Step 1: Design the Infrastructure
... Again.. and again.. and..
My name is Michael Connaker, and I am an experienced Site Reliability Engineer and Cloud Engineer.
With over a decade of experience in Information Technology, I have worked across a broad spectrum of disciplines, including networking, systems administration, desktop support, and cloud management. Currently I specialize as a Site Reliability Engineer and Cloud Engineer, where my expertise in Infrastructure as Code (IaC), GitOps, Configuration Managment and CI/CD tools is used to automate deployments for improved efficiency, scalability, and cost optimization. I have a strong ability to drive collaboration with clients and teams, ensuring seamless execution and delivery of results.
I have extensive leadership experience, serving as a Subject Matter Expert (SME) to clients and colleagues, as well as a Team Lead managing a team of 8 to 12 members. In this role, I provided guidance and direction, collaborated with management to develop and enhance onboarding procedures, SLAs, SLOs, technical documentation, and shaped the team’s vision and strategy. Additionally, as an Agile leader, I facilitated sprints, reported progress to senior leadership, and led Scrum of Scrums and retrospectives to drive continuous improvement.
I am educated with a Bachelors of Arts in General Studies and Associates of Applied Science in Computer Networking & Systems Administration. I have also achieved several industry certifications.
Outside the technical realm, I’m an avid reader with a passion for Sci-Fi and Supernatural genres, and a dedicated gamer, having explored countless virtual worlds across multiple platforms. Yet, my most fulfilling adventure is fatherhood to my two teenage daughters and a newborn son — a role that brings immense joy and fresh challenges every day.
Mister Accidental, the owner of Accidental Cloud, has hired Mister Sighs to design, deploy, and maintain the internal infrastructure for his new business. Due to limited funds, Mister Accidental has asked Mister Sighs to utilize an HP Proliant DL360 to get the business off the ground.
Mister Accidental is a lawyer who mediates between clients and cloud companies, specifically assisting in cases of accidental overages where clients forget to turn off resources. Additionally, he plans to deploy internal services that can create QR codes, generate weather reports, and perform other useful tasks.
Mister Sighs agrees and decides that his first step will be to design the infrastructure layout before proceeding with deployment.
Today, we will look at the infrastructure that will be deployed on the HP Proliant DL360. Since everything will be virtualized within the server, the need for physical switches and routers can be eliminated. Additionally, as we are limited to a single server, a Type-1 hypervisor will be necessary to deploy the infrastructure.
Disclaimer
Before proceeding, it's important to note that this environment is being built in a home lab, meaning all operations on the server will be isolated from the home network. This isolation ensures that any testing or configuration changes within the lab do not impact the home network, thereby mitigating risks such as network congestion or security vulnerabilities. In a real-world scenario, this type of environment would be deployed within the company’s network and would handle requests from workstations and other devices. For this environment, we will simulate that using a lightweight VM on the server.
Additionally, the linked HP Proliant DL360 is the one I purchased a few years ago. If you are looking to use a similar server, I would suggest this server which has more processing power and RAM.
Overview of the Specs
The HP Proliant DL360 server features two E5-2680 CPUs, each with 6 cores and 12 threads, 64 GB of RAM, and 2.4 TB of storage space. With 12 threads per CPU, the server has a total of 24 threads. It is a robust server but still limited in resources, meaning Mister Sighs must carefully plan what he can deploy.
The Design
Mister Sighs has opted for a straightforward approach to the infrastructure layout. First and foremost, he needs a Type-1 hypervisor.
A Type-1 hypervisor is virtualization software that is installed directly on a computer’s physical hardware. It interacts directly with the computer’s CPU, memory, and storage. These hypervisors are prevalent in IT enterprises due to their efficiency, scalability, stability, and effective resource management capabilities. Some of the most common Type-1 hypervisors include VMware ESXi, Microsoft Hyper-V, Citrix Hypervisor, and Red Hat Enterprise Virtualization. Free alternatives include Proxmox, Xen, and KVM.
For this project, Proxmox will be used. Proxmox is an enterprise-grade virtualization platform with a built-in web interface for easy VM management. It also supports plugins and providers for automation tools like Ansible, Terraform, and Packer.
With the Type-1 hypervisor selected, the next step is setting up the firewall. In a company, a firewall is used to restrict or permit the flow of traffic between networks. In this case, a firewall will be set up at the edge of the network. Mister Sighs prefers open-source solutions, which are often free, customizable, and transparent. Options include OPNsense, IPFire, Untangle NG, pfSense, and more.
For this scenario, pfSense will be utilized. pfSense is regarded as one of the world's most trustworthy open-source firewalls for securing businesses. It is built on stateful packet filtering and is highly customizable with a wide range of features.
While pfSense has OpenVPN, Mister Sighs decides to use WireGuard. WireGuard is regarded to have better performance, minimal code base, higher security with the usage of public/private keys and of course is open-source. Since resources are finite and WireGuard can be deployed with 1 CPU and 1GB of memory, it makes it an optimal choice.
For the remaining infrastructure, Mister Sighs decides to use two docker servers to manage monitoring, pipelines and registries and both development and production environments on a single Kubernetes cluster.
Ultimately, Mister Sighs devises the following infrastructure design:
This configuration requires six servers, a workstation, and a pfSense firewall. The initial rough draft provides an idea of the necessary components, but more work remains. The first step is setting up Proxmox.
In the next blog, we will delve into the setup and configuration of Proxmox.
