- Oct 12, 2015
- 5
- 0
- 0
I will be as detailed as possible. I am hoping to get some help setting up a vSphere host so that I can remotely access it from the internet.
I have a couple of options available to me, and people that I know who work in this field are giving me conflicting advice.
I recently started working as a network administrator. My mission is to basically learn as much about advanced networking concepts as possible as quickly as possible. To that effect, my employer has given me an old server with 64GB of RAM and dual Xeons, on which I can build a VMware host.
Additionally, I am a student, so I get free licenses for pretty much everything (including vSphere, vCenter Server, Server 2012, etc).
The server is quite loud, and so having it in my living room is not really an option. My parents, as a result, have allowed me to have the server running in their basement. They have a 150Mbps connection through Bright House, and I can get into their Bright House modem to make any configuration changes I would like (they do not live very far away from me). Additionally, my father is a computer security engineer, so I am surrounded by reasonably competent people, in case I should ever run in to some snag.
My parents' ISP does not provide a static IP address with the service that they currently subscribe to, so over the long term, I will need to implement some sort of dynamic DNS system, so that I can access this remotely using only an internet hostname.
Now on to the fun stuff. I know that I should be able to have the Bright House modem forward all inbound, unsolicited traffic to a specific IP address on it's network. I assume that if I wanted to, I could statically bind the server NICs MAC address to a specific IP address (lets say that I decide on 192.168.1.119/24, although it isn't important right now).
My boss also offered me a Cisco ASA, which has several functions. To be clear, I do not fully understand everything that an ASA could do, but I do know that it could provide a VPN, and if I understand correctly, it could also do DHCP, VLANs, and a host of other networking functions.
Alternatively, I am sure there is a way to use something like PfSense as a virtual machine running inside the server to act as a VPN provider, firewall, etc.
My question is, if this was your lab, how would you design this network? If you would do something that requires components that I do not already have, I am quite sure that it would be reasonably easy to acquire the device necessary.
Since this server will live in my parents basement, and I do not live at their house, the ability to access this from the internet is a must. I would like to either be able to access the vCenter Server web console from the internet(preferred), or I would like to be able to have VPN access into the network where I would then be able to get into the local web interface.
Additionally, what are any security implications that I should consider. As I was explaining to others while talking about this, I don't want to just stick an ESXi host "bare-ass" on the internet.
Remember, I am fairly new to the more advanced networking stuff, so try not to make too many assumptions about what I should already know. I have the Network+ certification, so I can objectively say that I am not a complete idiot, but it's probably best to be cautious.
I have a couple of options available to me, and people that I know who work in this field are giving me conflicting advice.
I recently started working as a network administrator. My mission is to basically learn as much about advanced networking concepts as possible as quickly as possible. To that effect, my employer has given me an old server with 64GB of RAM and dual Xeons, on which I can build a VMware host.
Additionally, I am a student, so I get free licenses for pretty much everything (including vSphere, vCenter Server, Server 2012, etc).
The server is quite loud, and so having it in my living room is not really an option. My parents, as a result, have allowed me to have the server running in their basement. They have a 150Mbps connection through Bright House, and I can get into their Bright House modem to make any configuration changes I would like (they do not live very far away from me). Additionally, my father is a computer security engineer, so I am surrounded by reasonably competent people, in case I should ever run in to some snag.
My parents' ISP does not provide a static IP address with the service that they currently subscribe to, so over the long term, I will need to implement some sort of dynamic DNS system, so that I can access this remotely using only an internet hostname.
Now on to the fun stuff. I know that I should be able to have the Bright House modem forward all inbound, unsolicited traffic to a specific IP address on it's network. I assume that if I wanted to, I could statically bind the server NICs MAC address to a specific IP address (lets say that I decide on 192.168.1.119/24, although it isn't important right now).
My boss also offered me a Cisco ASA, which has several functions. To be clear, I do not fully understand everything that an ASA could do, but I do know that it could provide a VPN, and if I understand correctly, it could also do DHCP, VLANs, and a host of other networking functions.
Alternatively, I am sure there is a way to use something like PfSense as a virtual machine running inside the server to act as a VPN provider, firewall, etc.
My question is, if this was your lab, how would you design this network? If you would do something that requires components that I do not already have, I am quite sure that it would be reasonably easy to acquire the device necessary.
Since this server will live in my parents basement, and I do not live at their house, the ability to access this from the internet is a must. I would like to either be able to access the vCenter Server web console from the internet(preferred), or I would like to be able to have VPN access into the network where I would then be able to get into the local web interface.
Additionally, what are any security implications that I should consider. As I was explaining to others while talking about this, I don't want to just stick an ESXi host "bare-ass" on the internet.
Remember, I am fairly new to the more advanced networking stuff, so try not to make too many assumptions about what I should already know. I have the Network+ certification, so I can objectively say that I am not a complete idiot, but it's probably best to be cautious.