically without any updates whatsoever, or firewall, for a couple years with no issues.

I've kind of changed my own stance on home networks though, and spend a little more time hardening the end points. With all the stuff that's on a home network these days that can be compromised (smart TV's, media devices, coffee makers, etc), I think it pays to make sure your devices can withstand some abuse. If you're not running a good perimeter system, and just a basic firewall, the squishy filling is still fairly ripe for abuse, even if they don't have internet-facing services.

I can see splitting out some things, I do this to an extent at home, but I think it's done to an extreme. There's really nothing I have against it--this is a hobby, afterall, and I fully support people wanting to tinker because it's fun--other than it adds (IMHO) unnecessary complications. Again, a walled home lab is totally different--I'm talking about production. For example, I've always selected good hardware for routers/firewalls, and leave all the network services on it. Maybe it's not an enterprise best practice, but I've done it for years with good systems and haven't had any issues. If the router craps out, I'm out a network connection anyway, so having DNS and DHCP on a different system isn't going to help me any. In enterprise with high availability systems, this makes a more significant difference.
 
iroc409 said:
Not sure I'm aware of "cloud" versions, unless you're talking about a service like AWS or something. I agree that the interior of most networks are soft and squishy, and admit to running a FreeBSD file server at home basically without any updates whatsoever, or firewall, for a couple years with no issues.

I've kind of changed my own stance on home networks though, and spend a little more time hardening the end points. With all the stuff that's on a home network these days that can be compromised (smart TV's, media devices, coffee makers, etc), I think it pays to make sure your devices can withstand some abuse. If you're not running a good perimeter system, and just a basic firewall, the squishy filling is still fairly ripe for abuse, even if they don't have internet-facing services.

I can see splitting out some things, I do this to an extent at home, but I think it's done to an extreme. There's really nothing I have against it--this is a hobby, afterall, and I fully support people wanting to tinker because it's fun--other than it adds (IMHO) unnecessary complications. Again, a walled home lab is totally different--I'm talking about production. For example, I've always selected good hardware for routers/firewalls, and leave all the network services on it. Maybe it's not an enterprise best practice, but I've done it for years with good systems and haven't had any issues. If the router craps out, I'm out a network connection anyway, so having DNS and DHCP on a different system isn't going to help me any. In enterprise with high availability systems, this makes a more significant difference.
Click to expand...

"Cloud" is just what Fedora calls their new installer base. CentOS has a "minimal" version, and I believe Ubuntu does as well.
 
wizdum said:
"Cloud" is just what Fedora calls their new installer base. CentOS has a "minimal" version, and I believe Ubuntu does as well.
Click to expand...

Ahh, thanks. I haven't played with any of those in a long time, though I've thought about picking up CentOS. Mostly use Linux-based router packages, FreeBSD, and OpenSuSE for workstations.
 
High level:
pfsense router
file server running open indiana+nap-it
win2k12r2 w/ hyper-v, sql+20-ish VMs, windows domain, plex server
win2k12r2 w/ hyper-v, web server, test box
10gbe between file server & vm box
gbe switched network
unifi w/ 3 wap
 
devman said:
This is not something I'd expect to read on [H] from a 12 year member. It's super you have your simple needs and WHS is adequate for them, but others have different needs and desires. I'd imagine most of us are either professionals, enthusiasts or both.

At any rate the opening comment is pretty rude.
Click to expand...

I'm not sure it was meant to be rude, but I can see how you could interpret it that way. I just identify with it. I've been working on computers for over 15 years as a hobbyist/enthusiast which I leveraged into a career. Playing around with setting up DCs, exchange servers and all that is fun, especially when you virtualize (also very fun and useful) and play around with fail over/DR scenarios. That being said, you'd have to pay me to setup my home environment that way. Hardware fails, software stops being updated, configurations break with updates, and all sorts of other issues can crop up. It just gets to be a maintenance headache when you come home after troubleshooting issues all day at work and then you find there's some sort of issue. Just my 2 cents, as I can certainly understand learning and playing.
 
Last edited:
Spartacus said:
Bought a low end Dell PE SC430 server on Ebay for $60. It still had the 2003 SBS sticker on it which was perfect for me.

I am getting the itch to buy a better firewall on Ebay though, maybe an old Cisco box, or maybe do Pfsense since I liked m0n0wall so much
Click to expand...

Aren't those the old prescott P4 servers? Wouldn't be too bad for keeping an apartment/house toasty in the winter! That being said, I recently picked up a cheap lenovo server (minus hard drive) off amazon to use as a pfsense router (I've been wanting one for awhile) and double as an HTPC via windows server (hyper-v for pfsense):

http://www.amazon.com/Lenovo-ThinkS...mputer/dp/B00F6EK9J2/ref=cm_cr_pr_product_top

I saw it linked on the pfsense subreddit and was prettysurprised at the price, especially when people were looking at little atom powered netboxes for about the same price. A C226 mobo alone costs > $150 for a new one on newegg, so I'm curious as to what the quality will be. Just an option if you ever decide you do need an upgrade or just want something to play on.
 
As an Amazon Associate, HardForum may earn from qualifying purchases.
White box ESXi host running the following VMs
- VM1 running plex (why? Cuz I hate commercials)
- VM2 running SR/CP (why? cuz I'm lazy)
- VM3 running pfsense (though I haven't gotten around to configuring it yet)
- VM4 running MDT (well, a failed attempt of MDT, only spent an hour on it so I will have to go back and learn how to configure that)

That's it for now, the future
- Remove that ESXi HDD and install ESXi on a USB flash drive (already bought the flash drive :p)
- Replace the single HDD that ESXi and it's VMs are hosted on with RAID 10 or RAID 01 SSDs (Already bought the SSDs but haven't gotten around to configuring it as the server will be down for a day or two and that will result in angry family members cuz PLEX would be down :p )
- Install another ESXi host (or xen and or proxmox, for learning purposes)
- Install the switches and routers I've bought (Cisco 2950 - 1800 series router - Dell 3800 series switch - HP Pro curve 2600 series switch just to learn VLANs - Trunking - Port Channels etc etc)
- Get into the server side of things by making a DC with AD / DNS / DHCP
 
[My Physical Boxes]
2x Server 2012R2 - Hyper-V and File Server
2x Windows 8.1 - Workstation/Gaming/PLEX and an Intel NUC connected to TV
1x OSX - Macbook Air

[My Virtual Machines]
Server 2012R2:
2x AD/DNS/DHCP
1x SQL
1x Virtual Machine Manager
1x Web Server and Reverse Proxy
1x Certificate Authority
1x Offline Root CA

Ubuntu Server:
1x Proxy Server (Squid, Privoxy, TOR)
1x Guacamole HTML5 Remote Access Server

Other VMs:
GNS3 IOU Appliance
Cisco UCS Emulator

[Networking]
Router: Edge Router Pro (8 Port)
Switch: ZyXEL 48-Port GbE Smart Managed Switch with 10GbE uplink SFP Ports (XGS1910-48)
WiFi: RT-AC87U

Have 10Gb to File Server, Hyper-V and Workstation. With 8Gb LACP to the EdgeRouter.

I also have an ASA5515-X that I play with sometimes...
 
devman said:
This is not something I'd expect to read on [H] from a 12 year member. It's super you have your simple needs and WHS is adequate for them, but others have different needs and desires. I'd imagine most of us are either professionals, enthusiasts or both.

At any rate the opening comment is pretty rude.
Click to expand...

Don't think it is rude at all.

I used to have a massive setup to play with at home, but as I have gotten into larger work environs, I figured, why the frick do I own this crap? I work on stuff 10X better at work plus don't pay for the damn power. lol. I just keep it simple at home, build complex Environs for dev and testing in Virtual on my work machine and build the real thing when it is time on a sizable multi site system.

I think it just comes down to what your passion is at the moment and what your time investments into the work baby are. Some guys here don't work in the IT field at all and want an outlet, and I totally get that too. I personally am in the "fuck it I got enough shit to deal with at work" phase. :D
 
You must log in or register to reply here.
Back
Top