Complete Homelab Tour! - Hardware, Networking, and Apps!

Video Statistics and Information

Video

Captions Word Cloud

Reddit Comments

Captions

this is my entire home lab and in this video we're going to go through it from start to finish welcome to my entire home lab laid bear it's been a minute since we did a home lab update but more than that our previous what's running in our home Lab videos have been pretty high level and not very detailed this video aims to solve that hey there home labers and cell posters Rich here buckle up because in this video we are going deep into my entire home upb from the top to the bottom from the physical Hardware to the physical number topology and configuration and down to the individual VMS and containers I'm running hopefully this gives you some new ideas and inspires you but also remember that running a home lab and self hosting is what you make of it let's start by talking about my physical Hardware this is my entire home lab everything is housed in a standard 42u server cabinet made by APC that I picked up a long time ago let's go through every piece of gear I have starting from the top on top of my rack is my ubiquity UniFi usw Pro aggregation switch logically I use this guy as my core aggregation switch for my home lab where all of my high-speed network connections from servers storage and core routing terminate it has 28 ports of 10 gig SFP plus connections and four ports of 25 gig sfp28 connections someday I hope to use those 25 gig connections for the servers and storage but the cost of sap 28 NYX are still too high in the fact that I'm not fully saturating my 10 gig connections anyway means I don't have a reason to use them but they're nice to have there in the future next is a brush pass through for the mess of SFP plus twin ax Dax and fiber that I have connecting up to the proag switch I wish there was a pretty way to manage the twinx cable mess but eh it's a home lab moving on next is my frankincense box I built a while back I absolutely love this system it originally started its life as a sofos SG 330 firewall running sofos I acquired it off eBay dumped sofos and installed pfSense Plus on it I also upgraded it to a faster CPU and it's it's been the best little purpose built firewall ever I even got the LCD display working on it using a package already available in pfSense the really nice thing about this unit is its form factor with a ton of 1 gig base te connections and dual 10 gig SFP plus cages it has got all of the connectivity I need all facing forward and the fact that it's just a purpose-built PC in a box makes it a no hassle system to manage we made a video on building it check the description for a link if you're interested next is my ubiquity usw Enterprise 24 Poe switch this functions as my top of rack switch and it's where anything that's either 1 gig or 2.5 gig ethernet connects the usw Enterprise is the most recent addition to my home lab it's also a great switch with 12 ports of 1 gig ethernet and 12 ports of 2.5 gig ethernet all with Poe and two 10 gig SFP plus ports for uplinking to my core there are things I love and things I don't love about this switch I really dig the single row of connections which makes patching look really clean and it's a really solid switch I don't love that the thing was nearly $800 retail though I could have easily gone with a more affordable Poe switch that had enough ports and 2.5 gig I know my wife would have appreciated it if I didn't all of those connections from the 24 Port switch are patched into a modular Keystone patch panel below and the colors of the cables have specific meanings blue for standard internal network connections orange for the cameras and red for the internet connection moving on to my favorite stuff let's talk about the servers first on the list is my storage system that I've lovingly named super san super san is my primary storage server that serves up my storage for my VMS two guys Tech video data storage node and more and it's proudly running trass scale this 12-base super micro chassis has dual E5 2680 V4 CPUs running at 2.4 GHz with a total of 28 cores 56 threads and currently has 256 GB of RAM internal storage in the host is broken into two separate ZFS pools the first pool is named sand T1 P1 R1 I scuzi and it's a raid Z1 pool of 6 1 TB nvme discs which combined to create a grand total of 4.2 TB of available storage its sole purpose is to hold my virtual machines running in esxi which we'll talk about later the next pool is named San T4 P4 R1 NFS and it's disc layout consists of two raid Z1 data vdevs each with 6 14 TB mechanical discs within on top of the two data vdevs I also have a 500 GB nvme cache vdev assigned as well mostly because I had a spare one lying around grand total volume size of the pool is just a shade under 122 tab in size this giant pool of discs is my large data storage pool for two guys Tech video data Plex data and the home of my storage no data and other miscellaneous data the CPU Hardware in this host is overkill for a primary storage array and that's because it started its life as a single esxi host and not a storage server once I'd moved to an esxi cluster it evolved into a dedicated Nas and sand for storage duties I want to take a moment and touch on my naming scheme for storage pools something that I learned a long long time ago in my years of data center work and it's a useful thing that you can adopt for your own array each part of the pool name has a specific meaning that translates into its capabilities performance and functionality the first pool's name is San T1 P1 R1 I scuzi let's break that down the first section SN is an abbreviation of the host's name the next section T1 stands for tier one typically tier one is the highest end tier and is meant for VMS and other systems that require high iops performance next is P1 meaning performance one or the highest performing discs which is fitting because the discs used in this pool are nbmes the next indicator R1 describes the disc rency used in the pool R1 in this case denotes I can sustain a single disc failure and lastly I scy describes how the pool is made available in this case the pool is only available as an ice scuzzy Mount because it's used solely for VM storage on the two esxi host sem my cluster we also made a video about building out super sand and we'll put a link in the description to that one as well moving on this two you host in the middle is currently offline and doesn't have a job to do in an effort to save power I Consolidated storage functionality into Super Saiyan and power down this host eventually I'll unrack it and find it a good home all right the next stop is my esxi cluster this 2u chassis here actually has two independent servers inside of it providing me double the density and sharing just two psus between them these two server nodes make up my VMR esxi cluster and run all of my VMS in my home lab each node has dual E5 2680 V4 CPUs just like the ones in super sand and each note has 128 GB of RAM in it one thing to note even though there are 12 3.5 in dispays up front for storage six split to one node and six split to the other they're entirely empty because my cluster storage is provided by super sand above using ice scuzzy this way my VMS can migrate between nodes in the cluster for redundancy and Fa tolerance this chassis is pretty cool two servers one chassis I think there's a joke in there somewhere anyway there's no big benefit to having two nodes in one box if you have plenty of rack space but it does cut down on the amount of power supplies in use in my rack and I think that it's neat to have both in a single frame like that of course there's a video about this one as well and you guessed it I'll leave a link in the description if you want to check out that build moving on we have my DS 3622 XS plus sonology Nas this system has a total of 11 8 TB Seagate ironwolf drives and a single 500 GB Samsung SSD for caching for a total of 49.6 tab of storage space I have a complicated relationship with sonology products mostly because of the decisions the company has been making in terms of their verified drives but there is no denying that sonology does one thing incredibly well and that's backup the DS 3622 XS Plus's whole job is to run backups and sonology has in my opinion one of the best backup software Solutions on the market today and that's active backup for business I could gush forever about this backup platform I use it to backup my virtual machines my home computers and even the two guys Tech Google workspace stuff it's got all the features you'd want or need to back up everything and it's entirely free assuming you buy a SN Nas of course mixed feelings aside active backup for business is legit good like Enterprise grade good and there's no limitations to use it save for the limitation of having to have your own x86 s Nas to use it the final thing I'll add to this is if you own a s Nas that runs active backa business you should be using it moving on just a few things left below the sychology I have an older Dell r 730 XD which is here for testing and learning stuff like prox MOX XC PNG and whatnot it's a dual socket E5 2600 V3 something so it's nearly the same performance as the hosts above funny story 2gt Brandon actually owned this server and acquired it from his previous job where he managed it I actually purchased this exact server for that company back in the day before I left that same company years later when it was retired from service he saved it and eventually it came back home to me hello old friend the rest of the cabinet is blanked off to keep air flow going front to back and to make it look clean when we get server Hardware from vendors to review we remove the panels and mount the gear to test and do b-roll and lastly all the way at the bottom is my APC 2200 RM UPS missing its face plate in this photo there really isn't much to say about this UPS other than it's a little Workhorse that has served me well for years and even with all the gear I have running it keeps the power smooth and stable for up to an hour of runtime if the lights go out that was a lot so far and I hope I haven't lost you yet I think the next step for us is to talk about my physical and logical network configuration before hopping into what I'm running that way when I say something like this VM is running in the DMZ you'll know where that's at what restrictions are applied to it and how it's accessed buckle up here we go this is the physical topology of my home network of which 99% of it is made up of ubiquity Hardware which I've been collecting over the years let's start at the top and work our way down on top is the frankincense firewall which serves two roles in my home Lab First it's the edge of the network and protects everything else behind it from the bad guys I'm a big fan of pfSense and combining that with PF blocker NG for DNS blacklisting and goip blocking is a solid way of controlling who gets to what open sense does a great job of that too so if you're using that you're good to go next is the UniFi proag switch I mentioned earlier which serves as the core aggregation for my network the proag connects down to the UniFi Enterprise 24 Port Poe top of rack switch below via an lacp trunk of 2x 10 gig twin ax cables one more thing to add about my core switch config I have specifically made that switch the spanning tree route for my network and all of my other descendant switches report up to it for sdp everything else after that is distributed through my home on the left I have a breakout of UniFi switches and APS that serve different areas of the house in the middle are UniFi switches that extend into my studio where I'm filming this right now and on the far right I have a simple UniFi Poe 5port switch which is used in my garage for my 3D printer garage PC and so on it's a pretty simple Network design I've been collecting different UB liity switches and APS for a while now I like UniFi for two primary reasons one it's affordable even the crazy expensive Enterprise switches are attainable for mere morals like myself and two I like the self-hosted controller and management system it's exceedingly rare to find solid gear that offers a free on- premise controller for management I wouldn't personally use them in an Enterprise but for home and small to medium business it is fantastic all right now that we've got our physical topology out of the way let's look at the logical layer 2 and layer 3 design you may remember seeing this diagram from the video I did on installing home security cameras and thankfully it's still valid in terms of my network my home lab and home network as a whole is effectively broken into five different security zones all of which are contained within layer 2 VLS with the frankincense pfSense firewall acting as the core router this approach is typically called a router on a stick since the firewall router is at the end of the connection and no intervlan routing is happening in the switches all of that is a more complicated way of saying that my pfSense firewall routes data between subnets starting at the top is my homeland VLAN which is where all my desktops laptops mobile devices and TVs exist following the connections you'll see that there are arrows on both ends of the connection because this VLAN has bidirectional access to the whole network the next VLAN is the seret VLAN which is where all of my physical hosts as well as the VMS and container services live this VLAN also has bidirectional access to the rest of the network now on to the DMZ VLAN the DMZ VLAN holds services that are at a higher risk because they are serving things to the internet that VLAN can get out to the internet but cannot get to any other VLS this way if a system is compromised the attackers can't access the rest of my network next is the iot VLAN which as you may have guessed holds all of my many iot devices that we all typically have in our networks these days this VLAN can access the internet but it can't directly access any other vlans in my network again protecting the important personal systems in case of compromise lastly you see at the bottom the camera net VLAN this VLAN only holds my IP Poe cameras in does not have access to the internet or anything else for that matter the big NVR icon spans both the iot VLAN and the camera net VLAN so that the network video recorder can record the video from the cameras and make it available via the iot VLAN the reason why I run a router on a stick Network design is to enforce security zones on different vlans firewalls are the best way to control access between networks and while you can use ACLS or Access Control list on layer 3 switches to control data flow it's generally considered bad Network design to do so because a layer 3 switches in VLAN routing really isn't meant to be filtering packets just pushing them between vlans all right we've managed to get this far you know my physical Hardware physical Network topology and my logical Network topology now let's get into what I'm running in my home lab let's start with an overview I created this diagram to help visualize all the different VMS containers and Services I self-host in my home lab and give you a visual representation of how they're hosted the orange bubble represents physical Hardware boundaries the large bubble on the top represents my esxi cluster and the two smaller bubbles below represent my scale storage system and my frankincense pfSense firewall all of which provide services to various degrees let's dig in I run Plex in a virtual machine that's based on a boont server also installed on that VM are the typical RS like sonar lar radar and prow for media management and control I have been asked a million times why I don't run Plex in a container and my answer is simple with the VM I can scale up and down dedicated resources for Plex like CPU and memory as needed pass through a piece of hardware easily and control resource prioritization easily yes I know you can do all of this in containers as well but I prefer a VM being a VM also simplifies the NFS share to the media that resides on my storage array I used to run the RS and containers but found that their overall performance to be slower than running with Plex on the VM itself and move them back to physical installs next is my Windows Server 2019 VM that's right haters I run a Windows 2019 server as an active directory domain controller what you going to do about it there are a few reasons why I run a Windows Server the first one one is for single sign on for all the various things running at home all the personal computers used in my home by my family are windows-based having an ads server running means I can control and manage all the user accounts used by the family apply security and group policies and I can provide internal SSO for things like V Center and myology and then there's the educational factor I run a Windows Server so I can test and keep my ads and Windows Server skills sharp professionally the next VM is one of my newest editions a purpose-built auntu Linux BM running Only Apache WordPress and a cloudflare tunnel for the two guys Tech website this VM exists in my DMZ VLAN and doesn't directly serve web through the firewall instead I utilize a dedicated Cloud flare tunnel to make the website available through cloudflare this provides me extra protections against the bad guys on the net and with the VM being in my DMC if it gets compromised the worst I can do is gain control of the box and not get to anything else on my network if I'm being honest though I really don't enjoy running a WordPress website but I'm not a developer and I don't have the time to build something from scratch WordPress is a good CMS provide you keep it up to date and and self-hosting it saves me like 15 bucks a month in Cloud hosting fees next cloud is next I run a full auntu server that serves as a dedicated nextcloud server for data sharing between myself John and Brandon the actual data is hosted as an NFS mount on the Linux VM itself and I do make it available through the firewall because of the sheer amount of data that is synchronized between clients this VM also lives in the DMZ I love nexcloud it has been such an incredible useful tool for sharing data back and forth between all of us I use it for 2gt and I use it personally as my private Cloud for file sharing and storage I've been a longtime user of nexcloud and before that own cloud I love that I completely control my data where it's stored and how it's synchronized between clients I'm not against using Dropbox or one drive but having complete end to- end ownership of my personal data is seriously fantastic if you're self-hosting you should consider running it as well also while you can run nextcloud in a container originally the recommendation from nexcloud itself was to run it in a full VM and not containerize it I understand there's been some changes there so I might consider migrating in the future ah yes next is my monitoring VM this auntu VM runs Telegraph influx DB and grafana as well as Prometheus this VM is the Watcher watching my infrastructure I use graphon to visualize all aspects of my home lab from the utilization of my firewall my esxi cluster tras all the way down to Plex data is beautiful and pretty dashboards are super cool getting a TIG stack TIG stands for telegraph influx DB and grafana setup and working is easy getting it collecting all of your data is a pain in the butt but if you're the kind of person who loves visualizing Data Tracking your system performance and predicting future growth you got to get it set up next is my ubiquity UniFi controller VM also as you guessed it running on a boont server since my entire network is UniFi it stands that i' need a UniFi controller to manage all of my gear interestingly because of my connectivity to John's Place my UniFi controller acts as his controller for his gear as well all completely separated from my gear and clients via the tenant functionality in un IFI pretty cool I know I could also run the UniFi controller as a container but it started as a VM and it's stayed a VM ever since ubiquities gear has been really great and having the controller self-hosted and not in the cloud has allowed me to save money and easily manage my port profiles vlans and everything without ever having to spend any time on a switch's command line so far you've seen most of my network is comprised of purpose built VMS running specific software or groups of software but I do leverage containers as well my container VM also based on auntu runs straight Docker and hosts a variety of different containers to make life easier I use painer as my default guey management system for the containers running within Docker on to my Containers starting with py hole to filter my kids DNS traffic dozle for container logging Tuli for Plex monitoring and metrics transmission for Linux isos net data for its really nice real-time monitoring a container of Home Bridge which is currently broken draw I/O which is what I'm using to make all the pretty pictures for these diagrams a variety of different game servers to play with my kids like Minecraft rust and unturned and lastly Heim doll as a centralized One-Stop shop for all the necessary sites I want or need to get to and the last VM worth mentioning here is my Venter server for managing my esxi cluster VMware vcenter is the centralized management system for VMware esxi and is the powerful Secret Sauce that allows you to easily manage your esxi virtual hosts manage automated migrations of your VMS fall tolerance High availability updating and a lot more I've talked about this so many times in the past but if you're in Venter esxi or VMware in general I highly recommend you consider getting a vmug Advantage membership which is $200 a year with that $200 you get Enterprise licensing for vcenter and esxi not to mention basically most of vmware's software library from vdi with Horizon down to VM more workstation if you're interested in home labbing and building your Enterprise virtualization skills it's an absolute must have this just leaves us with the two little bubbles below my tras scale system and my frankincense pfSense firewall both of which offer some Services starting with scale obviously outside of the storage functionality scale also runs containers but to be honest I really don't take advantage of that since I already have a functionally deployed container VM I do however run a storage node in a container on scale also Run net data to keep track of the real-time ins and outs of scale ZFS and the like and because I can portainer on the PF side it's functionally running security and security adjacent Services outside of being a worldclass firewall I run PF blocker NG to filter DNS and to block IPS based on GE location I'm currently evaluating tail scale as a means to replace open VPN which is still functional and lastly I have dedicated sight tosite VPN tunnels between John's Place and my place and Brandon's place and my place via good oldfashioned ipsec and that is pretty much all there is to it if there's anything I touch on here that you'd like a dedicated video about let me know in the comments below or better yet on our Discord it's free and full of people who are passionate about self hosting and Home labbing in fact I owe a special thank you to our Discord member gregarious dude for recommending that I make this video video one last thing to note homeb is what you make of it and I'd love to hear what you run in your home lab and what you self host so hop on over to our Discord and share it with me and finally thank you to our YouTube members you guys help keep the lights on and we thank you for it if you'd like to support what we do here consider becoming a member or buy some of our awesome swag it all helps us keep making these videos and now to finish watching this video how about checking out this playist over here of other great home lab and virtualization videos we've done in the past if you're looking for your next great inspiration for homb we can help you find it [Music] a

Info

Channel: 2GuysTek

Views: 56,005

Rating: undefined out of 5

Keywords: complete homelab tour 2023, complete homelab tour, What I'm running in my homelab, what I'm self-hosting, What I'm self hosting, VMware ESXi, TrueNAS SCALE, How I name my storage pools, UniFi networking, UniFi controller, USW Pro Aggregation, USW Enterprise 24 PoE Switch, pfSense Plus firewall, How I segment my network, my physical network topology, PiHole, Tautulli, Plex, TIG stack, This is my homelab, This is my home network, homelab, home lab, home server, Nextcloud, Tailscale

Id: Ykl8ruhjnjw

Channel Id: undefined

Length: 21min 40sec (1300 seconds)

Published: Thu Oct 26 2023