Sysadmin Lab

My lab environment and my findings

bookmark bookmark

This article will give you an overview what I have in the lab. You will find that I mention some servers but don't mention much more about it. That's simply because I haven't had time to "document" it here on this site. So if you're wondering "now what the heck does he use that for? And how did he do it?" - let me know and I'll put an article on it. In the text below, you'll find links to various articles I've written on this site.

Physical lab network overview

I have 5 physical machines, two of them are HP ProLiant ML115 (one G1 and one G5), 2 standard laptops and a standard desktop. On those I run Hyper-V, VMware ESXi and XenServer to get experience in all of them. They are connected to a HP 24-port 2510G switch which offers Gigabit network ports. Since this switch is shared with other things, I have a isolated and dedicated VLAN for the lab. This VLAN is connected to a Cisco ASA5505 inside interface and the outside is directly connected to the Internet.

Logical lab network overview


So far, I've kept the logical network very simple with one VLAN and all computers on the same C-class subnet. One reason is the Cisco ASA5505 limitations on the cheapest license (few VLAN:s and no traffic from DMZ -> Internal, no trunking etc) but this might be upgraded in the future and then I'll change the setup. In the Cisco ASA, I NAT the public IP-addresses to the internal servers. This makes it possible for me to re-direct the external traffic easily depending on what I'm testing.

Basically, I have one Active Directory domain (ad.local) and most machines are joined to it. I have 2 DC:s which are always on seperate physical servers in case I need to restart something.

Here's an overview of which servers I have today, but this varies depending on what I'm testing right now.

Server Usage OS
ADC1 Active Directory Domain Controller, DNS, DHCP, CA Windows 2008 R2 64-bit
ADC2 Active Directory Domain Controller, DNS Windows 2008 R2 64-bit
CLT1 Client for testing Windows XP
CLT2 Client for testing Windows 7
CLT3 Client for testing Windows Vista
MBX1 Exchange 2010 Roles: Client Access, Hub Transport, Mailbox Windows 2008 R2 64-bit
MBX2 Exchange 2007 Roles: Client Access, Hub Transport, Mailbox Windows 2008 64-bit
OBS1 Online backup server for my home-PCs and laptops Windows 2008 R2 64-bit
SCO1 System Center Operations Manager Windows 2008 R2 64-bit
SCM1 System Center Configuration Manager Windows 2008 R2 64-bit
TMG1 Threat Management Gateway 2010 Stand-alone Windows 2008 R2 64-bit
TMG2 Threat Management Gateway 2010 Domain-joined Windows 2008 R2 64-bit
WDS1 Windows Deployment Serve with MDT 2010 Windows 2008 R2 64-bit

So what do I use them for? Well, here's an overview.

First of the course ADC1 and ADC2 :s are pretty straightforward. Might worth to notice is that ADC1 has Microsoft CA (Certificate Services) installed to be able to issue certificates since it's needed more or less everywhere today. CLT1, CLT2, CLT3 clients are basically to test a lot of features and I need the mixture to be able to test it on different clients. One thing I miss here and plan to do is put a client on the "outside" network (Internet) to simulate clients connecting from outside (for VPN, Outlook Anywhere, remote access testing etc).

Since I mostly work with Exchange 2007 MBX2 and 2010 MBX1, I have both installed. I also have public MX-records pointing to a public IP which I NAT directly to MBX2 which has a SMTP Receive Connector. It also has a SMTP Send Connector to send e-mails using DNS. So at the moment there's no SPAM-filtering but I plan to install an Edge Transport Server (or another product like MailMarshal) but it's a lab - I don't really host any real users here. But at least I've secured it so it's not an open relay.

The Online backup OBS1 is running Ahsay Backup Software to backup my remote PC:s (this lab is not at home). Ahsay basically offers server software to offer online backup to customers and there are thousands of hosting companies that offer online backup using Ahsay. So sure, I could use any of the many offers out there like Backblaze who offers unlimited backupspace for $5/month but it's more fun to do it yourself. And Ahsay actually offers a free edition for up to two clients.

I do some testing on System Center products, that's why I have SCO1 and SCM1. At the moment it actually doesn't monitor my own servers, it's more of a sandbox.

Since I work a lot with Exchange, I also publish ActiveSync, Outlook Anywhere and Outlook Web Access on Internet and most customers want ISA or TMG to protect it, that's why I have TMG1 and TMG2. Why two? Well, it just turned out that way when I was testing, but it's basically because you can't use certificate-based authentication without joining the TMG server to the same forest as the Exchange server and I want to be able to lab both with and without it.

And then I have WDS1 to install all new lab computers which saves a lot of time.

To remote control this environment, I use my HP Elitebook 8440p which I spent some time to investigate which drivers and software I really needed of the 47 downloads they had on their page! So after installing Windows 7 from the DVD, I only installed 9 of them,