/ Home Lab

Building a Small Form Factor Home Lab

For the past several years I've been using my MacBook Pro for all of my virtualization needs. It served me well for most tasks, however, I wanted to get more experience working with enterprise setups. I found that using my laptop allowed me to run no more than 2-3 Windows systems before I exhausted its resources.

Some of the areas I wanted to explore were Microsoft Active Directory, Log Analysis / SIEM (Security Information and Event Management), and most importantly being able to run more than 2-3 virtual machines at the same time.

I could have went the cloud route, but felt that having a physical system to troubleshoot and tinker with would be more beneficial to learning networking, virtualization, and conducting information security research.

Hardware

The following is a list of the hardware that I purchased to build my home lab. You can also see some build photos at the end of this post.

PART MODEL PRICE
CHASSIS ASRock DeskMini H110 ¥14,558
PROCESSOR Intel i5-7500 LGA1151 ¥17,780
RAM Crucial 32GB (16GB x2) DDR4 PC4-19200 ¥36,800
SSD Samsung 120GB V-NAND SSD 850 ¥5,980
CPU COOLER Noctua NH-L9i L-Type Low-Profile Cooler ¥5,280
TOTAL ¥80,398

I also had a spare 120GB M.2 SSD for IOPs intensive applications, such as Elasticsearch, and a 2TB HDD for storing data that's rarely accessed, such as backups, snapshots, and operating system ISOs. I'll run a benchmark on the actual IOPs performance at a later time.

Software

I'm currently using Proxmox VE to manage all of my virtual machines and containers. Previously, I was using Windows 10 and Oracle VirtualBox to handle virtualization, however I wanted to squeeze every last bit of resources out of my homelab box.

In the image below you can see that Proxmox VE is using barely any of the system's resoures.

Screen-Shot-2018-08-19-at-15.51.40

A lot of new homelabbers will use Windows and Oracle VirtualBox/VMWare Player/Hyper-V, which isn't an issue for a small scale deployments. However, my goal was to setup a small Windows domain, run some penetration tests, execute malware, and do some log analysis. Squeezing every last bit of resources out my system was essential, hence the reason I went this route.

Here's another screenshot after starting all of the virtual machines listed below using htop:

Screen-Shot-2018-08-19-at-16.09.11

Proxmox Virtual Environment web interface showing the information as above:

Screen-Shot-2018-08-19-at-16.09.22

Here's a table of all the operating systems running in my homelab:

PURPOSE MODEL PRICE
HOST OS Proxmox Virtual Environment FREE
DOMAIN CONTROLLER Windows Server 2012 R2 (101) Free (VM)
WEC SERVER Windows Server 2012 R2 (102) Free (VM)
WEF CLIENT Windows 10 Free (VM)
ELASTIC STACK Ubuntu 16.04.3 LTS Free
TOTAL $0.00

I use Windows Server 2012 R2 (101) as the Domain Controller and Windows Server 2012 R2 (102) as a Windows Event Collector server. I send logs from Windows 10 (104) using Windows Event Forwarding (WinRM: 5985/TCP) to this server and then use Winlogbeat to forward those logs to the Elastic Stack running on the Ubuntu 16.04.3 LTS (103) server.

I typically have a few Windows 7/10 systems connected to the domain (homelab.local), which I created on the Windows server running Active Directory (101). There's a lot to learn in Windows environments, so this is a good way to develop that knowledge.

As mentioned above, I use Ubuntu 16.04.3 LTS (103) to run different software such as Elasticsearch, Logstash, and Kibana as a SIEM for parsing logs and other telemetry data from different workstations and servers. Running a Elastic Stack setup typically requires 16GB+ of RAM and at least 2 CPUs, so this is one area that my laptop failed to deliver.

In the future I want to setup a pfSense virtual machine and route all inbound and outbound traffic so that I can have better control over what's entering and leaving my Windows domain (homelab.local). This also allows me to feed the logs pfSense generates into the Elastic Stack environment.

Networking

I use the Uniquiti EdgeRouter X as a firewall between my ISP (WAN) and internal network. I have DHCP setup on both routers, so whenever a new host is connected they will automatically get an IP address.

I've also setup a second virtual bridge and network interface using the USB-C 1Gbps NIC. This allows me to setup VMs on the 192.168.1.0/24 network (ERX) instead of the 192.168.5.0/24 network (R7000).

Screen-Shot-2018-09-23-at-22.57.52

Here's a basic example on what my network looks like:

INTERNET ---> CABLE MODEM (ISP-IP-ADDRESS) ---> ERX (192.168.1.1) ---> R7000 (192.168.5.1) ---> PVE (192.168.5.15) --- PVE VMS (192.168.5.0/24)

I use the Netgear AC1900 (R7000) for all of my wireless routing and connecting to the WAN. Since the motherboard only comes with a single 1 Gbps NIC, I purchased an additional USB-C 1 Gbps NIC.

  • Router #1: Ubiquiti EdgeRouter X (link)
  • Router #2: Netgear AC1900 (R7000) (link)
  • Additional NIC: USB-C 1 Gbps NIC

Pictures

Here are some photos of my home lab.





Updates

  • 2018-09-23: Made some minor additions, word adjustments, and fixed some typos.
  • 2018-08-19: Updated to current homelab configuration using Proxmox Virtual Environment.
  • 2018-04-29: Original post using Windows 10 and Oracle VirtualBox.