Like many folks interested in information security, I have a home lab environment. I thought I'd share my setup just to provide another option for anyone who might be looking for examples of how to create their own lab. In this first post, I'll go over my requirements and hardware choices. In subsequent posts, I'll talk about my physical and virtual network topology and configuration.
Many different configurations and combinations of virtual and physical infrastructure could be used depending on what your ultimate goal (and budget) is. I primarily wanted a network security monitoring (NSM) lab, so I had the following requirements:
- Capability to run several (3-4 or more) machines (physical and/or virtual) at the same time
- Capability to monitor all of those machines via a physical tap, a switch mirror/SPAN port, or a virtual configuration
- Expandable storage for saving full-content packet captures, creating a large number of VMs and snapshots, and whatever other needs arise over time
- Ability to segregate the lab traffic from the rest of my home network
- CPU support for virtualization extensions (VT-x and VT-d)
- Flexibility for additional future uses, such as password cracking, malware analysis, or other uses I may not have considered
- Spend as little money and reuse as much existing hardware as possible
With those requirements, I decided a virtualization server was the only way to go in terms of flexibility. That meant the first decision was to select a virtualization platform. I settled pretty quickly on VMware's vSphere Hypervisor since it's free, has a very small footprint (144MB), and is packed with features. There are other options such as Proxmox VE, Xen Hypervisor, or running VirtualBox or VMware Workstation in a host operating system, but I never seriously considered those. That doesn't mean, however, that these options aren't viable - Richard Bejtlich runs a such a setup running VMware Workstation as a "server" that seems to work great for his requirements, and there are many examples out there if you look. It boils down to your personal preferences and what meets your needs.
I looked at several new and refurbished machines, but never found quite the specifications I was looking for within an acceptable price range, so I decided to build my own "white box" VMware ESXi server. It can be tricky finding consumer grade hardware that is compatible with VMware's enterprise hypervisor, and one of the most difficult items to find is a compatible motherboard that still has the features you want. I narrowed my choices down to ASRock boards primarily based on information I found at Paul Braren's TinkerTry blog and specifically his vZilla build.
Ultimately I settled on the following build:
|CPU||Intel Core i7 3770 3.4GHz LGA 1155 (Ivy Bridge)||$279.99||MicroCenter.com|
|Motherboard||ASRock Z77 Fatal1ty Professional||$238.49||NewEgg.com|
|Case||Cooler Master CM 690 II Advanced||$79.99||Amazon.com|
|Power Supply||Cooler Master Silent Pro M 600W||$45.07||Amazon.com|
|Memory||32GB G.Skill Ripjaws X Series||$174.24||NewEgg.com|
|Graphics Card||Nvidia Quatro||$0.00||On-hand|
|Hard Drive||250GB 3.5" SATA III||$0.00||On-hand|
|Optical Drive||No-name SATA DVD-ROM||$0.00||On-hand|
|Network Adapters||x2 Realtek 10/100/1000MB||$0.00||On-board motherboard|
A few notes about these choices:
- All prices are from about six months ago, and some reflect sale prices or promo codes available at the time, so your mileage may vary. More recently I added two Seagate Barracuda 2TB 6GBs drives for more storage and to reduce the higher disk I/O I would have running everything off one hard drive - these ran about $70.00 and $80.00 on sale.
- The motherboard was chosen for its VMware compatibility; considerable number of PCI slots that will allow me to add additional network adapters as needed for various configurations; more than enough SATA ports; and VT-d passthrough support, which allows you to directly connect hardware to a VM without it running through the virtualization platform. My board has on-board Realtek NICs, but I think the latest version of this same board has Broadcom NICs, so you need to make sure VMware drivers are available.
- I went with an Intel CPU simply for the quality and performance. I briefly considered AMD's six and eight core FX CPUs since they were comparably cheaper and I thought the extra cores might be useful for virtualization. However, I couldn't find any definitive information regarding their performance over Intel's hyper-threaded quad-core i7 and did find some anecdotal evidence that they would not perform as well, so I just stuck to the known quantity.
- I could probably get by with a lower powered power supply, but I wanted room for expansion.
- At some point I would like to fill up my drive bays with four more 2TB drives and add a hardware RAID controller, but right now those features are more "wants" than "needs", so I'll save my money for other things.
So, that's my hardware. In coming posts I'll discuss my vSphere configuration, as well as a little about my physical infrastructure.