1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Virtual Lab

Discussion in 'Virtual Computing' started by Phoenix, Oct 17, 2004.

  1. Phoenix
    Honorary Member

    Phoenix 53656e696f7220 4d6f64

    5,726
    175
    221
    Well, in my quest to get yet another MCSE
    I have decided to deploy a full VMWare lab setup (i keep just throwing a few servers up when needed)

    here is a diagram for those interested
    its a bit of a mammoth set up, and currently only comprises one forest/domain

    if i get it working i will expand upon that :)

    Idealy id like a multi domain environment to play with, but with all the exchange stuff im doing i figured i would just start off with a single domain, and work on expansion after, as you do

    the firewalls will be locked up right, allowing only whats neccasary through and this should serve to help me better understand lockdown and hardening procedures

    if anyone has any comments feel free to post
    just thought i would share, i knocked the diagram up this evening while i was downloading a few ISOs in preperation :)
     
    Certifications: MCSE, MCITP, VCP
    WIP: > 0
  2. Phil
    Honorary Member

    Phil Gigabyte Poster

    1,680
    7
    87
    If I'm reading it correctly, all of that is going to be on the same host, how much of that are you planning to have running at the same time? The host must be a beast of a machine :)
     
    Certifications: MCSE:M & S MCSA:M CCNA CNA
    WIP: 2003 Upgrade, CCNA Upgrade
  3. Phoenix
    Honorary Member

    Phoenix 53656e696f7220 4d6f64

    5,726
    175
    221
    well apart from the exchange machines i can likely have almost all of it running at the same time

    the routers will be getting 32mb of ram
    the DCs 128 and the vpn server 128

    problem is exchange minimum is 256, and there are 5 of them, and i only have a gig of memory :)

    i can suspend servers as needed and such, and that entire subnet down the bottom doesnt need to be activated much, i can pretend its over a slow isdn link or something, lol
     
    Certifications: MCSE, MCITP, VCP
    WIP: > 0
  4. Bull Gates

    Bull Gates Byte Poster

    154
    0
    33
    hey u gotta nice lab setup goin.
    i guess i'll come 2 study @ ur lab if u don't mind if ever i visit uk in the near future!! :D lol
     
    Certifications: MCP
    WIP: MCSE
  5. Phoenix
    Honorary Member

    Phoenix 53656e696f7220 4d6f64

    5,726
    175
    221
    its all on one machine bull
    thats the plan for my new vmware lab deployment, all 14 machines are virtual :)
     
    Certifications: MCSE, MCITP, VCP
    WIP: > 0
  6. Phoenix
    Honorary Member

    Phoenix 53656e696f7220 4d6f64

    5,726
    175
    221
    Right
    pretty chuffed tonight
    after much battling with OpenBSD i decided to throw on Smoothwall in a GREEN + RED configuration to use as the routers firewalls
    and this evening i sucessfully managed a traceroute to whois.internic.net

    as you can see DNS is not working yet, but thats because the DC is set to use itself as its first lookup, as it will be a DC, but i havn't DCpromoed yet :)

    Here is the traceroute from the second subnet of my virtual network
    thats the machine labled DC1 in my diagram
    and a second diagram showing interface information to help you understand the routing
    C:\Documents and Settings\Administrator>tracert 198.41.0.6

    Tracing route to 198.41.0.6 over a maximum of 30 hops

    1 <1 ms <1 ms <1 ms 10.0.2.2
    2 <1 ms <1 ms <1 ms 10.0.1.2
    3 3 ms 1 ms 1 ms 172.17.27.1
    4 20 ms 17 ms 18 ms 83.146.18.14
    5 16 ms 17 ms 19 ms 83.146.17.61
    6 18 ms 17 ms 17 ms 195.50.117.105
    7 18 ms 17 ms 19 ms 212.187.131.129
    8 17 ms 19 ms 19 ms 212.187.128.46
    9 164 ms 89 ms 88 ms 4.68.128.102
    10 88 ms 90 ms 90 ms 4.68.121.171
    11 93 ms 91 ms 90 ms 63.210.59.238
    12 91 ms 123 ms 91 ms 216.52.127.17
    13 92 ms 155 ms 91 ms 216.52.118.78
    14 93 ms 93 ms 94 ms 65.205.32.154
    15 92 ms 91 ms 92 ms 65.205.32.42
    16 91 ms 106 ms 94 ms 198.41.3.237
    17 96 ms 92 ms 94 ms 198.41.0.6

    Trace complete.

    I will get the exchange servers built soon, then work on securing the internal subnets via IPsec tunnels and restrictive firewall rulesets, then add subnet 3, as if it was a new branch office or something :)

    very stoked now, its all going to plan

    *touches wood, oh yes, very paranoid* :)
     
    Certifications: MCSE, MCITP, VCP
    WIP: > 0
  7. punkboy101
    Honorary Member

    punkboy101 Back from the wilderness

    942
    2
    62
    Your the man Pheonix, keep us posted! I for one will be watching with great interest. :D
     
    Certifications: CCNA
    WIP: Nada
  8. shaunyboy

    shaunyboy Nibble Poster

    75
    1
    27
    Great stuff Phoenix, I've never thought of throwing smoothwall in there. I had it running on thin air when I was using it as my realworld firewall so I guess you can really minimise on resources with it.

    Is there anyway you could network another host machine to house the exchange servers? I think you can with GSX but not sure about workstation.

    Is the IPSEC enterprise wide or specific to certain info/machines only?

    Anyhoo, congrats on the tracert, very inspiring stuff indeed. If you want to do some inter-forest trusts let us know :biggrin

    Shaunyboy
     
    Certifications: A+, MCSA, MCSE
    WIP: Exchange
  9. Phoenix
    Honorary Member

    Phoenix 53656e696f7220 4d6f64

    5,726
    175
    221
    i could network another host machine, but im more likley to just add more memory, i should be ok with 2 or 3gb
    hadnt thought about vpn based interforest trusts, interesting concept :)

    the ipsec wont be enterprise wide
    it will be for specific hosts->servers for perticular services to pass through the internal firewall
    ill have a bit more detailed schematic when i have it all planned lol :)
     
    Certifications: MCSE, MCITP, VCP
    WIP: > 0
  10. Phoenix
    Honorary Member

    Phoenix 53656e696f7220 4d6f64

    5,726
    175
    221
    VMWare Cluster BABY!!

    i know, i know, im too old to get excited by such things

    but I finally got a Cluster working in VMWare using the iSCSI protocol for shared storage

    I use 2 Windows 2003 Enterprise Servers for the cluster nodes
    and 1 Windows 2003 Standard for the shared storage

    the 2 nodes have 3 nics each, 1 for LAN access, 1 for CLUSTER communications, and 1 for SAN traffic

    all in all, to set up the exchange cluster its required..
    10 IP addresses
    lol
    3 for the SAN subnet (node1, node2, storage), 3 for the CLUSTER subnet (node1, node2, management) 4 for the LAN subnet (node1, node2, cluster IP, Exchange Virtual Server IP)

    not bad for a nights work, fails over find and dandy
    will be testing it with a client later tonight

    I will update the diagram with the changes, as I had to add another subnet and machine for the iSCSI SAN as i couldnt use shared storage with VMWare Workstation

    Currently have Powered On:
    R1
    R2
    DC1
    EX01
    EX02
    STORAGE

    using 1.38GB of memory
    eek :)
     
    Certifications: MCSE, MCITP, VCP
    WIP: > 0
  11. Taz69

    Taz69 Byte Poster

    125
    0
    26
    Impressive setup :eek: seems that other than the kitchen sink the only thing you are missing is an ISA or 2.

    Seriously I thought I had gone over the top but your network puts mine to shame :oops:
     
    Certifications: MCSE: S, MCSA:M, MCSA: S, Net+ & 70-284
    WIP: MCSA 2003 & MCSA:Messaging 2003
  12. Phoenix
    Honorary Member

    Phoenix 53656e696f7220 4d6f64

    5,726
    175
    221
    dont know enough isa at the moment to get it up and running quick enough, and the resources smoothwall use are more apealing (currently 32mb assigned to the routers)

    but i will try ISA at some point, seems popular, not entirely sure why :D

    will be setting up a SQL cluster and SQL replication and such as part of the SQL electives

    basically the current plan is 2003 MCSE + Security Electives + Exchange Electives + SQL Electives
    that should give me an MCSE:S MCSE:M and MCDBA
    atleast it did last time i checked :D
     
    Certifications: MCSE, MCITP, VCP
    WIP: > 0
  13. Taz69

    Taz69 Byte Poster

    125
    0
    26
    You'll need either Security+ or ISA for the Security tag. ISA seems to be one of those products that doesn't get taken seriously eventhough it is a pretty good package.

    I hope to have my MCSE(2K) next week and be 1 exam from getting either the Security tag or Messaging tag.

    Hopefully I'll be able to add a bit of SQL knowledge to the pot over the next few months. Can the basics be picked up pretty quickly or would I need to get into programming and database design before I could hope to install & maintain a SQL server?
     
    Certifications: MCSE: S, MCSA:M, MCSA: S, Net+ & 70-284
    WIP: MCSA 2003 & MCSA:Messaging 2003
  14. Phoenix
    Honorary Member

    Phoenix 53656e696f7220 4d6f64

    5,726
    175
    221
    already have Sec+ :)
    hence the 'not tried ISA much yet' :)
     
    Certifications: MCSE, MCITP, VCP
    WIP: > 0
  15. Phoenix
    Honorary Member

    Phoenix 53656e696f7220 4d6f64

    5,726
    175
    221
    Update: Cluster tested with Outlook Client on XP

    ok so I installed XP1 (see diagram) and installed outlook 2003 on it and connected myself to mail.virtuallab.lan

    mail is a CNAME for exbe01.virtuallab.lan which is the Exchange Virtual Server name (i know, it gets complicated, all these bloody names)

    now, due to the slow hardware were running on here (VMs) and the fact im using a 10MB network card for my iSCSI shared storage (really you want gigabit atleast lol) there is a noticable effect when i turn a server off
    however i find this to be somewhat of an advantage for this kind of testing, as everything happens in slow mo almost, i can see as services come up, whats available and whats not during down time, what comes online with each service etc

    unfortunatly the Exchange Storage Group Service is the last to start (has a load of dependancies)

    but from the time i hit *STOP* on ex01
    it took a little under 60 seconds before I could open a mail I had sent to a public folder again

    obviously on real hardware with a quality SAN, this would not occur such a delay

    the failover was however seemless, and trouble free, ill try take some screen shots of cluster administrator and such later :)

    very chuffed so far

    start work on the Exchange Front end servers soon, thinking of buying another Gig of mem, getting pretty desperate now, pushing 1.77GB usage eek!
     
    Certifications: MCSE, MCITP, VCP
    WIP: > 0

Share This Page

Loading...