Full Infrastructure Walkthrough!

Video Statistics and Information

Video

Captions Word Cloud

Reddit Comments

Captions

hey John here welcome back to another video and today we're going to be reviewing my UniFi network setup um there are a few Hardware changes I bought a new 7050 I'm going to be using um just to add on top of the existing 750 I have right now so we're going to talk xpg we're going to look at um unify I have some new firewall rules and vlans are finally set up um mostly to the way I want them and we're just going to review that we'll also cover the teleport VPN that I use and I may even talk about the shortcuts um the Apple shortcuts app and how I have that automatically connecting to my um home lab um so now I'm just going to move over to the rack and I will show you how it looks on my iPhone start off with talking about these first so these are the macro pieces I have sitting around I ordered the 7050 on top just going to set up a core I 5 probably going to take it up to 32 gigs of RAM or possibly 48 the other 750 has 48 in it right now so a 32 gig and a 16 gig dim um cuz it's hard to find 232 gig ddr4 dims in laptop spec but basically I'm going to be running uh the new the new version of xng I heard is coming out with a hyper converged uh how do you call it hyper converged um solution so basically you have your storage your VM and basically all the software to find networking all in one um allinone system without needing external storage so I think this would be similar to new tanx um but anyways I want to do some beta testing with that so I'm just going to set up that um later um most of the rack has is basically unchanged with the U6 um Flex mini I have a um what do you call it Eve motion sensor up there hue light um Bridge which I recently added back into the array um 7050 is still sitting there running XC PNG as it always has been um I have have a printer down here um nothing really going on with that the Cisco switches are just inactive um the fun little project I added because I was getting annoyed how loud the r740 is is that I added this Eve um smart plug so this actually turns on every day at 4:00 a.m. it turns off at around 5:30 pm so um I have the nas the r740 that is underneath this set up to basically power on after power loss so when this kicks on at 4:00 a.m. it turns on true Nas comes up and then um I have a crown job set up to basically shut down the PC the shut down the r740 at I think 400 p.m. and it gives it about an hour and a half to shut down before it cuts the power so of course I lose ID drag when power is off but I can still go into home kit and turn the back on if I really do need it um and yeah now we're going to move move over to the desktop and I will show you how all of this looks uh from the UI [Music] perspective all right so welcome to my iPad I'm actually going to be doing this on uh mobile data just to simulate me being outside of the house so the first thing I want to do is connect to the VPN so I'm going to just turn that on there this is just running through the UniFi teleport um this helps because I don't have a public IP address so just wait for that to connect to the udm and as we can see it is there so uh first thing I'm going to hit obviously the udm there we go log in using strongbox which is just key pass on iOS signed in there and don't remember my creds so as you can see I have the network and protect um app installed protect is for security cameras and let Network obviously used to control the network so we're going to hit the network first so we're not going to be touching UniFi protect today um so this is my UniFi dashboard of my udm Pro as you can see I obviously have a Ned IP address um basically behind another firewall that's giving me a private IP address I do not have a public IP address but yet I'm still able to VPN directly into this so I'm just going to show you what that looks like on my end again so as you can see I am directly connected to the udm right there um and I'm on LTE so um first thing we're going to do is I'm going to show you my network map so as you can see this is my cool unified dashboard a lot nicer than the um open sense uh that I was running a few months prior so let's go over the Dos let's see this is my my basically my UniFi um Network map of what it looks like so I kind of like looking at this especially when I turn on let's say the internet traffic just to see uh where the internet is going to at certain places um so as you can see um my MacBook is downloading stuff my Sonos slamp is probably playing my alarm clocks um for the night telling me to go to sleep um looks like a py hole may have been getting something but anyways I am on an iPad so this map is going to be a bit buggy um especially once I start flipping this around um but as you can see you can see where traffic is going with that thick Blue Line we're going to go into my UniFi devices just going to show you what that looks like so of course I set up a management VLAN so that's why you see the IP address is a little bit different on some of these but I have the usw 16 Poe switch the flex mini that connects into the 7050 and the Hue uh light switch I have the U6 light um I also have a U6 plus but U6 light is installed for now uh GeForce instant security camera this runs on Wi-Fi this is really nice for let's say if I do when I go out of the house and I want to see if um anyone is like I say um how do I say this like maintenance comes in I want to see what they're doing um that's kind of cool to see um and then of course the udm right here now The Client List this is basically just like the network map but it's a list of everything that's connected so I'm going to sort this by IP address looks like it already is and you can see I have a couple different networks running so I have my management VLAN which has my HRA my 7050 uh basically the SSH terminal um xoa which is also in the same VLAN um xoa is basically the orchestra or the management VM of this that runs on top of xpg just so I can manage this and another um site that's connected over at the S toite VPN um trun as scale is online um as you can see with that um Eve light switch so when I go in here I can see that it's actually online right there um next Cloud I've been testing I haven't really found a real use for it I thought about moving photos into that but I really like image it's been working really good for me um image I just recently migrated back from uh trun scales KVM platform back in on top of the uh Citrix hypervisor um just so I don't have to run my r740 at night or during the day all the time just to back up my photos so that's online um haven't had any real performance issues there and this is actually just 1 VM with two network adapters I should have just set up two separate VMS instead of just running one VM with two network adapters just so there's actually some real redundancy but of course um this is just a home network if I do have a DNS outage I can just route it straight to the Wi and it go out to quad 9 and Cloud flare but I'll show you that later in this video um the c um Citrix VM this suggests a web browser on Debian that makes it look like I'm online so when people send me messages on my marketing platform it looks like I'm online I'll respon them F which I do I reply within 2 minutes so I'm doing pretty good there on my MacBook this is on 10 gbits I actually have this set up with jumbo packets same with this as well I'll dive into that switch exclusions um the s23 ultra is online downstairs MacBook is also available on Wi-Fi um the hu switch um as you can see it's on a different VLAN um with no internet access something that made me kind of get away from the Hue is the facts that it for it kind of needs that internet connectivity to work so you kind of have to plug it in on a wire network with internet access activated with your Phillips H account connect it to homekit and then kill its internet connection I'm still trying to figure this out um I probably need to just um I need to allow traffic to go from basically my um my iot public to my iot offline but I don't want to do that so I'm probably going to move this to the untacked VLAN because Gest are now really the airplane to my airpod since I have another bathroom speaker available right here um but that's another complication um and then um my one VM that's also on the iot offline Network this doesn't have any internet access it's just so I can access my Nas um um uh basically just local resources doesn't need any connect any inter connectivity any internet connectivity or any updates or anything like that um Samsung uh TV that's just on iot public no internal resources it just goes straight out to the internet and it's available to guests and um defaults uh for AirPlay traffic with multicast um the bathroom uh um home pod mini just talked about that and of course my guest Network last with the PlayStation 5 also being on that Network um as a matter of fact I'm probably just going to move the um bathroom um homepod mini over to my untagged VLAN so I'll just let that move back over just so it can talk it can talk to my hu Bridge um and yeah now we're going to move over to Ports so with these I actually uh do play around with this quite a bit so I have of course those are all my active ports right now um I have 10 GB enabled for my MacBook and tress scale so you can see it's negotiating at 10 gig um I will go into switch exclusions just to show you what that looks like and of course I have all the ports disabled cuz I'm just not using them um so I just disa them I just figured I might as well disable those um it's not no one's really coming in and plugging random stuff into my house but might as well same thing on the um usw 16 um I actually have the trunz set up on two Nicks so I have one on the management VLAN and then another one um which is on the udm that is on the untagged um I plan to just have the management platform just be accessible on my management vand and not also on my untagged um in the process of figuring that out and then of course for V for visitors I have Port 7 available for just the guest Network which is on a completely different subnet obviously as V lands are um yeah and then of course with the usw 16 sorry the usw uh the flex mini which is basically the mini switch this connects into the Hue which this obviously only negoti it's at 100 Meg it doesn't need any um gigabit connectivity that's just how it is and of course um I have the 7050 connected into this and this of course needs access to all the vlans as I have vure machines that are on different VLS um for radios um I actually have my 2.4 gz radio um reduced uh because I just don't have anything on that and then it drops off any traffic below a certain signal level and of course the um 5 GHz radius on its Max setting as I want all the traffic going there now for networks um of course um since I have multiple vlans I actually have um one SSID set up with different um basically passwords that hit different vlans so basically it's one big network but depending on the password you use it'll throw you onto a different uh VLAN um so that that's there um and then as you can see these are my these are my VLS with the different um subnet MK depending on how many devices I need on that Network so that's just how many devices I have sitting there there um of course I have my private IP address and below this I actually have my side to side VPN with a public IP address which I do not want to show you so I'm not going to scroll down any further than this um my statistics U just basically this just shows you my internet traffic and where it's going um not really much to talk about there that's all devices um system log um that all looks good I don't really have anything going on with security detections cuz I don't have anything being blocked um there was time when iI turned um notifying block on for my IDs and IPS it would actually start to trigger um based on my VPN traffic going in um so I turned that off to just notify and nothing else um as you can see we're going back to the vlans but now we're going to look at switch exclusion and multicast so since I have an iot um public V uh VLAN and guest and then untagged um I have basically all my airpl devices on iot public and I need those to be accessible on guests and also to be accessible on my um untagged basically my land traffic so I have multicast going between these three this is probably not good practice because again AirPlay is kind it should just be on the public network but of course I want to be able to access this on my internal network and on the outside but also not have any traffic go the other way so I'll show you my VLAN rals um in just a moment and as you can see I have the udm on switch exclusion so that means basically all these settings will not apply to the rest of the switches that are on the network so I don't want the entire network having access to 9,000 package jumbo jumbo frames because nothing else except for my MacBook and my um udm sorry my MacBook and my trun skilles are need jumbo package for the full 10 gbit through pit so everything else is running normally and then when you go back up here to the udm um you'll see that this is actually set up to run jumbo frames same thing with um tress scale I have actually if if I go up here this might be the wrong way let me go actually I don't need to show you that because jumpo frames is set up on the udm not on the port level so yeah thinking too far ahead here but it's set up on the on the udm itself so it's not by the port um and as you can see this is on the on the global frame settings on the global switch settings so yeah um let me just go back here so I can stop trying to run so far ahead of myself um but yeah that's been working good so far cuz again only two devices on the network need jumbo frames not the entire network um so I've just been running it like that for the past few uh months and I haven't had any issues um internet connectivity again I'm behind Nats so nothing really to show you there um I have side to side VPN set up through um uh side to side VPN set up through um the UniFi site Magic on the UniFi Cloud so that's been working really great I wish I had a terminal I can use just so I can show you what it looks like when I ping um a different um Network whatsoever it just works I don't really have to worry about it but it's running on top of wire guard um not this IP SEC that you're seeing here um as you can see it's telling me I'm behind a net I can't open any ports but let me show you my firewall rules these are actually kind of funny um but first we're going to look at um the ad blocking on the udm so the udm it's very similar to py hole but not really because with py hole I can actually see the data with the udm I don't it's not really the same um so I have ADD blocking enabl on untact so if it's not going through py hole if it hits the basically just the udm for um through the DHCP server let's say pie holes down I have the 10 1001 that1 address set up as a failover it'll hit the ant blocker and then go out using quad N9 and Cloud flare um that has not had any issues so that's why I'm like I don't need two VMS set up just for DNS resolving it just works if it dies it will go back to the standard win um using these DNS servers that I have set up and as you can see I have the IDS on but it's not blocking anything just notifies me um so that's been beautiful um now for traffic rules now we've been talking about that for a while um I my rules are kind of weird right now but I feel like this just works for the time being for my environment so I have the internet blocked on several um devices that are on my management VLAN and some other stuff so um my Samsung TV another camera that is here that's inactive and iot offline those just don't need internet access so um that rule works for me um and then also my guest Network I do not need that connecting to my secured uh vlans so let's say my untags my management and it offline those don't need access to those don't should not be communicating with guests either way so that just blocks it both directions it just works again there's a different way to set this up so you I think if you go into Networks you can actually just isolate this VLAN as a guest network but again since I have the airplay devices that I want to be able to communicate with this it's going to block that and also throws up this really nasty guest portal which I just don't want my guests to see um it's just a few people I know so they don't really need to see that I have a hotspot portal set up um for them I just want them to think it's part of my general network with basically no difference whatsoever in the fact they can't see my local resources so guest blocking to um security networks just drops the traffic um I offline cannot talk to other networks so um anything from iot offline cannot talk to iot public which has internet access guests or management because let's be honest the hu switch does not need to talk to my Hydra or to the guests or to um airplan it just does not make sense um so that's going both directions and then the next rule uh iot public does not need to talk to other secured networks so um iot public is basically that AirPlay V uh AirPlay um VLAN that airpl does I need to talk to management and does not need to talk to iot offline so even though I have this this kind of overlaps it just blocks it again even though this will will probably take care of it and then iot public does not need access to guests so um anything on the iot public network so anything on the airplane Network it can't send traffic out to guests um or untagged but the other way around is allowed so and think of this anything that's on on this list is just automatically allowed I wish I could block all and then manually um um allow C certain things but that's just the way it is it just allows everything on um on open sense it actually blocks everything first and then you have to allow the rules um actually no that's a lie it's still that runs it's allow all and then block but I think there's a way to change that I just never was able to figure that out um so when I think I had a lot of problems blocking certain VLS from hitting the internet but we're not going to talk about open sense because I'm running unified now it's been a few months so um again iot public cannot talk to management or offline when it's trying to communicate to it but the other way around is okay um and then I have another one set up for iot public to guest and default I think I just I was just talking about this so this is both directions this is just one way um but again it's not going to be able to talk to man yeah yeah anyways yeah so traffic going out um is not going to work but traffic the other way is fine and then I have a speed limiter set up on the win this just limits the up upload and download speeds on that uh AirPlay um fan and then of course I want XA to be able to talk to the internet just so he can update um the host and update the other network that's connected over site magic so I have this allowance rule just for xoa um this is kind of a breach I should probably just have this on untacked but I want to leave it on that management vand there was a point when I'm on the VPN I would try to hit this XA it would basically get blocked because it's that because I'm basically on win for the VPN and I didn't want to move it off the VLAN so yeah I probably should move this somewhere else but it is what it is this is a home lab environment this is not too critical um routing I don't have anything to talk about here um I knowf is running through the um site magic uh VPN um that's just that's just it it just use uses that specific function so I don't have anything to talk about there um profiles um I don't really touch these and then if of course if we look at system this is just your your backups and updates I have that set to automatically run on here so it automatically updates all my devices at 3:00 a.m. so just works um and yeah of course that you cannot see that so um let's uh start hitting some of my services so I'm going to show you what some of these Services look like um we're not going to look at the ID because everyone knows what an ID looked like and I actually uh made a video about idra a few months prior when I was setting up my first server so we're going to hit xoa we're going to hit um my TR scale and then I'll show you all the VMS that are running inside of xpg we're not going to touch my um pyo server because it's I just don't log into it for the most part it works but I think I've given you guys a tour of that before um nothing else on here that has a web UI that I need to show you so we're going to get started with uh basically xoa so we're going to hit that first so that is looks like it is at 10.1 100.0 do3 so we're going to get there now um we're not touching images cuz again I've given you guys a tour of that so 10 100 that 0 that 4 is actually the address on three so we're going to go straight there we already logged in since we're in here before um so as you can see the DNS server is running um and with the addresses there so this has two Nicks and because of course I have some snapshots some backups on the trun scale um Debian again this is just um the Thumbtack VM I don't have the browser open but it's just it just days on doesn't time out nothing like that um then image uh this is just running on a buntu uh do an LTS release I recently moved this back over from TR scale back onto the uh 750 just cuz I went running 24/7 without the loud server running at night um so it's it's been working great I snapshotted it a couple times so if I do break the database I think it uses postgress um yeah just so I I'm able to roll back whenever I'm doing an update snapshot and then upgrade um so that's been running great I've given you guys a tour of image in a previous video it is basically the same basically this is just self-hosting Google photos for your uh Network and of course since I have the side to side VPN the family is able to access this as well for any shared uh albums I have set up um Debian this is running on their side this is just a file Ser on omv that backs up to True N scale every once in a while so nothing to talk about there uh next Cloud this is just a beta test environment we're also running on a buntu this is actually running as snap package um for me not on Docker like images so far it's been okay um I think uh I could probably show you guys the splash screen but that's really about it um and then um one note this is I on the iotf line Network so this is tting the firewall rules actually blocking this right now but basically this connects to the Nas and then uh basically caches all this on that Windows PC just so I can Journal I usually connect to this via RDP not through ex not through the uh Zen Orchestra UI um so yeah and of course last we have the xay VM sitting at the bottom this is basically the orchestrator that this U this entire UI you're seeing here is basically running all on top of xoa I also have XO light setup as well but honestly I don't use it because again I have I like the more the additional features that I can get in xoa so I just run it that way I'm trying to think what other UI was I going to show you um yeah before I forget I'm going to show you you Apple shortcuts so I actually have this set up so whenever I go to work um it basically um I have this on my phone as well but uh whenever I get to work um I have it set up to automatically uh silence my iPad and then also connect to my VPN uh when it sees a certain IP address so um when it sees a certain Wi-Fi network II um so it waits 30 seconds and it connects to the uh UniFi site magic bad has been perfect um for me personally um just but now that's since I I I again I'm on LTE now and the signal is good because they upgraded the towers in the area I don't really use this anymore but yeah I just want to throw that in before I forget um and yeah I think I said I was going to show you [Music] the what is it the um nextcloud instance but honestly it's just a login screen there's really nothing going on in there um let me see what is the address for that on here I have not upgraded this to the Enterprise version of xoa just yet I probably should do that U let me hop back over to 1010011 so I can see what the IP address is for x0a not XA um next Cloud yeah 10 100 1.7 do 100. 1.7 so as you can see next SL is running um it's set up of customized I don't want to log into it CU again it's not really complete now we're going to hit um my Trask server and I'm going to show you the weird cron drop I have set up so we're going to log into this I'm using strong box which is just keypass again um so we're going to log into that um so now we're logged in as you can see batter is running low 62 64 gigs of RAM we have a couple different data sets data is running low um so as you can see I have a couple different um storage arrays set up um so we have the 87 evos those are just two one tbte um SATA drives I just started using those so those are fairly long um for the dis usage but they run great um my exos drives this is just uh four um C exos drives 14 terab drives um one of them is not in the AA right now um at least virtually because I need to format it a certain type of way um but as you can see I'm running low on these so I'm probably going to be upgrading those um adding some more drives and moving some of the data sets off to lower this cuz this low capacity warning is not going to get any better um no Drive failures on any of these I have trim enabled on the ssds and lastly we have the unencrypted um nvme these are the the 980 Pros um these are basically where I write all my video files too um data sets this is still the same as last time I'm going to show you how I do permissions um briefly um so these are my data sets so as you can see for YouTube media I have let me see me scroll down I'm on an iPad so it gets really weird with how I scroll um so as you can see I have rud has access to it it's just how it is um group um so I have this set up as full control on on the ACL Quinton photos this includes my iPad and my MacBook the iPhone is not on here just so I can basically modify anything in here and then I have a readon group for my dad um he never accesses this Naas anyway but I just let let him see it just so he sees what I'm doing if he's curious um shares I have this sharing on uh basically Samba and NFS NFS is just for the xpg cluster just so I'm able to back up and also install ISO images um I'm going to skip over data protection cuz I have that set up um don't need you guys seeing how um things are being uploaded to the cloud and downloaded stuff like that um this again is set up on jumbo package with the udm so you can see 9,000 um everything is statically mapped on here no DHCP um I probably need to find a really nice name for this r740 but it's haven't done it yet um again for uh traz I don't have any I don't have it connected to a directory service so it's just running local uses and groups no ad or um adap on here virtualization has been killed on tras because I have moved the MH VM back to where it used to be on the 7050 and it's running honestly better since it can always be online don't have to worry about that turning on I'm not running any of the trueart true charts apps um just because I don't need to but now truna scale Dragonfish as you can see I'm running has uh let's let that load dragon fish now has a built-in um net data plugin I can't open that open that on this iPad just because far it gets limited but um it has that built in so I don't really need any other apps installed I've not been using sync thing recently um I'll probably make a video updating on that and then of course U we're going to get into the Cron job that shuts down the machine every day at um 400 p.m. so let's see let's dive in there so 4M it runs this just shuts it down using the I think the middleware I could just do pseudo shut down and then uh now or something uh that's the wrong agreement that's the wrong argument but you get the idea I could run it that way but from what I see on the forums you should shut it down through the middleware so um that's what this is and that works fairly effectively um now I'm going to show you what this looks like on the home app so if we go in here let me open this back up on the home app uh it's not showing up right away so I'm just going to search that way so the Apple homekit app as we can see here U let's see the the the home pod's probably coming back online here um so this is the Hugh uh not the uh sorry the eve Smart Switch if I go into my settings I can see that I have it set up again to shut off at 5:30 on weekdays so it just turns it off and then I have another one set up to turn it on at 6:00 a.m. on the weekdays um just basically so I can sleep at night and when I get home it shuts off this gives um tras gives it um the Hugh switch gives TR has about an hour and a half to shut down before it kills the power on it so I think that's honestly great but yeah um that's basically everything in this video I don't really have anything else to show you about my infrastructure so I'm just going to shut down my trest server so I can actually go back down to my apartment after hear the loud fans that are running um and yeah I hope you enjoyed this video and uh stay tuned for the next videos that I have upcoming

Info

Channel: John's Tech

Views: 7,107

Rating: undefined out of 5

Keywords: TrueNAS, Linux, XCP-ng, VM, Windows, Networking, UniFi, Ubiquiti, macOS

Id: CwHf77XVW6k

Channel Id: undefined

Length: 30min 22sec (1822 seconds)

Published: Sat May 11 2024