1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

New Setup - Input Crucial

Discussion in 'Software' started by S0l5, Mar 11, 2008.

  1. S0l5

    S0l5 Bit Poster

    39
    0
    2
    Well hello, over the next few months I will be doing my MCITP:EA, CCNA and Security+. I'm hoping to gradually get this setup completed by the time I finish my last exam, so at least i can say i have had some hands on experiance. I'm not doing this for a job or anything as I already have a great job in IT, its just for my own knowledge. At the moment I have 3 laptops in the house and 2 desktops. I'm hoping to run the following:

    HTTP Server - Linux
    Mail Server - Exchange
    Backup Server - Server 2k3/2k8 running Arcserv or Veritas or NTbackup not really sure yet
    File Server - Shared across the network as a mapped network drive most likely be running server 2k8
    Proxy Server - Either will be Squid Proxy or ISA
    Security - Snort or Nessus
    Network Monitoring - Nagios / Wireshark (packet sniffing)
    Active Directory / Domain Controller - Server 2k8
    IRCD Server - Linux (not sure if i will run this or not)

    Ideally i would like to shove all them on two terminals running couple of virtual servers. The two terminals both have 2ghz processor dual core and both 2GB DDR2, would this be possible? I have minimum experiance with VS. Would vmware server be suitable or vmware workstation?

    Another problem is i currently have 1 static IP and my ISP will not sell or give me anymore, would i be able to fix most of the problems which i may encounter by using NAT forwarding?

    I know alot of people will think this is over the top, but id love to learn how to set them up, configure and maintain them.
     
  2. onoski

    onoski Terabyte Poster

    3,120
    51
    154
    You've pretty much answered your own question as if am in your situation I'd go for VMware workstation owing to extra features. On the other hand you have got some fast spec PC's and have Virtualisation should not pose an issue.

    In terms of the static ip address, you would not need another from your ISP as with using VMware you can use the bridge network option. Well, let the game begin and must say more grease to your elbows on wanting to finish those certs in a few months. What's the trick?:)
     
    Certifications: MCSE: 2003, MCSA: 2003 Messaging, MCP, HNC BIT, ITIL Fdn V3, SDI Fdn, VCP 4 & VCP 5
    WIP: MCTS:70-236, PowerShell
  3. Sparky
    Highly Decorated Member Award

    Sparky Zettabyte Poster Moderator

    10,189
    296
    319
    It would better to have multiple IPs for this setup to be honest however you can do it with one if you want with port forwarding.

    Port 80 -> Web Server
    Port 443 -> Webmail\Exchange
    Port 25 –> SMTP

    Also do you have a dedicated firewall box for this setup? If so does it have a DMZ port?
     
    Certifications: MSc MCSE MCSA:M MCSA:S MCITP:EA MCTS(x5) Security+ Network+ A+
    WIP: Exchange 2007\2010
  4. S0l5

    S0l5 Bit Poster

    39
    0
    2
    Unfortunatley no i dont have a dedicated firwall box i was hoping to use ISA or perhaps a Cisco PIX.
     
  5. zebulebu

    zebulebu Terabyte Poster

    3,748
    330
    187
    Nooooooo!!!! Pix!!!! Aaaaarghhh!!!! :biggrin :biggrin :biggrin
    Seriously though, what SParky has said is true. It would be cleaner with multiple IPs - but you could implement all this on one provided you have a direct mapping for services that won't conflict - i.e. two web servers internally listening for traffic on port 80, two mail servers listening for port 25 etc - the firewall wouldn't be able to cope with that without extra IPs, but what you have posted doesn't indicate you're looking for that so you should be fine.

    You've got a hell of a lot of open source there - kudos to you for that, but I'm not sure that it squares well with your certification aims. I'm not saying, for instance, that IIS is a better web server than Apache, but installing the web server as IIS will certainly help your certification studies more than Apache will. Ditto ISA vs Squid for your proxy. Once again, before someone (cough cough Freddie cough) comes along and accuses me of pro-MS bias, I suggest this purely because you are studying for MS exams, so feel it may be more beneficial to use MS products.

    Also, Nessus and Snort are completely different beasts (Snort is an IDS, Nessus is a vulnerability tester) and, whilst they are superb (I run both myself) neither of them are of any real benefit to you in passing the Security+ as they're a bit too advanced for that level of cert. They're certainly wicked-cool tools though - I use them both extensively (in my last job Snort was pretty much 75% of my role) so installing them won't hurt. You can run both on Windows or Linux as well, which helps.

    Finally, I'll echo Sparky's point about a dedicated firewall. If you are seriously looking at running a network which mirrors most production networks (it looks like it from your proposed setup) then you'd do well to implement a 'real' firewall design. I use a Netscreen as my edge firewall - with an ISA server as the back-end firewall. Sometimes I stick my PIX out there in front of my Linksys router, just for shits & giggles, bu the PIX is a pretty cruddy firewall and most places nowadays don't use it for anything more involved than ACL & basic filtering - leaving it to do all the grunt of filtering out Internet background noise and script kiddie crap whilst letting the ISA handle all the really interesting stuff (as a proper layer 7 application proxy ISA cannot be beaten, IMHO)

    Your proposed setup looks pretty sweet though - good luck with it all!

    PS: Don't, whatever you do, use ArseServe. Worst. Product. Ever.
     
    Certifications: A few
    WIP: None - f*** 'em
  6. S0l5

    S0l5 Bit Poster

    39
    0
    2
    Thanks for all the input lads but yeh i do think i will be using mostly MS software at the end but i will still have 2 linux vs's though.
     
  7. S0l5

    S0l5 Bit Poster

    39
    0
    2
    How would you go about delegating which server will run on which VS ? I'm assuming by the CPU usages of each process?
     
  8. S0l5

    S0l5 Bit Poster

    39
    0
    2
    1. HTTP Server + Networking Monitoring (Nagios) on the same box, running Fedora Core or Debian.
    2. Mail Server (Exchange 2007) + Backup Server (veritas Backup Exec) on the same box, running Server 2008
    3. Proxy Server / Firewall (ISA) + Active Directory, running on server 2008
    4. IDS (Snort) + Vunrability Scanner (Nessus or GFI LanGuard) - running on fedora core / debian or cent os


    right thats what i have for the moment but im not sure if ISA is enough on its on for firewall, zeb what would you recommend?
     
  9. zebulebu

    zebulebu Terabyte Poster

    3,748
    330
    187
    Tom Shinder would shoot me for saying this... but I agree. Although ISA is an awesome Firewall I still wouldn't have it hanging out there on its own protecting my network. I'd use something like a Netscreen 5GT - it runs a full version of ScreenOS (awesome firewall platform) and is my firewall of choice for small office environments (which is what you're describing). You mentioned a PIX earlier - if you had one of those, you might consider putting that 'out front' to handle most of the grunt.

    BTW - point 3 is a no-no. You would never run this in the real world - EVER. You need to separate authentication from other services (especially proxies & firewalls!) and you'll need more than one DC to understand AD replication, sites & services etc properly. Also, why are you bothering with Server 2008? Stick to W2K3 server - hardly anyone will be moving away from it for the next year or so anyway - and you won't have enough experience to be amongst the vanguard of techc pimping themselves out for hefty migration contracts amongst the early adopters for 2K8.
     
    Certifications: A few
    WIP: None - f*** 'em
  10. S0l5

    S0l5 Bit Poster

    39
    0
    2
    Well i dont think i can afford a Netscreen 5GT but i can pickup a PIX off ebay for around £20.00. Well I was told that an ISA can act as a proxy server as well, so i would have to put the domain controller on a different VS. The only reason im doing Server 2k8 is due to me studying for MCITP:EA i thought it would help me to get to grips with it really. Thank you for your excellent input!
     

Share This Page

Loading...