Nutanix_Home_Lab_HLD_7_plan - itnett/FTD02H-N GitHub Wiki
Given the extensive setup you need for "Nettverk 2" and "Nettverkssikkerhet," I'll summarize all the servers, IP plans, domains, and both high-level (HLD) and low-level designs (LLD). The goal is to maximize the use of your rig while staying within its limitations.
1. Overview of Available Resources
- CPU: Intel Core i7-5820K (6 cores, 12 threads)
- Memory: 32GB DDR4
- Primary Storage: Samsung 850 EVO 500GB SSD
- Additional Storage:
- 3x1.5TB SATA HDD
- 1x4TB SATA HDD
- 2x120GB SATA SSD
- Network Interfaces:
- Onboard NICs
- 3 USB-to-NIC dongles (for additional network interfaces)
2. IP Plan and VLAN Allocation
| VLAN ID | Network | IP Range | Use Case |
|---|---|---|---|
| VLAN 100 | Dev Network | 10.0.2.0/24 | Development and basic programming |
| VLAN 110 | API Testing Network | 10.0.3.0/24 | API testing and simulation |
| VLAN 120 | GUI Development Network | 10.0.4.0/24 | GUI and frontend development |
| VLAN 130 | Secure Coding Network | 10.0.5.0/24 | Secure coding practices |
| VLAN 200 | IoT Devices Network | 10.0.6.0/24 | IoT devices and simulations |
| VLAN 210 | IoT Simulation Network | 10.0.7.0/24 | IoT simulations |
| VLAN 220 | Azure IoT Network | 10.0.8.0/24 | Connecting to Azure IoT Hub |
| VLAN 230 | Infrastructure Security | 10.0.9.0/24 | Security and monitoring |
| VLAN 300 | Cyber Defense Network | 10.1.0.0/24 | Cybersecurity defense training |
| VLAN 310 | VPN Network | 10.1.1.0/24 | VPN configuration and testing |
| VLAN 320 | ACL Testing Network | 10.1.2.0/24 | Testing ACLs and security rules |
| VLAN 330 | Penetration Testing Network | 10.1.3.0/24 | Penetration testing and vulnerability assessment |
| VLAN 400 | LAN Testing Network | 192.168.10.0/24 | LAN configuration and testing |
| VLAN 410 | WAN Simulation Network | 192.168.20.0/24 | WAN simulation and emulation |
| VLAN 420 | IPv6 Testing Network | fd00::/64 | IPv6 configuration and testing |
| VLAN 430 | Wireless Network | 192.168.30.0/24 | Wireless networking and testing |
| VLAN 500 | Secure LAN Network | 10.1.4.0/24 | Secure LAN configuration |
| VLAN 510 | Cisco IOS Network | 10.1.5.0/24 | Cisco IOS configuration and routing protocols |
3. Server Allocation and Domain Structure
Total Servers: 17 (Not all servers will run simultaneously to manage resources).
| Domain | Server Name | Role | VLAN | IP Address | Ressurser |
|---|---|---|---|---|---|
| dev.local | DEV-SERVER-01 | Programming and development | VLAN 100 | 10.0.2.10 | vCPU: 4, RAM: 8GB, 100GB SSD |
| api.local | API-SERVER-01 | API testing and development | VLAN 110 | 10.0.3.10 | vCPU: 4, RAM: 8GB, 100GB SSD |
| gui.local | GUI-SERVER-01 | GUI and frontend development | VLAN 120 | 10.0.4.10 | vCPU: 4, RAM: 8GB, 100GB SSD |
| secure.local | SECURE-SERVER-01 | Secure coding practices | VLAN 130 | 10.0.5.10 | vCPU: 4, RAM: 8GB, 100GB SSD |
| iot.local | IOT-SIM-SERVER-01 | IoT simulation and management | VLAN 210 | 10.0.7.10 | vCPU: 4, RAM: 8GB, 100GB SSD |
| azureiot.local | AZURE-IOT-HUB | Azure IoT connection and gateway | VLAN 220 | 10.0.8.10 | vCPU: 4, RAM: 8GB, 100GB SSD |
| infra.local | INFRA-SERVER-01 | Infrastructure security and monitoring | VLAN 230 | 10.0.9.10 | vCPU: 4, RAM: 8GB, 100GB SSD |
| defense.local | DEFENSE-SERVER-01 | Cyber defense and IDS/IPS | VLAN 300 | 10.1.0.10 | vCPU: 4, RAM: 8GB, 100GB SSD |
| vpn.local | VPN-SERVER-01 | VPN configuration and testing | VLAN 310 | 10.1.1.10 | vCPU: 4, RAM: 8GB, 100GB SSD |
| acl.local | ACL-SERVER-01 | ACL testing and threat assessment | VLAN 320 | 10.1.2.10 | vCPU: 4, RAM: 8GB, 100GB SSD |
| pentest.local | PENTEST-SERVER-01 | Penetration testing and vulnerability analysis | VLAN 330 | 10.1.3.10 | vCPU: 4, RAM: 8GB, 100GB SSD |
| cisco.local | CISCO-SERVER-01 | Cisco IOS configuration and routing protocols | VLAN 510 | 10.1.4.10 | vCPU: 4, RAM: 8GB, 100GB SSD |
| lan.local | LAN-SERVER-01 | LAN configuration and testing | VLAN 400 | 192.168.10.10 | vCPU: 4, RAM: 8GB, 100GB SSD |
| wan.local | WAN-SERVER-01 | WAN simulation and testing | VLAN 410 | 192.168.20.10 | vCPU: 4, RAM: 8GB, 100GB SSD |
| ipv6.local | IPV6-SERVER-01 | IPv6 configuration and testing | VLAN 420 | fd00::10 | vCPU: 4, RAM: 8GB, 100GB SSD |
| wireless.local | WIRELESS-SERVER-01 | Wireless networking and testing | VLAN 430 | 192.168.30.10 | vCPU: 4, RAM: 8GB, 100GB SSD |
| gns3.local | GNS3-SERVER | Network simulation with GNS3 | VLAN 540 | 10.1.5.10 | vCPU: 4, RAM: 8GB, 100GB SSD |
4. High-Level Design (HLD)
Overall Design:
The HLD focuses on creating a structured and modular environment to support various networking and security-related studies. The environment is segmented into different VLANs based on use cases like development, IoT, cybersecurity, Cisco IOS, and more.
- Network Segmentation: VLANs isolate different environments to prevent interference between labs and allow for specialized testing (e.g., penetration testing in a dedicated VLAN).
- Resource Allocation: Each server is allocated sufficient CPU, memory, and storage resources based on the expected workload, ensuring smooth operation without overloading the rig.
- Security Measures: Each VLAN has built-in security measures like firewalls, ACLs, and IDS/IPS to replicate real-world network security scenarios.
- Automation and Management: Nutanix Calm and REST APIs are used to automate the deployment, configuration, and scaling of these environments.
5. Low-Level Design (LLD)
Server Configuration and Deployment:
- Operating Systems: Most servers will run minimal Ubuntu, except for specialized environments like Kali Linux for penetration testing or GNS3 for Cisco IOS emulation.
- Network Configuration:
- Each server is connected to its specific VLAN through dedicated NICs (onboard NICs and USB-to-NIC dongles).
- Static IP addresses are assigned to each server for consistent network configuration.
- Software Installation:
- Servers are pre-configured with relevant software based on their role, such as OpenVPN on VPN-SERVER-
01, Metasploit on PENTEST-SERVER-01, or GNS3 on CISCO-SERVER-01.
- Security Settings:
- Basic security configurations are applied to all servers, such as firewall rules and user access controls.
- Penetration testing environments have enhanced security settings to handle potential vulnerabilities.
Managing Resources within the Rig's Limitations:
- CPU and Memory Allocation: The rig has 6 cores (12 threads) and 32GB of RAM. Not all servers will run simultaneously. Servers are grouped based on their use case, and only necessary servers are powered on depending on the lab scenario.
- Storage Management:
- The Samsung 850 EVO 500GB SSD is used for high-speed storage of critical VMs.
- The additional HDDs (3x1.5TB and 1x4TB) are used for large data storage, logs, and backup purposes.
- Dynamic Resource Allocation: Nutanix Calm allows for the dynamic provisioning and de-provisioning of resources, ensuring optimal use of CPU and memory.
Automation and Orchestration:
- Nutanix Calm Blueprints: Predefined Blueprints automate the setup of different environments. These can be launched or scaled down as needed.
- REST API Integration: REST APIs allow for seamless integration with external tools or scripts, enabling automation of environment setup, scaling, and teardown.
6. Management Strategy
To effectively manage this complex environment within the constraints of your rig:
- Prioritize Lab Scenarios: Focus on one or two key scenarios at a time (e.g., Cisco IOS routing and VPN testing) to conserve resources.
- Automate Environment Changes: Use Nutanix Calm to rapidly switch between different environments, ensuring that only necessary resources are utilized at any given time.
- Monitor Resource Utilization: Regularly check Prism Central to monitor CPU, memory, and storage usage, making adjustments as necessary.
Conclusion
This setup provides a robust framework for studying and experimenting with various networking and security scenarios. It maximizes the use of your rig's capabilities while staying within its limitations, using VLANs, domains, and Nutanix's automation tools to create a flexible, dynamic lab environment.