Project: Build home virtualization server

Joe Exotic

Hey all
So i have a long term project in mind, i work in Infosec and i have always wanted to build a home lab for testing malware. im planning to build this over the next year and at this stage Im at the design stage and thought some regulars here might have some good advice.

I'm not great on virtualization or on hardware (haven't spec'd a PC in years and even then i got help here).

Some Requirements
The finished lab would at a min contain the following:
VM1 Qradar Community edition SIEM
VM2 Windows 10
Vm3 Window 7
Vm4 Ubuntu server linux vrious roles
VM5 Ubuntu -Cuckoo Malware analisys

RAS PI 1 -> PFsense
RAs PI 2 -> IDS/IPS snort

Router + switch (Virtualised ? )

Hardware
Im in two minds whether to go with Intel nucs using Xenserver or just buy a used server in tower format from from ebay with good CPU and upgrade ram etc.

Noise/Power/space are important considerations here so cant used a data centre server as they tend to be noisy and power hogs.

My thoughts are 64gb ram couple of TB of storage and two Multi core cpus
AM considering a NAS in RAid 5 for storage but that would def be phase 2 and out of scope for the moment.


Hypervisor
The Functionality of the hypervisor is the most important factor, I'm leaning towards Xenserver as esxi freeversion has a CPU core limit which wouldn't suit the Qradar Virtual machine. that being said im always looking to upskill, i assume that in industry its vmware/hyper-v all the way.


Money is an object i haven't a budget just yet and will probably buy over time but id say 700-800 max off the top of my head. Don't need any peripherals ill remote into it

I suppose my first question is whether this is feasible or not ?

After that id love to hear feedback, suggestions or even stories of other peoples home server builds.

I'm going to do up a net diagram shortly ill upload it if people are interested

Diarmuid

I have been running a Xen hypervison on Linux for the past few years. On an old FX-6300 w 16GB RAM. It runs fine. I usually have only 3 VM clients running at any one time and they are are Linux headless clients so RAM requirements are low.

It's been 5 years since I built it some I'm in the process of upgrade the RAM, CPU + mb to Ryzen gen3.

700 is plenty to work with. Do you have a case or anything laying around or is it from scratch? Do you really need 64GB? Sounds like a lot

Joe Exotic

Diarmuid wrote: »

I have been running a Xen hypervison on Linux for the past few years. On an old FX-6300 w 16GB RAM. It runs fine. I usually have only 3 VM clients running at any one time and they are are Linux headless clients so RAM requirements are low.

It's been 5 years since I built it some I'm in the process of upgrade the RAM, CPU + mb to Ryzen gen3.

700 is plenty to work with. Do you have a case or anything laying around or is it from scratch?

Its completely from scratch, i had looked at getting a reconditioned tower server from ebay and just upgrade ram

Diarmuid

murphk wrote: »

Its completely from scratch, i had looked at getting a reconditioned tower server from ebay and just upgrade ram

I would expect something like that to be on the noisier side. I guess it depends on how important the noise level is to you.

ED E

The important question is do you need them all running together? If you'll only ever use two VMsa at once thats could be lot cheaper than running the five+ together.


Lots of MS products are trash but Hyper-V has really come along in leaps and bounds. Don't discount it off of the cuff. You can PFSense in a VM if you want routing control and not just bridge them onto your lan (probably a good idea for something that might reach out looking for SMB shares to infect).

Xeon v2 has dropped to dirt cheap now but thats because its so old, if you could get a good price on 2x Haswell E chips (ES/QS on Ebay) then you'd have plenty of horses. On an EEB mobo in a tower case vs in a 2U the acustics will be muuuuch better.

snoopboggybog

For that I'd honestly just go with a Ryzen build and 24GB-32GB of Ram with VM's running under Hyper V or Vmware desktop.

You don't need a server. Can order a few network cards as well if needed.

Cuddlesworth

snoopboggybog wrote: »

For that I'd honestly just go with a Ryzen build and 24GB-32GB of Ram with VM's running under Hyper V or Vmware desktop.

You don't need a server. Can order a few network cards as well if needed.

Except I can spec a second hand 32 thread 384gb of ram Dell 720 server for around the same price as a ryzen system with significantly less horsepower.

Non-registered memory is very limited and running VM's you find yourself slamming off that memory well before anything else now days. Less PCI-express lanes, less ports for hard-drives. The more you look at what desktop parts do, the more appealing second hand enterprise gear looks.

snoopboggybog

Cuddlesworth wrote: »

Except I can spec a second hand 32 thread 384gb of ram Dell 720 server for around the same price as a ryzen system with significantly less horsepower.

Non-registered memory is very limited and running VM's you find yourself slamming off that memory well before anything else now days. Less PCI-express lanes, less ports for hard-drives. The more you look at what desktop parts do, the more appealing second hand enterprise gear looks.

I understand that but for five VMs it's a bit over the top. I was going to buy an old HP server and run ESXI but just thought to myself what's the point of having all that horse power when I'll never use it, particularly with the noise and size of running something like the one you mentioned.

Serephucus

I've just built another server around a 3600 and 64GB RAM. I'm waiting on a replacement kit, but once that arrives I can give you an idea of what it can run.

It really depends on how much of this stuff you want to run together, but the other's are right; the limiting factor you'll notice first will be RAM. If you don't need CPU grunt, and you're just needing the RAM for OS overhead, then a NUC or something similar is probably going to do you fine.

The server I just built is in a customer 2U chassis with Noctuas, and even then, it's loud as hell. I'd be going for a tower or other form factor before I'd consider used enterprise stuff. No question an R720 or whatever is better value, but the power and noise isn't worth the savings in my book.

Cuddlesworth

snoopboggybog wrote: »

I understand that but for five VMs it's a bit over the top. I was going to buy an old HP server and run ESXI but just thought to myself what's the point of having all that horse power when I'll never use it, particularly with the noise and size of running something like the one you mentioned.

Depending on the generation of server, newer models really ramp down the cooling and fans to a very low hum.