Intro / Motivation

1. Have a strong background in Computer Science and networking, but my day job doesn't always allow me the time to keep up to date on various technology. This will let me say "Yes, I've done that" at future interviews with some limited hands-on experience.
2. Main desktop / gaming PC was hosting a number of services that were eating away at RAM availability / processing time.
3. 'rona left me with a lot of free time.
4. I find this kind of stuff fun on occasion.

Priorities

• Play with high availability technology
  • Storage across multiple hypervisors, how does that work?
  • Explore alternatives to ESXi (used at work)
• Regain use of my desktop
  • Lower RAM/processing load
  • Be able to turn off at night as wanted
• Segregate home network into different areas
• Build up data redundancy (recently lost a lot of data when a RAID failed on me)

I basically started this project this spring with nothing but the USG, 2x US-8-60W switches, and 4x 4TB HDDs. Everything else has been purchased / haggled / gotten free over the last few months.

Current Hardware

Cleaning up the rack a little bit the last couple of weeks. Front view is a Synology 1812 with 8x 4TB drives (mix of Seagate and Toshiba), 3x HP DL360 G6s hosting three proxmox instances. DL360s are all running Xeon X5670s @ 2.93GHz with between 64-220GB of RAM. Last but not least--two items doing absolutely nothing, a Rackable JBOD enclosure, and a cat named Milo.

Front view w/cat tax

Rear view is my current mess of power / data. Top shelf has various access points / communications (AT&T provided Motorola modem, Aruba AP from work, Samsung SmartThings hub, and Ubiquiti AC-Pro. Second row is a CloudKey, USG-3, and US-8-60W in a printed rack from Etsy. Next are two US-24 switches from Ubiquiti. Finally I have a 10-outlet APC PDU for power. Not pictured here is the crappy, old power strip that powers anything I couldn't fit on the PDU.

Rear view

Costs:

Does not include shipping

Current Uses

Unifi does network segregation. Basically have everything segmented by VLANs into different networks. The firewall could use some work in locking things down, but it's passable for now.

The Synology handles most of the storage. 7x 4TB in a Synology Hybrid Raid-1 setup for ~22TB of storage, with 1x 4TB drive available as hot spare. Provides root storage for VMs and media storage for various applications.

Proxmox provides virtualization and high availability (HA). I initially started with 2x Proxmox hosts, then figured out the hard way that there is no "majority" when you only have two votes. Opted to go with a third server rather than some of the other methods out there. Nice to be able to shut off a server and tinker with the hardware without losing any of my services now.

Hosted on Proxmox are a number of VMs: nginx, PiHole, Grafana, Prometheus, Observium, LDAP server, Jackett, Sonarr, Radarr, Lidarr, Plex, deluge, and a couple of Steam game servers.

VMs are backed up locally to the physical drives on the proxmox instances. Additionally, they are backed up weekly to BackBlaze (don't have cost information yet as I just started this month). Media storage will eventually be backed up to a buddy's system who lives out of state.

Future plans

(In no particular order)

• Upgrade USG to something more capable / powerful. Been having some issues with the Unifi gear that I'm sure others are familiar with (randomly losing the controller, Gateway is simply not built for gigabit connections (even with IPS/IDS turned off).
• Replace G6s with something quieter or less power-hungry? Not huge priority but it's on the list.
• Have remote data backup synced with buddy who lives in another state (currently just syncing servers disks to BackBlaze, but didn't want to sync media there as well)
• Finally get nginx figured out to reverse proxy some of the dashboards so I can view them outside of the network.
• Delve deeper into grafana / Prometheus
• Set up GNS for practice on networking certifications
• Get some kind of home monitoring / camera solution? Haven't done enough research here yet.
• Work out LDAP authentication / authorization across all of the network
• Tighten up cable management a bit more
• Add additional PDU and possibly UPS--dependent on funding. (Currently using the UPS for my desktop, but will probably move to the rack).
• Get SSL certs and get all traffic encrypted using Let's Encrypt certs or similar.

​

Welp, that's about it. Look forward to any comments or feedback.