I thought an interesting topic would be my integration of a bare metal server into my infrastructure. This Bare Metal I have sitting in Hetzner’s datacentre in Johannesburg for the simple facts that it can get fantastic internet connectivity as well as Redundant power which is super important in South Africa due to Load Shedding and other factors.
So I started off wanting to move my Unifi Cloud Controller onto my own infrastructure and it ended up being me moving everything including the hosting of this site into this infrastructure.
Now usually I would use Centos and KVM virtualization for the most part but this time I decided that due to me using Windows Server and Hyper V a ton at work, that I would build this server running Windows 2019 Hyper V and install the various Virtual machines into Hyper V. So here was the process and where its currently at.
My Main Server is hosted at Hetzner JHB DC. I currently have a /29 network assigned to it which is now connected to my WAN Virtual Switch on Hyper V. I also have 4 other Virtual Switches which are used for the 4 LAN networks currently operating on my virtualized environment.
In the above screenshot you can see my WAN switch at the top and 4 internal LAN switches for the 78, 80, 82 and 84 networks. I won’t give the full ip addresses as this could cause security issues. Just bare in mind that the network names are part of the subnet.
Then on this setup I have several virtualized servers running. Mostly Linux but I will detail them below:
All my server start with the first 3 letters of my surname being SWA. I then name the machine according to the OS or type which means that the above machines are:
- SWA-CEN01 – Centos 8.1
- SWA-DEB01 – Debian 9
- SWA-MIK01 – Mikrotik Router OS (Public Facing Gateway/Firewall)
- SWA-PBX01 – A FreePBX Test Box.
- SWA-PFS01 – PFSense Firewall (Public Facing Gateway/Firewall)
- SWA-SOP01 – Sophos XG Firewall (Public Facing Gateway/Firewall)
- SWA-UBU01 – Ubuntu 16.04LTS
- SWA-UNIFI – My cloud hosted Unifi Controller rumming Ubuntu.
- SWA-WIN10 – My Windows 10 Machine in the cloud. Test
My 3 Virtualized Gateway’s which have the 3 assigned public ip addresses are the Sophos XG, The PFSense Firewall and the Mikrotik Router.
Lets start with the 78 Network which resides inside the Mikrotik Router. This network is just a management network for my Mikrotik Devices. This includes devices which I manage for friends and family. All the devices I have at home and on friends and families homes have L2TP Tunnels connecting back to this Mikrotik Router. This allows me to connect to any of their Mikrotik devices from my home network via the L2TP tunnels. It also gives me a way of monitoring all their devices via tunnel using Observium on one of my Linux VM’s.
Then we have the 80 Network, which is still in development and is only accessible internally at present. No Breakout to the internet.
Then the 82 Network is where my Windows machine and VM host reside. This breaks out over the Sophos XG Firewall which has a static public ip on the WAN interface. This is also the device that I VPN connect to to get me into the infrastructure when I am not at home. At home I work directly through the tunnel on the Mikrotik. The Sophos XG has Lan Interfaces on all except the 80 network so connecting on VPN to here allows me to access any of the 3 networks sitting behind either firewall.
Then the 84 network or my virtual lab, resides behind a PFSense firewall. This is where most of my linux lab servers reside and where I do my testing.
Also on the 84 Network I have a Ubuntu 16.04LTS server with Unifi Cloud Controller software installed and made accessible externally through the firewall. This controls my home wifi network and allows me to keep things running well.
I am in the process of aquiring a few additional IP addresses so that I can setup a SBC on a public IP and start doing more testing with VOIP interconnected to an SBC as a Gateway/Firewall. Should be an interesting Exercise but for now I am buckling down to studying for my Azure Certifications with Microsoft for work so may be talking a little about Azure over the next couple of weeks.
Take care all.