I've decided to embark on another hardware adventure - this time I'm in pursuit of being able to pentest cloud native products within my own local network. Fundamentally this should be simple, but I have absolutely zero experience with enterprise grade rack gear so, let's see how hard this is for me!
First, I need to figure out how much hardware I need. It'll be easiest to work backwards from what workloads I want to run, so here's what I want to achieve:
- Virtual Gateway (pfSense: 2Gb RAM, 1 CPU)
- Media Server VM (8Gb RAM, 2CPU, Ample storage)
- Kubernetes Cluster VM's (Consume extra space)
- Local Cloud Storage solution (Storage)
- CICD Pipelines
- Docker Registry
- Monitoring Stack
- This blog
- Headroom for deploying VM's for test purposes
The first thing I learned was the terminology used to describe the rack itself. The rack is simply a four-post system of standard height increments. The depth of the rack can vary, but all components slide in on rails so it doesn't overly matter as long as it's 'more than enough'.
A rack unit (abbreviated as U, less commonly seen as RU) is a unit of measurement applied to equipment racks and the servers, disk drives and other devices that they contain. One U is 1.75 inches (44.45mm); the standard rack, at 19 inches, is 42U.
Considerations to make when choosing this:
- Size (obviously) to support components we want, with some excess for expandability
- Cooling (Open Vs. Closed cab) mostly depends on location this gets placed I want the flexibility to move this around, so I'll likely go with something like:
- 12U On wheels, open back
- A locking cabinet It took me a while before I realized however, that the depth isn't standard with these! The products I listed were not compatible with servers! We require at least 30" depth... I'll be placing this in a guest bedroom (hilarious in my opinion) so I'll opt for something contained. I ended up picking up A 12U 35" depth rack from sysracks. I found a local re-seller that removed the need for paying shipping or currency conversion rates, for $360 CAD. I think 12U should be plenty to fit the hardware I need.
I checked around the usual suspects first: New Egg, Canada Computers, Ebay and so on. I mostly did that to get an idea of the price range for the gear. I then wound up checked out a local listing site, and getting a great deal on two Dell racks. They're a bit old, but the deal was really good and I figure it's perfect for me to get my feet wet with.
1U form factor 4 Gigabit Interfaces 2x 300Gb SAS drives with RAID controller, 4x empty slots 16 x Intel(R) Xeon(R) CPU E5620 @ 2.40GHz (2 Sockets) 16Gb RAM
2U form factor 4 Gigabit Interfaces 4x 2Tb Sas drives No RAID Card (talk more about this later) 24 x Intel(R) Xeon(R) CPU X5650 @ 2.67GHz (2 Sockets) 64Gb RAM
My network topology will be fairly basic:
- WAN from ISP, Fiber Inbound to Bell Home Hub 3000
- VLAN0 untagged from Home Hub to pfSense firewall on R610 rack
- VLAN for LAN, provide Wireless with a WAP to connect downstream devices behind the firewall
- VLAN for cluster network (Connecting together the kubernetes nodes)
- VLAN for management network (Allow management interfaces of switches/servers to bind here)
I'll absolutely need a managed switch to implement this behavior...
I found a
Cisco Catalyst 3750X Managed Switch WS-C3750X-48P-S PoE+ 48 ports 715W ios 15on ebay for under $200, OVERKILL as hell but I couldn't resist.
The stock RAID controller in the R710 doesn't support IT mode on the card. Without IT support, all drives dropped into the server will have to get placed into a RAID configuration. I plan on handling replication at software level using ZFS or Ceph, both strongly recommend not even using RAID0. So, I had to buy a different RAID card and attempt to cross-flash it to support my system. I found a H310 on ebay and took the dive! I also had to pickup two of these cables.
These pieces I'll probably not get anytime soon but would be fun to get!
I currently live in quite an old building, where at least once there was a massive transformer failure in the basement that caused a multi-day power outage and some huge spikes on the line. I'm certainly going to grab a UPS and pay close attention to surge protection. I'll fill 1U with something like:
Likely I'll pickup a 2U intake fan to place at the bottom of the rack, and a 1U exhaust to place at the top.