Technology‎ > ‎

Systems


Life imitates Work

posted May 13, 2015, 3:27 PM by GamerDadster Video Gaming   [ updated May 13, 2015, 7:27 PM ]

The learning process
Well in most cases Art imitates Life, and Life imitates Art, but time for something new.  Instead of applying what I have learned in school, training, and life at work, I am applying knowledge used at work to better our household technological lives.  It is quite interesting how many enterprise class products and services there are available free for personal use.

In a typical home environment Internet access requires a modem of some type either purchased from, or provided by the ISP (Internet Service Provider).  These modems usually contain a NAT (Network Address Translation) firewall on the inside, and the higher end units usually include some form of wireless networking support.  The firewall on the inside means that you are "supposed" to be managing it, it is not accessible by anyone but you, it is secure, and private.

The process begins
It starts out by my deciding that I would buy a cable modem to save money by no longer having to rent the old 4 port cable modem from the ISP.  The new modem allowed me to have both higher internal and external network speeds with the new equipment.  Ideally this new device would reduce the number of network devices on my home network, and reduce power consumption.  After the upgrade of my service was complete, the next step was to reduce power usage by eliminating as best possible my old RV016 switch and firewall.

SIDE NOTE: The features and options on the RV016 make it an incredible device, unfortunately given the year it was designed, the maximum speed on any interface is 100Mbps.

After the upgrade was complete, I connected most of the important network items directly to the cable modem, and connected the RV016 as a switch to the cable modem for seldom used devices as this first 
illustration depicts, but it was powered off most of the time.

And it gets interesting
Change comes about to version 1.0 of the network as the result of a call to my ISP during a service outage.  I find out that the provider has full access including passwords in plain text (English readable form) to the configuration of the firewall, WAP (Wireless Access Point), and the ability to view traffic (information) on the inside of the cable modem firewall.  I find it interesting that even at home we are not safe from potential vulnerabilities, even though we pay for these services.

Time for change...again...
Taking what I have learned in the enterprise security and virtualization space, and the newly derived knowledge of my ISP's access, I decided to apply it all to a little home project.  I also decided to do some network zoning similar to the original configuration before the upgrades.  Instead of putting back the old and slow RV016, I opted for a bit fancier solution using VMWare's ESXi product (note 6.0 is the latest edition), a new home built server (see this article), a multi-port network card, and a new gigabit switch.

Using VMWare on the newly built server (host), I took advantage of the multiport card to create a little security zoning on the network.  Why?  Because its a great way to learn, just for fun, because we can, and its free! 
This second illustration depicts the logical configuration of the new network, where the inside switch and network also known as an OZ (Operational Zone) are protected from the PAZ (Public Access Zone) by a firewall.

You will also note that there are no longer any devices physically connected to the cable modem except the VMWare host as per the physical diagram below.  Although that is the case physically, logically there is one Linux guest (VM) running Ubuntu 14.04 and Minecraft in the PAZ that can be accessed from the Internet.

I also decided to disable the WAP on the cable modem, and replace it with a dedicated EnGenius EAP350 WAP.  The WAP allows for a total of four SSIDs (I've created a primary & guest SSID), and it supports SSID-to-VLAN (Virtual LAN) tagging to allow for full guest network traffic segregation.  All traffic in this new configuration is fully protected by Zentyal, a Linux based firewall distribution running as a guest on the ESX host.  Services include firewall, DNS, DHCP, file sharing, email and much more; I am only using the firewall, DNS, and DHCP services right now.

This third illustration shows the physical configuration of the network.  The ESX server has one network connection to the cable modem (outside), one to the 24 port switch (inside), and one to the WAP using vlan tagging (outside, inside) for traffic segregation of home and guest users.
  This also allows our house guests access to the Internet via the cable modem firewall.

The Zentyal firewall guest VM has two interfaces, inside and outside, and this allows traffic to pass from the inside to the outside, but not the other way.  The NAS guest VM has only an inside interface, and is thus only available to systems on the inside.

The Minecraft Linux guest VM has only one network interface, an outside interface, but this exposes the VM to the PAZ.  In order for the Minecraft server to communicate to the users on the inside, all communication is passed through the Zentyal firewall.  This is not the case for users that are on our guest network, or out on the Internet.  For those out on the Internet I have used an option that is available on most cable modem firewalls to do port forwarding which allows information arriving at the cable modem firewall on the outside to be redirected to a specific server and service on the inside.

Success is measured in smiles
The systems described above have been in operation for a year now and they have been fine tuned over that same period.  Our friends have been joining us and playing games for almost the same time.  I have since installed the beta version of Minecraft pocket edition server which took some serious work to get functional, and not crash continuously.  I have had to restrict access as my son told one friend and it went through his grade like wildfire.  No ten year old can appreciate the amount of work that goes into a project of this magnitude, but I have been able to measure the usefulness in smiles.  My next article will be on the installation of a Ubuntu 14.04 Linux server (VM), WebAdmin, and Minecraft server.

GamerDadster...

The Home Server

posted Apr 24, 2015, 7:33 PM by GamerDadster Video Gaming   [ updated Jan 16, 2016, 6:42 PM ]

Workstation Update 2016: New video card and Windows 10 upgrade (see below)
Server Update: New build in-progress including Intel i7-4Ghz

The Process
My home server build went through two phases, both were built from scratch, and using two complete sets of new parts purchased from Canada Computers.  They were built in series with the first being a power-house, and a power pig!  The second was far more efficient, with more storage.  They both exist now, but serve different purposes.

First Build
The first build was the most powerful using the best hardware and processor available on sale without breaking the bank for the project.  Given that the server was to be running non-stop 24/7 it was important that it had enough computing power, but did not use excessive electrical power.  After being fully built and operational with applications running, the server was pulling anywhere from 100-130 watts which in my mind was far too much.  The amount of computing power was far more than expected, and could be used in good conscience.

Ironically many of the things learned at work include problems experienced such as rack space design, cabling, cooling, and power.  Consolidation means less cabling, less complexity, less hardware which means less power, and less power results in less cooling being required.  It is very important not to oversize or undersize the solution, doing so would result in too much power wastage, or applications that are not responsive enough.  The lesson here for home was to not oversize, but to keep the workload right, and thus the power load reasonable.

The original i7 configuration went like this:
ASUS P8Z77-V LE Motherboard
4x8GB Kingston Hyper X KHX1600C10D3B1/8G
Intel i7-3770K, 3.5 GHz, 8MB Cache, LGA1155 (unlocked)
Intel 4-Port Network card
256GB ADATA SSD - SX900
2x3TB WD Green Drives
VMWare ESXi 5.5

After the power discovery, I decided to remove many of the components from the original server build and donate them to the new server in the second build.  Above is the original server configuration, below is after the parts removal and rebuild.  Since the initial build, this system has been re-purposed to be a high-end workstation.  Given the new purpose of the system I had to purchase some additional components including video card and faster WD Black hard drive.

UPDATE 2016: The final i7 configuration went like this:
ASUS P8Z77-V LE Motherboard
NEW 2x4GB DDR3 PC3-15000 1866MHz - Patriot PVI38G186C9K
Upgrade 2016: 2x4GB DDR3 PC3-15000 1866MHz - Corsair CMY8GX3M2A1866C9B
Intel i7-3770K, 3.5 GHz, 8MB Cache, LGA1155
NEW Onboard Network card (actually re-enabled)
256GB ADATA SSD - SX900
NEW 1xWD Caviar Black 1TB Drive - WD1002FAEX
*Removed* LG Multi DVD Writer - GH24NS95
Upgrade 2016: ASUS 16X Blu-Ray Disc Drive - BW-16D1HT
*Removed* ATI Radeon HD 5450 1GB DDR3 video card
Upgrade 2016: ASUS GEFORCE GTX 960 2GB - STRIX-GTX960-DC2OC-2GD5
Antec One case
*Removed* Microsoft Windows 8
Upgrade 2015: Microsoft Windows 10 - Huge improvement, better desktop


Second Build
So, I did a little research and found that the i3 processor from a cost/computing perspective was the best value.  The processor I really wanted was a specific low power model of the i3 (35 watts), but the lead-time to order was almost 3 months.  I opted instead for the next model up, a little more power, a little more performance, but same cost.  The new server build was a huge success from both a compatibility perspective with VMWare, and overall power consumption.  Including the cable modem, and the server running a reasonably heavy load the power meter was indicating a mere 60-65 watts; almost a 50% savings.  The final and only configuration of this server is as below, and it has been operating in this configuration for approximately one year:

The only i3 configuration:
ASUS B85M-G Motherboard
4x8GB Kingston Hyper X - KHX1600C10D3B1/8G
i3-4130, 3.4GHz, 3MB Cache, LGA1150
Intel 4-Port Network card
256GB ADATA SSD - SX900
1x2TB 7200 NAS Drive
2x3TB WD Green Drives
Removable drive tray for one of the WD Green Drives
VMWare ESXi 5.5

Keep on the look out for another article with more information on the VMWare build, the servers running on the host, and their respective purposes.

Screenshot of the VMWare console running on the new server:

1-2 of 2