My Path Forward

Lab Environment

Ok, so you want to be able to start projects but you certainly don’t want to do it in a production environment – so what can you do? Build a lab.

There are many resources on building cloud labs in AWS, Google Cloud, or Azure, but I went with a simple home lab. I found affordable servers on labgopher.com, which links to and rates ebay listings. Please note that there aren’t any warranties and troubleshooting/fixing is on yourself at this point.

Since I wanted to learn in a VMWare environment, I also purchased an annual VMUG Advantage membership so that I can use their products for a flat annual fee that is nowhere near the corporate rate. Of note: To the surprise of no one, 6.7 is long in the tooth and will be retiring at the end of 2023. I suggest you purchase hardware that will work with 7 or 8.

If you’re going this route, it’s worth comparing to the VMWare Compatibility Matrix. This ensures that the hardware you have will work with whatever version of ESXi you want to use.

I also purchased a Cisco ME3400 level switch for gig ports (I know, it’s not multigig) so I could set up VLANs that can be shared to external devices if need be.

Ok, so now that I have all that – what then?

It will help if you have an idea of how you want your lab to look like and work. Draw a simple network diagram on a napkin if it will help you visualize it. It’s much easier than getting started and realizing your design won’t work and have to start over. ALTHOUGH – that is an excellent way to learn through troubleshooting.

After installing ESXi and making sure my cluster was set up correctly, I created two VLANs – external and internal. I used these to add a pfsense vm that acts as my firewall and VPN into the lab environment.

From there I started creating my active directory lab. Using VMs, I spun up instances of server 2019 to create my DC, DHCP server, test server, and I used Windows 10 to create my workstation example.

Pain points:
I was unable to separate AD DNS from the DC, it broke servers being able to join the domain when I did it.
I had installed Splunk, but quickly overloaded the 500mb/day trial (free) version by not trimming back Sysmon enough.

Further development:
Set up a tier 0, tier 1, tier 2 hierarchy for AD.
Set up ELK stack for monitoring.
Further investigate allowing Security Onion to view VM to VM traffic.

Resources I used:
https://www.nakivo.com/blog/vmware-distributed-switch-configuration/