Lab time! Part 2

So here I am with three sweet servers for $600. I now had another issue to solve...

How do I use them?

Funny as it may sound, something I do everyday at work slipped my mind, before my wife asked me how much was my lab going to cost us overall when I mentioned buying the servers. I then sat down to think about what my design goal was and here's what I came up with:

• With three servers I can dedicate one to running my home server infrastructure (ie. AD, DNS, etc.)
• I can run my VMware lab on the other two by virtualizing three ESXi servers on each of those hosts
• I wanted to use shared storage from the get-go just to get more practice in and to test some theories out (like running VDI completely off of NFS since vSphere 5.0 and above can reference the storage device by DNS name now... not exactly sure how View composer is going to react to that, but we'll see). Just needed to pick out a NAS that supports VAAI
• On the physical side, I need to completely enclose these servers in some kind of sound proof rack so I wouldn't drive myself and my wife crazy when we're up here in my office trying to relax.
• I would need a gigabit switch with jumbo frames and port channeling (LACP) for decent iSCSI performance
• I would need a good UPS with at least voltage regulation and hopefully of the pure sine wave type

I settled on using a Synology DS1512+ for the shared storage because of the VAAI support, dual nics, five bays and nice reviews (http://www.smallnetbuilder.com/nas/nas-reviews/31774-synology-ds1512-disk-station-reviewed). I'm also going to use a TP-Link TLSG2216 to run the network because of the low cost (roughly $150), LACP support and jumbo frames. From a high-level standpoint, this is what my lab will look like:

(on a side note... yes it does say 2.5GHz for the processor speeds on that picture. That's because I'm still on the fence about picking up some cheap low power Xeon L5420's to swap in there)

Next up... how I will keep my sanity while using the lab.

Lab time! Part 1

I've been wanting to start writing about my adventures in home lab building but it's been difficult to come up with a way to talk about it that hasn't been hashed out one way or another before somewhere else. I've lost count of the number of web pages and forum threads that are devoted to building a VMware home lab so instead of rehashing all their posts here I think I'm just going to write about how I'm building mine, what I'm looking for design wise, and how much I'll be spending on each item. I hope these next series of posts will help someone else out as well.

My first objective of this home lab project was overall conceptual design. How was my lab going to look at from a high level overview and how was it going to function the way I was hoping it would. Since I don't have access to an actual lab at my work, I needed to build something that could not only act as a host for my own servers but that I could use to VPN into and test work stuff out on as well. I  knew from the beginning that one server wasn't going to do it for me... even with the ability to virtualize ESXi on top of itself. Basically it boiled down to I didn't have or want to spend $1500 to $2000 on a few machines that might cost me a bunch just to keep them running. I messed around with the possibility of building a AMD 8-core Bulldozer based "server" for a while because I could find a few deals that had the processor and board together for about $250 (namely at MicroCenter) but every time I came up with a price, I was still looking at around $500 - $700 for just 1 host with 32GB of RAM and some add-ons that I was specifically looking for. Since I'm a scrooge with my own cash I kept looking for a better deal. After months of searching for the right gear, I hopped onto ebay one day and saw this puppy:

I'll have to admit that after sitting there thinking about it I got a little excited. Dual quad core low- power 64 bit Xeons (with VT-d support) and 24GB of DDR2 FB-DIMMs with a 160GB hard drive, dual on-board gigabit NICs and a tiny 280W power supply... and it was half size. Every other time I was searching for cheap servers the usual batch of them came up with 4 to 8GB of DDR2, full size, 120W TDP processors that would cost me an arm and a leg to run and when I went to price it out, the extra RAM totaled four times the cost of the server itself. Not only that, but I know how servers were built during the days of socket 771... Loud. Very loud. These servers that I wanted needed to be housed in my office which also served as a night time get-away for my wife after we put the toddler to bed since we have a couch and TV in here. 

On a side note: Let's be honest here for a second... I'm not really sure why everyone wants hardware pass-through on their home server. Granted, you can do some really tricky storage related things with it but for all intents and purposes, if you're building a lab to mimic a real world scenario and to study for VMware certs, is it that important? Back to the fun stuff...

Now, I was hoping to go max RAM on VMware Hypervisor but for the price I was getting these servers for, I wasn't going to bitch about being only 8GB short per server. To be honest as well, picking up three of these for $600 and some change was a steal. I had an entire three host cluster for the price of one newer computer. I also told myself I would find a way to make these guys run quiet and I would have to do it without breaking the bank.

Stay tuned to see how I accomplished this feat!

View 5.1 certificate for multiple connection servers

I apologize for the delay with posts. I've been pretty busy at work keeping everything ship-shape. I finally got to a point where I could start thinking about some redundancy in our View environment and after going through some documents and other blogs, I decided to go with two load balancers on the outside connected to two security servers which in turn have two dedicated connection servers on the inside. Then on the inside I have two dedicated connection servers and two load balancers (btw, I've been testing out Zen Loadbalancers internally and so far, for open source, this program is pretty impressive - and it's still being developed!)

The one thing that had me a little stumped was the SSL certificate. I was going from one connection server and one security server to four connection servers and two security server. My original design was for view.<organization>.com to be reachable no matter where you were - inside or out and I wanted to keep it that way. Well, the problem was that the certificate I purchased was of the single domain variety for around $40 from GoDaddy. I loaded that cert on both the original security server and connection server and had my internal DNS doing eveything for both the servers. That worked out just fine... until now. I didn't want to ask to purchase a multi-domain SSL cert and I didn't want to risk re-keying the original with a CSR that had multiple subject alternative names (SANs) due to the fact that GoDaddy's support site said you had to purchase a multi-domain SSL to use SANs in the first place.

Well the answer it turns out, was our internal CA server. I kept the GoDaddy cert for the outside servers and installed a new internal cert on our internal connection servers. As it's being tested out now, everything is working just fine (just need to convert and upload the CA's root certificate to the zero clients and I should be good to go). Since it's not clearly documented anyways on how to actually create a multi-domain CSR, I thought I'd document the process here. This process is for a Windows Server 2008R2 machine.

Step 1) Enter MMC and open the certificates snap in

Step 2) Right-click, go to "All Tasks" --> "Advanced Options" --> "Create Custom Request"

Step 3) Start the enrollment process

Step 4) Select "Proceed without enrollment policy"

Step 5) Under "Template" select "Legacy Key" and keep "PKCS #10" selected under "Request Format"

Step 6) Under "Custom Certificate" hit "Properties"

Step 7) Under the "General Tab" type in "vdm" as the "Friendly Name"

Step 8) On the "Subject" tab, select the drop down for "Subject Name" and select "Organization". Type in the FQDN of the DNS entry point for your internal View clients (ie. view.yourdomain.com) and hit "Add". Then for the drop down menu under "Alternative Name", select "DNS" and being by entering the FQDN of the DNS entry point

Step 9) Then add a "DNS" entry under "Alternative Name" for each or your connection servers (this is vitally important if you're going to load balance connection servers).

Step 10) On the "Extensions" tab, under "Key Usage", add "Digital signature" and "Key encipherment"

Step 11) Then under "Extended Key Usage" select and add "Server Authentication" and "Client Authentication"

Step 12) On the "Private Key" tab and under "Cryptographic Service Provider", have only "Microsoft Strong Cryptographic Provider (Signature)" and "Microsoft RSA SChannel Cryptographic Provider (Encryption)" selected

Step 13) Under the "Key Options" section, choose your key strength. I chose 2048 and marked the key as exportable in the example.

Step 14) Click "OK" and it should bring you back to this screen

Step 15) Hit "Next" and select where you want to save the CSR. Make sure "Base 64" is marked as the format.

Congrats! You now have a CSR for your load balanced View environment created with Windows Server 2008R2. The next step is up to you, but I chose to have the cert signed with our internal CA to save some money. Getting a multi-domain certificate can be a little expensive. One of the drawbacks to having an internal CA signed certificate is you have to load the root CA on mobile devices but depending on your MDM platform, that could be an automatic thing for you.

I'm still here

Two months.

That's almost an eternity in the online world (and quite frankly, the real world as well if you've been as busy as I have). To tell you the truth, I've been a little nervous to write this post as sometimes I feel like there's just not enough time to actually write down everything that's happened. Just in the small amount of time that I've tried this blogging thing, I've grown an immense gratitude toward everyone that has the propensity to sit down and actually crank out post after post every two to three days... AND have something original to write about (or at least something nice to say). I really do want to have this blog work and maybe when my real work slows down a bit I can get a little bit deeper into writing a bit more. I just really wanted to stop by and say that I haven't abandoned this blog (not that anyone actually reads it right now anyways) and hopefully in the near future I'll have a more meaningful post for you... Like the process of building up my home lab - which I'm really psyched about!

Talk to you soon