Building out a hosting / scripting server

[deanwebb]

Hey all you SDN / VM fans...

What do I want to do for gear when I build out my hosting and scripting server?

For hosting, I'd like three Linux hosts - one for doing scripting, one for doing red team stuff (vuln. scanning, exploit penetration), and one to run Damn Vulnerable Linux (I do security, so I'd like to see if I can keep that box safe). Beyond that, I'll want to have stuff for running some virtual appliances and stuff like that. Are there relatively cheap ways of getting VM hosts built up?

For scripting, I'd like to hear your recommendations on what packages to run so I can do some network automation stuff.

[wintermute000]

Hey all you SDN / VM fans...

What do I want to do for gear when I build out my hosting and scripting server?

For hosting, I'd like three Linux hosts - one for doing scripting, one for doing red team stuff (vuln. scanning, exploit penetration), and one to run Damn Vulnerable Linux (I do security, so I'd like to see if I can keep that box safe). Beyond that, I'll want to have stuff for running some virtual appliances and stuff like that. Are there relatively cheap ways of getting VM hosts built up?

For scripting, I'd like to hear your recommendations on what packages to run so I can do some network automation stuff.

Option one join VMUG for cheap VMware licensing and build a 64gb white box.

Option two build a 64gb white box and learn the dark art of KVM and the fifty million options in Linux to manage it.

Option three run it up in AWS and tie a VPN up but then your throughout is limited to WAN speeds.

Google your hardware compatibility carefully for white box.

Alternatively, second hand rack monsters are incredible value and already virtualization and Linux compatible, but the noise and power draw.

You're a security guy so you'll need a full active directory and DNS setup. Also LDAP / RADIUS / SIEM

I'm option one personally but that was largely to assist my VMware upskilling. I'd likely go option two if I had to do it again and I had the time.

For network lab all you need is EVE-NG and ansible. All roads lead to ansible + Python. My EVE NG box is also my Linux development environment so your scripts can hit your virtual routers on internal loopbacks basically it's super convenient. 

To route within my setup I run the old juniper firefly (basically vSRX on 12 code train). It's free and not throughout limited.  this is the other key advantage of using s single big white box as it's trivial to build out virtual networking and even bridge it into nested virtual e.g. virtual routers running in my EVE NG virtual machine. I've even done NSX fully nested (7 virtual vspheres LOL), it's filthy and just like inception.

[deanwebb]

For option one, how many CPUs do you recommend for the white box?

[wintermute000]

The more the merrier - at least a hexacore. Definitely go workstation / enthusiast grade (if not server) to have access to 6+ cores, dual CPU if you can swing it.


But in general RAM is what you should focus on - again, workstation / enthusiast grade at least, for the 8x slots.


Single thread CPU perf is negligible, anything Sandy Bridge+ is good to go.


This is my rig: 16 cores / 32 threads of overkill Like I said, I ran up a full nested NSX lab - 7x nested Vsphere hosts + AD + Vcenter  + NSX manager, not a hiccup. In fact I want more RAM with NXOSv requiring 8Gb per VM LOL. I scored this for a grand around 12-18 months ago (used of course) including adding a couple of SSDs.


-ASRock EP2C602
See mobo: http://www.asrockrack.com/general/pr...?Model=EP2C602
-2x Intel Xeon E5-2670 (2.6GHz, 3.3GHz turbo)
See ark: http://ark.intel.com/products/64595/...-GTs-Intel-QPI
-64GB of Hynix DDR3 1333MHz PC3-10600R CL9 ECC
-2x be quiet! Pure Rock CPU coolers


http://i.imgur.com/jAZut2k.jpg


I also run a separate vsphere host on an intel NUC which holds my AD, linux and Vcenter. This way my management is isolated from the main lab rig, and I can't chop myself off at the knees accidentally. It also gives me something lower power to run 24x7 which I can then use to remotely power-on the main rig (another major advantage of workstation/server parts: IPMI and remote keyboard/mouse). Did I mention that I like overkill? LOL.


Previous to this, I ran a HP DL380G6 with 2x X5650 (12 cores / 24 threads) and 64Gb RAM. It had the power but it made me go deaf, so I flogged it for something a lot quieter i.e. above, and also with SATA3 so SSDs aren't horribly bottlenecked.


These days though 99% of the time I am just spawning virtual R&S appliances or doing everything nested in one giant EVE-NG VM.

[deanwebb]

Quiet is definitely something I can buy into.

Have to admit, though, spending big money on *fans* is something the PC builder in me from 1997 never thought he'd be doing...

[wintermute000]

With rack monsters to mod the fans is soldering and possibly BIOS hacks too to change the fan profiles. They're designed for racks after all

[deanwebb]

Went refurbished server path on recommendation of others in my team who also bought one: Dell T320

http://www.ebay.com/itm/Dell-PowerEdge-T320-Tower-Server-E5-2470-2-30GHz-8-Core-64GB-RAM-480HDD-iDRAC-7-/282663904182?

Low power use, very quiet they say. Price was very good, as well. I could buy it without having to hope and pray that I could expense it. If I can expense, great. If not, no worries, I can absorb that cost.

Should be here by 2 Oct, so it looks like I get to clean out a ton of old electronics that are piled up where it will go...

[wintermute000]

Yeah good to go and you know VMware and or Linux works perfectly

[deanwebb]

Yeah good to go and you know VMware and or Linux works perfectly

"VMware and Linux? Oh geez..."
"What's wrong, Morty?"
"I-I-I don't know anything about those things, what if I screw up? What if I lost the data on some planet and that led to billions of lives being lost and-and-and-"
"It also runs Windows Server."
"Oh? Really? That's great, but, uh..."
"I have an MSDN subscription, everything's covered. You're welcome."
"Wow, that's, uh... awesome, Rick."
"I'm not configuring it for you, Morty. I have *things* to do. Speaking of which, hand me that ball-peen hammer by the canned ham, will you?"

[deanwebb]

Dude! The Dell T320 showed up early!

Had 3 HDD, 160GB each, looks like only one works. Put in an old 500 GB HDD of mine that has Windows 7 on it... it's freaking out right now, trying to repair install.

Big plus is that this thing runs very very quietly. I'll likely toss out the 160GB drives and get some cheap 2 TB drives in there... They're going for $55 at the local nerd store.

[deanwebb]

Bought 4TB drives instead, lower cost per TB. Now I have 8TB of space. Time to fill it up with VMs!

When building them out, I went through a LOT of help files and peer questions until I got to where I set every one up as a generic Linux 2.6 64-bit and then set the CD setting to mount an ISO in the datastore. Oh yeah, I had to figure out uploading ISOs to the datastore. Once I did that, everything went well until I tried loading some older distros and got kernel panics. Since I wanted to run Damn Vulnerable Linux and that was getting the kernel panics on each distro, I had to do some thinking.

Historically, the last distro release was 2011. VMware was in version 4 back then. I was trying to build the DVL on a VMware version 6.5... so, I changed it to version 4 and the thing loaded just fine. I figured that one out all by myself, but I did get some hints from all the old how-tos from 2011 and 2012 with really old-looking VMware interfaces...

I'll be getting a hardware CounterACT box to use and my co-workers tell me that I can set it up to have a SPAN port on the virtual network and that I can configure the virtual switch to include a trunk port out to the physical switching environment.



For reals? Duuuuude, who knew that doing security would get me to do datacenter-type stuff?

[dlots]

Looks like it might be to late but you can get some nice cheap UCS stuff these days pretty cheap

http://www.ebay.com/itm/Cisco-UCS-C220-M3-2x-E5-2670-2-6GHz-Eight-Cores-4x8GB-SAS-9266-8i-119-/172893193543?hash=item28413cc547:g:46gAAOSw4MNZleyz

[deanwebb]

Tell you what, though, the T320 is very VERY quiet. As in zero sound and zero heat. I can't hardly believe it.