Welcome to my Homelab Setup!
Let’s start with, what is a Homelab? Homelab is a cute little monster that eats your money and free time, lots of it, and it starts to get bigger and bigger, then eats a ton of electricity 😆. Jokes aside, Homelab is the term that refers to running servers that reside locally in your home. What is a server? It’s basically a computer that is always on, connected to the network, often with no display or input, where you host several applications and virtualized systems for testing or home and functional usage. It can be built anywhere from a tiny Raspberry Pi to an enterprise-grade-ish rack mount. In my case, I have Ubiquiti Dream Machine Pro and Intel NUC, etc.
History
I still remember the days I used to lie about my year of birth while signing up for a website because most of them had a policy not to allow minors to register. Fast-forward to 2015, that’s when I got into the IT profession, the same year, launched my first Virtual Private Server on Google Cloud for techvpc.com, later migrated it to AWS with domain name changes, and in 2018, my first major purchase was a MacBook Pro worth 1.64L and my salary was 25K (dropped my Thinkpad X220). I considered the computer to be an investment for myself rather than spending money on real investments like mutual funds. The logic was simple “I was going to spend the best productive time of my career sitting in front of a computer. So the potential investment for me was a good computer, I mean the best available”. Slowly I started feeling like my home network needed an upgrade too, and was fed up with multiple swaps of consumer-grade affordable routers like Netgear, TP-Link, etc. with substandard hardware components and functionalities just for the namesake and so on… while the Google Mesh WiFi Router upgrade in 2020 did a pretty good job, lacked a lot of features I needed.
Goals
While moving to my new flat, I felt the need to have strong security mechanisms in place that proactively control the data In and Out as I’ve got a lot of IoTs hanging around and these control my entire home (the curtain, geysers, kitchen appliances and you name it). So, I decided to shell out some more money to build something future-proof, and really for actual professional-grade equipment, that stuff is expensive and clearly not for everyone, these products, of course, are productivity tools but no amount of money you spend on a productivity tool will make you productive but will help with things like quality control and making things faster which is what professionals pay a lot of money for. I don’t want things to break often, I mean the setup should help me in more of ‘work with them’ and less of ‘work on them’.
Summary
My current setup is composed of 7 systems, excluding regular ones (MacBooks, iPhones, Homekit accessories, etc.):
* Ubiquiti Dream Machine Pro
* Ubiquiti Switch
* Ubiquiti Access Point
* Intel NUC
* WD EX2 Ultra
* Apple AirPort Time Capsule
* APC BVX Series UPS
I will go over each of them in detail.
Ubiquiti Dream Machine Pro – Ubiquity has the most passionate IT products like this one. I named it Shepherd, as it is the internet gateway appliance for my Home Network, other devices behind this appliance are named based on different breeds of sheep because those are all under the control of Shepherd 😉. The Ubiquiti gear is the backbone of my home network. This appliance is my router that provides a Firewall, IPS, and VPN that lets me connect to my home network and access the entire stuff from anywhere, and all of this without even opening a single port or exposing any of these to the Internet.
Ubiquiti Switch Flex – 5 ports, Layer 2 PoE switch powered with PoE++.
Ubiquiti Access Point U6 Lite – PoE powered ceiling mount dual-band WiFi 6 access point.
Intel NUC 10 Performance – Computer kit from Intel, configured with Intel Core i7, 32 GB RAM, 480GB SSD and access to the NAS. Running VMware ESXi, a Bare Metal Hypervisor.
* ESXi Host, 4GB RAM, 2 Virtual Cores
* Testing Host, 16GB RAM, 6 Virtual Cores
* Ubuntu Server, 12GB RAM, 4 Virtual Cores
The Ubuntu Server runs: 1. Nessus Essentials, a vulnerability assessment tool. 2. Wazuh, an open source security log monitoring platform, that collects logs from my MacBooks, VMs, Network Syslog, etc.
WD EX2 Ultra – Network attached storage with 8 TB Hard Disk Drives in a RAID array for more robust storage. I wanted to have a local storage solution so I could host all the backups of my VMs as well as a lot of OS Images, and some torrent movies. I host my own movie repository that I can later play on any of my devices being this at home or when I am on the road. Add-ons: 1. ClamAV, an open-source antivirus engine. 2. Transmission, an open-source BitTorrent client.
Apple AirPort Time Capsule – Vintage 2 TB NAS from Apple, this is what Steve Jobs said about the product “Bring Time Capsule home, plug it in, click a few buttons on your Macs and voila, all the Macs in your house are being backed up automatically, every hour of every day,” that’s the reason it still exist in my home network and worked flawlessly till date.
APC BVX Series UPS – My community has a 1 minute buffer for DG in power outages and this 1200VA/650W UPS can handle all of these devices easily.
Frequently Asked Questions
Isn’t this an overkill? Yes, it is, thank you.
Is it really necessary? As a security professional, I need to have a defensive nature, a discerning eye, a deceiving mind and most importantly, being ahead of the game means raising the bar high for the one trying to game us.
In the end, I felt that the entire setup stood rock solid, attaching some screenshots that look so good, that I spent much of my time admiring their beauty.
Wink Wink, that’s a lot of recon for attackers, you’re welcome.