IT Learning Lab Tour – Part 3

This part of the lab is no longer in use, but the equipment still functions fine. In fact, this was actually my original lab: My CCNA Routing and Switching training lab!

When I transitioned from my teaching career to IT, my formal training at Gwinnett Tech was in their Cisco Networking program. Before I sat for the ICND1 and 2 exams, I wanted to practice the concepts on actual equipment. Again, the idea was to be able to say truthfully that I’ve worked on and trained with actual networking equipment rather than just Cisco Packet Tracer. That being said Packet Tracer is a GREAT tool for learning.

My learning work flow was something like this:

  1. See some behavior on real switches / routers I thought was odd
  2. Replicate what I was doing in Packet Tracer.
  3. Use Packet Tracer’s tools to see exactly what’s going on and what caused said behavior.

The equipment I used for this lab consisted of two Cisco 1841 routers and one Cisco 2811 router. Also, I used two Cisco 2950C switches and one Cisco 2960 switch. I acquired all of this from CertificationKits. I could probably have got stuff cheaper from Ebay, but at the time, CertificationKits had the hardware I wanted including mounting brackets, etc. I just noticed the mainly still sell the same models of stuff I used for my CCNA tests from three years ago. Maybe the CCNA hasn’t been updated?

My current job now has a dedicated networking team, with me living within the server and systems administration team. I must say listening and watching the network folk do their thing has rekindled some of the love and enjoyment I had from learning networking with my GTC classes.

Fun Times with Administrative Shares

So, I have my nice, shiny, clean install of Hyper-V Server 2016. Thanks to some wisdom by one of my ML friends, Timothy Gruber, I have everything configured to manage my new server from my Windows 10 desktop — alas, I don’t know of any Hyper-V management tools for Linux.

Using a remote PowerShell connection, I configured my D:\ drive on the Hyper-V host, to be ready to store ISOs and VHDXs. So the next logical step would be, get some ISOs on this thing and start making some VMs! Administrative shares could be just the tool for the job. After all, I should be able to do something like this New-PSDrive -Name X -Root "\\MYHOST\C$" -Credential (Get-Credential) -PSProvider FileSystem, feed it the administrator credentials for my Hyper-V host, then go to town copying some ISOs over — especially since Get-SMBShare shows they’re available. But alas! The remote location cannot be found.

Prior to this I edited my hosts file (still sucks that I have to go to C:\Windows\System32\Drivers\Etc to get something that should just live in /etc), so hostname resolution shouldn’t be a problem. I also set the network profile on the Hyper-V host to be private. However, attempting to access that share while running Wireshark yielded TCP re-transmissions for traffic destined to port 445 on my Hyper-V host. Also, Test-NetConnection with -Port 445 failed.

This thing just isn’t accepting my traffic. Thinking a bit + Googling, has yielded me a few possible solution to this. First, I could install the File Services role on my Hyper-V host. I’d like not to do this, since I really don’t want this box being more than a hypervisor. Since this is supposed to just be the Hyper-V hypervisor, that role might not even be available. Second, I could try to open port 445 specifically within the Windows firewall. Third, I could try to open a group of items within the Windows Firewall — found that on some article via Google. Fourth, sneakernet.

Since this is just for a lab, I ought to use sneakernet and be done; however, I’m thinking about what if I didn’t have physical access to this machine. What would make sense to be able to transfer files to it. I would imagine the answer would be along the lines of create an SMB share — which, really isn’t necessary since the administrative shares are there, and clearly the host is dropping SMB traffic.

As I’ve rambled on, I think I know my answer. Open port 445, transfer what I need to transfer, then close it. Well, it’s time to put that to the test :D. Since I have my Linux lab in colo, I’m currently creating a VM for Hyper-V server and another for Windows 10, to test these scenarios and see what least amount of change and exposure can be done to get some ISOs onto my new Hyper-V host.

IT Learning Lab Tour – Part 2

I have a few minutes after having a delicious sandwich for lunch, so I figure I’ll knock out part two.

I’ve decided to pursue the Windows Server 2016 MCSA certification. There is a bit of logic behind it, but ultimately it was simply coming to a decision. There’s so much on my list of what I want to learn, I simply have to start somewhere. My general philosophy about IT certifications is to use them as a guide to gain some knowledge, and at the end, get a cert — rather than get a cert simply to pass a test. While, I have a great interest in Linux, there are some knowledge gaps with my knowledge of Windows Server administration, and frankly, I want to be fluent in both worlds.

The Windows Lab

This is a single tower server that lives in my apartment. At one point, I was running VMs using Hyper-V on my desktop computer, but the problem there is it’s not feasible to work with only Hyper-V server on the bare metal. Also, I wanted a device that could handle 64 GB or more of RAM. I ended up finding what I think was a good deal on a Dell T420 off of Ebay. Right now, I’ll have only one NIC connected, but I might end up segregating this server on its own subnet — only if it either makes sense to do so, or I find an itch for handling traffic traffic from other subnets that needs to be scratched. The plan for this server is host the VMs I need to go through the chapters and exercises from these books.

Why not colocation?

I considered getting another rack server and putting it colocation, but the cost doesn’t make sense. Plus, unlike the Linux lab server, where I don’t foresee needing to re-install the hypervisor due to experimentation and breaking, this server is all about break / fix / experiment. I’m sure the training materials will want me to try some different configurations, which will likely mean I’ll need to wipe and start over a few times. The T420 runs quiet, unlike a rack server, so having it in my apartment isn’t a problem.

IT Learning Lab Tour – Part 1

Despite the name, there are actually three labs, depending on your perspective.

The first is my Linux lab. This is a single server in colocation running KVM as its hypervisor. Pretty much anything that needs to face the Internet will be done in this lab, including this site.

Why colocation?

It’s mainly for the experience of having to manage something that’s truly remote. Truly is defined as not really possible for me to get to $theThing without some great effort. Also, I would be able to say (and not lie) on a resume that I’ve managed $thisThing in production on enterprise hardware hosted in colocation. Finally, being in colocation makes me have to be a bit more careful with some choices I make with whatever I’m working. I can’t be summoning Colocation America staff to set me up with some kind of IP-KVM all the time, because I’ve broken stuff.

From the cost perspective (in my case $75 / month) it initially doesn’t make sense to use colocation. Being in colocation makes having access to public IP addresses much easier. You could argue that I could have public-facing VMs using a VPS service; however, with the stuff I plan on doing (especially if I get NextCloud going), the storage needs will make VPS more expensive than I’m willing to pay. There are also some non-cost reasons why it did make sense for me. First, the server that’s in colocation is 1U rack server. In my two-bedroom apartment, that was pretty loud for the room where it lived. While I could deal with the noise, not having it there is nice. Also, my server is in a more secured environment physically. Methinks it’s easier to break into my apartment than the colo facility.

You have a single server in colocation with no router and no switch. How does the traffic flow?

That took a bit of planning, but here’s how it works. Like any good physical server, my little guy has a hypervisor (KVM) installed on the bare metal. The one NIC I have attached to the colo’s infrastructure is bridged to one of the virtual NICs that’s attached to a firewall VM. Thus, all traffic (including traffic destined for the hypervisor itself) is inspected by the firewall VM. From the firewall VM, if the traffic isn’t dropped, heads on to its destination. Getting back to the needing-to-be-a-bit-careful-since-I’m-in-colo, this is an example of how careful consideration was needed. From what I’ve learend, VMs in KVM don’t autostart by default, so before I shipped off my server, I had to test and make 100% sure that the firewall VM does auto-start and that it’s configuration was valid. How I tested the configuration will be another post sometime.

Coming up in part two will be my newly deployed on-premises lab: The Windows Lab.