Antonio Macovei

HomeLab Intro

January 30th, 2022 at 22:00 Antonio Macovei Homelab

Lately, one of my recent interests has been building a so-called HomeLab. I started two years ago by buying a server, but at the moment I did not have enough time to allocate to it, besides CTFs and HackTheBox, and I ended up with a simple virtualized environment and a small web server. However, right before starting my Master degree at University of Amsterdam, and then later getting into contact with a fully-fledged server environment, I decided to finally start working on my own setup.

The experience I had so far during the Master program was really useful and interesting (6 months in), and so was the fact that each student received a Dell R640 server to do whatever we wanted with it (in the legal limits, of course). Moreover, we also got a public IP address and subnet range, giving us the opportunity to do even more. All these resources really opened my eyes towards the endless possibilities of running your own infrastructure and experimenting with all kinds of technologies and applications. Building something from scratch is also one of the best teachers, so this was the perfect chance to learn new, interesting things.

Another important thing I learned from the university was how to secure my infrastructure. We were told that with great power comes great responsibility, thus we were in charge of the security of our servers. If anything bad happened because we did not secure it well enough, we would have to buy cake for the entire class, which was pretty good motivation. And funny enough, we have already received cake two times so far. Jokes aside, security is my main focus at the moment anyway, so I learned how to effectively protect my server and used the same knowledge for my home setup.

Hardware Choices

Getting into the hardware choices, I will start with my first one:

Dell T610

At the suggestion of a friend who knew some things about servers, I bought my first one, a Dell T610, with the following specifications (second-hand):

Model: Dell T610
Processor: 2x Intel Hexa Core Xeon X5650
Cores: 6x 2.66Ghz, 12MB cache
RAM: 48GB DDR3
Storage: 3x 73GB HDD SAS
Network: Dell Broadcom NetXtreme II 5709c Gigabit (Lan 10/100/1000)
Power: 2x PSU 870W
Operating System: VMWare ESXi
Physical Location: Bucharest, Romania

I installed a bare-metal hypervisor on it - specifically VMWare ESXi, and created a few virtual machines and a web server. However, as I previously mentioned, I did not have too much time to play with it then, and I also had an issue with the noise it made (although I was warned about that), so I was forced to place it in a location with a poor router and internet connection, making it pretty hard to access remotely.

Custom Build

Right before leaving for university, I bought and assembled a custom build "server", which was originally intended as a NAS (Network Attached Storage) with some extra capabilities, such as being able to run containers or a few virtual machines. Even though there are some commercial pre-built NAS solutions that allow you to run containers, I wanted something more flexible, where I could run my own OS and applications. And most importantly, I wanted something more silent, which can be placed in a room with other people. In the end, I reached the following configuration:

Model: Custom Build
Processor: 1x Intel Core i3-10100 Comet Lake
Cores: 4x 3.6GHz, 6MB cache
RAM: 16GB DDR4 2666MHz
Storage: 2x 2TB HDD SATA III 5400rpm 256MB 3.5"
1x 480GB SSD SATA III 2.5"
Network: Integrated
Power: 1x PSU 550W
Operating System: Ubuntu Server 20.04 with Xen Hypervisor
Physical Location: Bucharest, Romania

One thing that I did not account for when I created this setup was remote access. Once I left for university and I was away from the physical location of the server, I realized that it is pretty hard to access the server if I mess up a network configuration or something else goes wrong and a physical terminal is needed. Moreover, once I got access to my university server, I found out about a life-saving feature, called an iDRAC (which works with Dell servers, but will be explained in more details below). With my current setup, I could not use something like this, because it would not be supported by the motherboard.

When it comes to the OS and software installed on this server, I went for a less-known solution, which I learned about at the university. I installed an Ubuntu Server 20.04 as base OS and the Xen Hypervisor. However, there will be a different blog post showing the process of setting it up and creating VMs.

Finally, I will use this server as the main personal cloud instance, with a file server (e.g. FreeNAS), a movie server (e.g. Plex) and some web servers.

Dell R720

The final addition to my infrastructure will be a second-hand Dell R720. I have just ordered it and will be delivered in one or two weeks. While waiting for it, I am also preparing some ideas of what it will be running. As the main operating system, I am planning on installing the VMWare ESXi hypervisor. For the VMs, I am still researching possibilities, but I will have at least an Windows Active Directory environment for experimentation.

Model: Dell R720 (2U)
Processor: 2x Intel Octa Core Xeon E5-2670
Cores: 8x 2.60GHz, 20MB SmartCache
RAM: 64GB DDR3
Storage: 4x 4TB HDD SATA III 3.5"
1x 480GB SSD SATA III 2.5"
Network: Dell Broadcom 5720 Quad port (Lan 10/100/1000)
Power: 1x PSU 750W
Extra: iDRAC 7 Enterprise
RAID Controller PERC H710 Mini (512MB)
Operating System: VMWare ESXi
Physical Location: The Hague, Netherlands

Networking

In December 2021, I also decided to upgrade my home network and get a more powerful and flexible router, on which I could apply my new networking knowledge learned in university. For this purpose, I bought a new Mikrotik router. To be more specific, the new Mikrotik RB5009:

Model: RB5009UG+S+IN
Processor: Marvell Armada Quad-core ARMv8 1.4 GHz
Network: 7x 10/100/1000 Ethernet ports
1x 2.5G Ethernet ports
1x 10G SFP+ port
Extra: 1GB RAM
1GB NAND storage
Operating System: RouterOS v7
Physical Location: Bucharest, Romania

In addition to that, I also got a static IP address from my ISP, which now allows me to host my own domain names and DNS server inside my HomeLab. Moreover, I will try to create a site-to-site VPN connection between the two sites and describe the setup in a new blog post. Currently, I have an OpenVPN server running on the Mikrotik, which is used for access to the local network, but I am planning on switching over to WireGuard.

Finally, I am looking forward to the numerous possibilities and I hope I will learn new things in the process. Hopefully, I will cover most of these experiments in separate blog posts, with detailed walkthroughs for the setup of each service.

Useful knowledge

When I was trying to choose the new server, I started looking into more details about the possible configurations of Dell servers and all their features. For future reference, I am going to quickly explain the naming conventions for Dell servers and the purpose of an iDRAC controller.

Naming Convention

Dell Servers are usually named starting with a letter(s), followed by 3 or 4 numbers. The letter represents the form factor and be one of the following:

  • C = C Series; Modular and compute optimized server nodes and servers for hyper-scale environments
  • F = Flexible - Hybrid rack-based sleds for rack-based FX2/FX2s enclosure
  • M or MX* = Modular - Blade servers and other items for the modular enclosure MX7000, M1000e and/or VRTX
  • R = Rack-mountable servers
  • T = Tower Servers
  • XE = Purpose-built for complex, emerging workloads that require high performance and large storage
  • XR = Industrial-grade servers for extreme environments

The numbers represent the following:

  • The first number after the letter indicates the class of the system. With 1-3 being 1 CPU systems, 4 - 7 are 2 CPU systems, 8 can be 2 or 4 CPU's and 9 is 4 CPU's.
  • The second number indicates the generation, with 0 for 10th generation, 1 for 11th generation and so on.
  • The third number indicates the make of the CPU, 0 for Intel and 5 for AMD.

Which means that my Dell R720 is a server which supports 2 Intel CPUs and is from the 12th generation. At the moment, the newest generation is 15.

Source: here.

iDRAC Controller

The iDRAC is a piece of hardware that sits on the motherboard and allows the administrators to remotely (out-of-band) manage and update the server, even when it is turned off. It is usually browser-based (GUI) or command-line based. Some of the features include remote monitoring of the system, access to the BIOS, and access to the Dell Lifecycle Controller, which allows for advanced functionality around updating, backing up and restoring firmware updates.

An important feature of iDRAC Enterprise version is the remote console, which acts as a terminal physically attached to the server. This is very useful when the server cannot be accessed remotely via the usual channels, such as the ESXi console or SSH, or when specific management actions need to be performed, such as network breaking configurations. Moreover, it works even when the OS is not booted up yet.

It is important to note here that the iDRAC license is valid for the lifetime of the server and is not transferable.

The iDRAC is interfaced by the baseboard management controller (BMC) chips, and is based on the Intelligent Platform Management Interface (IPMI) 2.0 standard. The IPMI standard defines a set of interface specifications for management and monitoring capabilities independently of the host operating system, CPU or firmware.

Source: here and here.