mirror of
https://github.com/LCTT/TranslateProject.git
synced 2025-03-03 01:10:13 +08:00
Xingyu.Wang
GitHub
commit
e4efb8cb05
@ -1,107 +0,0 @@
|
||||
[#]: collector: (lujun9972)
|
||||
[#]: translator: (wyxplus)
|
||||
[#]: reviewer: ( )
|
||||
[#]: publisher: ( )
|
||||
[#]: url: ( )
|
||||
[#]: subject: (How to set up a homelab from hardware to firewall)
|
||||
[#]: via: (https://opensource.com/article/19/3/home-lab)
|
||||
[#]: author: (Michael Zamot https://opensource.com/users/mzamot)
|
||||
|
||||
How to set up a homelab from hardware to firewall
|
||||
======
|
||||
|
||||
Take a look at hardware and software options for building your own homelab.
|
||||
|
||||
![][1]
|
||||
|
||||
Do you want to create a homelab? Maybe you want to experiment with different technologies, create development environments, or have your own private cloud. There are many reasons to have a homelab, and this guide aims to make it easier to get started.
|
||||
|
||||
There are three categories to consider when planning a home lab: hardware, software, and maintenance. We'll look at the first two categories here and save maintaining your computer lab for a future article.
|
||||
|
||||
### Hardware
|
||||
|
||||
When thinking about your hardware needs, first consider how you plan to use your lab as well as your budget, noise, space, and power usage.
|
||||
|
||||
If buying new hardware is too expensive, search local universities, ads, and websites like eBay or Craigslist for recycled servers. They are usually inexpensive, and server-grade hardware is built to last many years. You'll need three types of hardware: a virtualization server, storage, and a router/firewall.
|
||||
|
||||
#### Virtualization servers
|
||||
|
||||
A virtualization server allows you to run several virtual machines that share the physical box's resources while maximizing and isolating resources. If you break one virtual machine, you won't have to rebuild the entire server, just the virtual one. If you want to do a test or try something without the risk of breaking your entire system, just spin up a new virtual machine and you're ready to go.
|
||||
|
||||
The two most important factors to consider in a virtualization server are the number and speed of its CPU cores and its memory. If there are not enough resources to share among all the virtual machines, they'll be overallocated and try to steal each other's CPU cycles and memory.
|
||||
|
||||
So, consider a CPU platform with multiple cores. You want to ensure the CPU supports virtualization instructions (VT-x for Intel and AMD-V for AMD). Examples of good consumer-grade processors that can handle virtualization are Intel i5 or i7 and AMD Ryzen. If you are considering server-grade hardware, the Xeon class for Intel and EPYC for AMD are good options. Memory can be expensive, especially the latest DDR4 SDRAM. When estimating memory requirements, factor at least 2GB for the host operating system's memory consumption.
|
||||
|
||||
If your electricity bill or noise is a concern, solutions like Intel's NUC devices provide a small form factor, low power usage, and reduced noise, but at the expense of expandability.
|
||||
|
||||
#### Network-attached storage (NAS)
|
||||
|
||||
If you want a machine loaded with hard drives to store all your personal data, movies, pictures, etc. and provide storage for the virtualization server, network-attached storage (NAS) is what you want.
|
||||
|
||||
In most cases, you won't need a powerful CPU; in fact, many commercial NAS solutions use low-powered ARM CPUs. A motherboard that supports multiple SATA disks is a must. If your motherboard doesn't have enough ports, use a host bus adapter (HBA) SAS controller to add extras.
|
||||
|
||||
Network performance is critical for a NAS, so select a gigabit network interface (or better).
|
||||
|
||||
Memory requirements will differ based on your filesystem. ZFS is one of the most popular filesystems for NAS, and you'll need more memory to use features such as caching or deduplication. Error-correcting code (ECC) memory is your best bet to protect data from corruption (but make sure your motherboard supports it before you buy). Last, but not least, don't forget an uninterruptible power supply (UPS), because losing power can cause data corruption.
|
||||
|
||||
#### Firewall and router
|
||||
|
||||
Have you ever realized that a cheap router/firewall is usually the main thing protecting your home network from the exterior world? These routers rarely receive timely security updates, if they receive any at all. Scared now? Well, [you should be][2]!
|
||||
|
||||
You usually don't need a powerful CPU or a great deal of memory to build your own router/firewall, unless you are handling a huge throughput or want to do CPU-intensive tasks, like a VPN server or traffic filtering. In such cases, you'll need a multicore CPU with AES-NI support.
|
||||
|
||||
You may want to get at least two 1-gigabit or better Ethernet network interface cards (NICs), also, not needed, but recommended, a managed switch to connect your DIY-router to create VLANs to further isolate and secure your network.
|
||||
|
||||
![Home computer lab PfSense][4]
|
||||
|
||||
### Software
|
||||
|
||||
After you've selected your virtualization server, NAS, and firewall/router, the next step is exploring the different operating systems and software to maximize their benefits. While you could use a regular Linux distribution like CentOS, Debian, or Ubuntu, they usually take more time to configure and administer than the following options.
|
||||
|
||||
#### Virtualization software
|
||||
|
||||
**[KVM][5]** (Kernel-based Virtual Machine) lets you turn Linux into a hypervisor so you can run multiple virtual machines in the same box. The best thing is that KVM is part of Linux, and it is the go-to option for many enterprises and home users. If you are comfortable, you can install **[libvirt][6]** and **[virt-manager][7]** to manage your virtualization platform.
|
||||
|
||||
**[Proxmox VE][8]** is a robust, enterprise-grade solution and a full open source virtualization and container platform. It is based on Debian and uses KVM as its hypervisor and LXC for containers. Proxmox offers a powerful web interface, an API, and can scale out to many clustered nodes, which is helpful because you'll never know when you'll run out of capacity in your lab.
|
||||
|
||||
**[oVirt][9] (RHV)** is another enterprise-grade solution that uses KVM as the hypervisor. Just because it's enterprise doesn't mean you can't use it at home. oVirt offers a powerful web interface and an API and can handle hundreds of nodes (if you are running that many servers, I don't want to be your neighbor!). The potential problem with oVirt for a home lab is that it requires a minimum set of nodes: You'll need one external storage, such as a NAS, and at least two additional virtualization nodes (you can run it just on one, but you'll run into problems in maintenance of your environment).
|
||||
|
||||
#### NAS software
|
||||
|
||||
**[FreeNAS][10]** is the most popular open source NAS distribution, and it's based on the rock-solid FreeBSD operating system. One of its most robust features is its use of the ZFS filesystem, which provides data-integrity checking, snapshots, replication, and multiple levels of redundancy (mirroring, striped mirrors, and striping). On top of that, everything is managed from the powerful and easy-to-use web interface. Before installing FreeNAS, check its hardware support, as it is not as wide as Linux-based distributions.
|
||||
|
||||
Another popular alternative is the Linux-based **[OpenMediaVault][11]**. One of its main features is its modularity, with plugins that extend and add features. Among its included features are a web-based administration interface; protocols like CIFS, SFTP, NFS, iSCSI; and volume management, including software RAID, quotas, access control lists (ACLs), and share management. Because it is Linux-based, it has extensive hardware support.
|
||||
|
||||
#### Firewall/router software
|
||||
|
||||
**[pfSense][12]** is an open source, enterprise-grade FreeBSD-based router and firewall distribution. It can be installed directly on a server or even inside a virtual machine (to manage your virtual or physical networks and save space). It has many features and can be expanded using packages. It is managed entirely using the web interface, although it also has command-line access. It has all the features you would expect from a router and firewall, like DHCP and DNS, as well as more advanced features, such as intrusion detection (IDS) and intrusion prevention (IPS) systems. You can create multiple networks listening on different interfaces or using VLANs, and you can create a secure VPN server with a few clicks. pfSense uses pf, a stateful packet filter that was developed for the OpenBSD operating system using a syntax similar to IPFilter. Many companies and organizations use pfSense.
|
||||
|
||||
* * *
|
||||
|
||||
With all this information in mind, it's time for you to get your hands dirty and start building your lab. In a future article, I will get into the third category of running a home lab: using automation to deploy and maintain it.
|
||||
|
||||
--------------------------------------------------------------------------------
|
||||
|
||||
via: https://opensource.com/article/19/3/home-lab
|
||||
|
||||
作者:[Michael Zamot (Red Hat)][a]
|
||||
选题:[lujun9972][b]
|
||||
译者:[译者ID](https://github.com/译者ID)
|
||||
校对:[校对者ID](https://github.com/校对者ID)
|
||||
|
||||
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出
|
||||
|
||||
[a]: https://opensource.com/users/mzamot
|
||||
[b]: https://github.com/lujun9972
|
||||
[1]: https://opensource.com/sites/default/files/styles/image-full-size/public/lead-images/computer_keyboard_laptop_development_code_woman.png?itok=vbYz6jjb
|
||||
[2]: https://opensource.com/article/18/5/how-insecure-your-router
|
||||
[3]: /file/427426
|
||||
[4]: https://opensource.com/sites/default/files/uploads/pfsense2.png (Home computer lab PfSense)
|
||||
[5]: https://www.linux-kvm.org/page/Main_Page
|
||||
[6]: https://libvirt.org/
|
||||
[7]: https://virt-manager.org/
|
||||
[8]: https://www.proxmox.com/en/proxmox-ve
|
||||
[9]: https://ovirt.org/
|
||||
[10]: https://freenas.org/
|
||||
[11]: https://www.openmediavault.org/
|
||||
[12]: https://www.pfsense.org/
|
||||
@ -0,0 +1,111 @@
|
||||
[#]: collector: (lujun9972)
|
||||
[#]: translator: (wyxplus)
|
||||
[#]: reviewer: ( )
|
||||
[#]: publisher: ( )
|
||||
[#]: url: ( )
|
||||
[#]: subject: (How to set up a homelab from hardware to firewall)
|
||||
[#]: via: (https://opensource.com/article/19/3/home-lab)
|
||||
[#]: author: (Michael Zamot https://opensource.com/users/mzamot)
|
||||
|
||||
如何从硬件到防火墙建立一个家庭实验室
|
||||
======
|
||||
|
||||
查看用于构建自己的家庭实验室的硬件和软件方案。
|
||||
|
||||
![][1]
|
||||
|
||||
你有想过创建一个家庭实验室吗?或许你想尝试不同的技术,构建开发环境、亦或是建立自己的私有云。对于拥有一个家庭实验室有很多理由,本教程旨在使入门变得更容易。
|
||||
|
||||
规划家庭实验室时,需要考虑三方面:硬件、软件和维护。我们将在这里查看前两方面,并在以后的文章中讲述如何节省维护计算机实验室的时间。
|
||||
|
||||
### 硬件
|
||||
|
||||
|
||||
在考虑硬件需求时,首先要考虑如何使用实验室以及你的预算,噪声,空间和电源使用情况。
|
||||
|
||||
|
||||
如果购买新硬件过于昂贵,请搜索当地的大学,广告以及诸如 eBay 或 Craigslist 之类的网站,能获取二手服务器的地方。它们通常很便宜,并且服务器级的硬件可以使用很多年。你将需要三类硬件:虚拟化服务器,存储设备和路由器/防火墙。
|
||||
|
||||
#### 虚拟化服务器
|
||||
|
||||
一个虚拟化服务器允许你去运行多个共享物理机资源的虚拟机,同时最大化利用和隔离资源。如果你打算销毁一台虚拟机,无需重建整个服务器,因为其仅是一个虚拟机。如果你想进行测试或尝试某些操作而不损坏整个系统,仅需要新建一个虚拟机来运行即可。
|
||||
|
||||
在虚拟服务器中,需考虑两个最重要的因素是 CPU 的核心数及其运行速度以及内存容量。如果没有足够的资源够全部虚拟机共享,那么它们将被重复分配并试着获取其他虚拟机的 CPU 的周期和内存。
|
||||
|
||||
因此,考虑一个多核 CPU 的平台。你要确保 CPU 支持虚拟化指令(因特尔的 VT-x 指令集和 AMD 的 AMD-V 指令集)。能够处理虚拟化优质消费级处理器有因特尔的 i5 或 i7 和 AMD 的 Ryzen 处理器。如果你考虑服务器级的硬件,那么因特尔的志强系列和 AMD 的 EPYC 都是不错的选择。内存可能很昂贵,尤其是最近的 DDR4 内存。当我们估计所需多少内存时,请为主机操作系统的内存至少分配 2 GB 的空间。
|
||||
|
||||
如果你担心电费或噪声,则诸如因特尔 NUC 设备之类的解决方案虽然外形小巧,功耗低,噪音低,但是却以牺牲可扩展性为代价。
|
||||
|
||||
#### <ruby>网络附加存储<rt>Network-attached storage</rt></ruby>(NAS)
|
||||
|
||||
如果希望装有硬盘驱动器的计算机存储你的所有个人数据,电影,图片等,并为虚拟化服务器提供存储,则需要网络附加存储(NAS)。
|
||||
|
||||
在大多数情况下,你不太可能需要一颗强力的 CPU。实际上,许多商业 NAS 的解决方案使用低功耗的 ARM CPU。主板能支持多个 SATA 硬盘。如果你的主板没有足够的端口,请使用<ruby>主机总线适配器<rt>host bus adapter</rt><ruby>(HBA)SAS 控制器添加其他功能。
|
||||
|
||||
网络性能对于 NAS 来说是至关重要的,因此最好选择<ruby>千兆<rt>gigabit</rt></ruby>网络(或更快网络)。
|
||||
|
||||
内存需求将根据你的文件系统而有所不同。ZFS 是 NAS 上最受欢迎的文件系统之一,你将需要更多内存才能使用诸如缓存或重复数据删除之类的功能。<ruby>纠错码<rt>Error-correcting code</rt></ruby>(ECC)的内存是防止数据损坏的最佳选择(但在购买前请确保你的主板支持)。最后但同样重要的,不要忘记使用<ruby>不间断电源<rt>uninterruptible power supply</rt></ruby>(UPS),因为断电可能会使得数据出错。
|
||||
|
||||
|
||||
#### 防火墙和路由器
|
||||
|
||||
你是否曾意识到,廉价的路由器/防火墙通常是保护你的家庭网络不受外部环境影响的主要部分?这些路由器很少及时收到安全更新(如果有的话)。现在害怕了吗?好吧,[确实][2]!
|
||||
|
||||
通常,你不需要一颗强大的 CPU 或是大内存来构建你自己的路由器/防火墙,除非你需要高吞吐率或是执行 CPU 密集型任务,像是 VPN 服务器或是流量过滤。在这种情况下,你将需要一个支持 AES-NI 的多核 CPU。
|
||||
|
||||
你可能想要至少 2 个千兆或更快的<ruby>以太网卡<rt>Ethernet network interface cards</rt></ruby>(NIC),这不是必需的,但我推荐使用一个管理型交换机来连接你自己的装配的路由器,以创建 VLAN 来进一步隔离和保护你的网络。
|
||||
|
||||
![Home computer lab PfSense][4]
|
||||
|
||||
### 软件
|
||||
|
||||
在选择完你的虚拟化服务器、NAS 和防火墙/路由器后,下一步是探索不同的操作系统和软件,以最大程度地发挥其作用。尽管你可以使用 CentOS、Debian或 Ubuntu 之类的常规 Linux 发行版,但是与以下软件相比,它们通常花费更多的时间进行配置和管理。
|
||||
|
||||
#### 虚拟化软件
|
||||
|
||||
**[KVM][5]**(<ruby>基于内核的虚拟机<rt>Kernel-based Virtual Machine</rt></ruby>)使你可以将 Linux 变成虚拟机监控程序,以便可以在同一台机器中运行多个虚拟机。最好的是,KVM 作为 Linux 的一部分,它是许多企业和家庭用户的首选。如果你愿意,可以安装 **[libvirt][6]** 和 **[virt-manager][7]** 来管理你的虚拟化平台。
|
||||
|
||||
|
||||
**[Proxmox VE][8]** 是一个强大的企业级解决方案,并且是一个完整的开源虚拟化和容器平台。它基于 Debian,使用 KVM 作为其虚拟机管理程序,并使用 LXC 作为容器。Proxmox 提供了强大的网页界面,API,并且可以扩展到许多群集节点,这很有用,因为你永远不知道何时实验室容量不足。
|
||||
|
||||
**[oVirt][9](RHV)** 是另一种使用 KVM 作为虚拟机管理程序的企业级解决方案。不要仅仅因为它是企业,并不意味着你不能在家中使用它。oVirt 提供了强大的网页界面和 API,并且可以处理数百个节点(如果你正在运行那么多服务器,我不想成为你的邻居!)。oVirt 用于家庭实验室的潜在问题是它至少需要一些的节点集:你将需要一个外部存储(例如 NAS)和至少两个其他虚拟化节点(你可以仅在一个上运行它,但是你可能会在维护环境时遇到问题)。
|
||||
|
||||
#### 网络附加存储软件
|
||||
|
||||
**[FreeNAS][10]** 是最受欢迎的开源 NAS 发行版,它基于稳定的 FreeBSD 操作系统。它最强大的功能之一是支持 ZFS 文件系统,该文件系统提供了数据完整性检查、快照、复制和多个级别的冗余(镜像,条带化镜像和条带化)。最重要的是,所有功能都通过功能强大且易于使用的网页界面进行管理。在安装 FreeNAS 之前,请检查硬件是否支持,因为它不如基于 Linux 的发行版那么广泛。
|
||||
|
||||
另一个流行的替代方法是基于 Linux 的 **[OpenMediaVault][11]**。它的主要功能之一是模块化,带有可扩展和添加特性的插件。它包括的功能包括基于网页管理界面和协议,例如 CIFS,SFTP,NFS,iSCSI。以及卷管理,包括软件 RAID,资源分配,<ruby>访问控制列表<rt>access control lists</rt></ruby>(ACL)和共享管理。由于它是基于 Linux 的,因此其具有广泛的硬件支持。
|
||||
|
||||
#### 防火墙/路由器软件
|
||||
|
||||
**[pfSense][12]** 是基于 FreeBSD 的开源企业级路由器和防火墙发行版。它可以直接安装在服务器上,甚至可以安装在虚拟机中(以管理虚拟或物理网络并节省空间)。它有许多功能,可以使用软件包进行扩展。尽管它也有命令行访问权限,但也可以完全使用网页界面对其进行管理。它具有你所希望路由器和防火墙提供的所有功能,例如 DHCP 和 DNS,以及更高级的功能,例如入侵检测(IDS)和入侵防御(IPS)系统。你可以侦听多个不同接口或使用 VLAN 的网络,并且只需鼠标点击几下即可创建安全的 VPN 服务器。pfSense 使用 pf,这是一种有状态的数据包筛选器,它是使用类似于 IPFilter 的语法为 OpenBSD 操作系统开发的。许多公司和组织都有使用 pfSense。
|
||||
|
||||
* * *
|
||||
|
||||
考虑到所有的信息,是时候动手开始建立你的实验室了。在之后的文章中,我将介绍运行家庭实验室的第三方面:自动化进行部署和维护。
|
||||
|
||||
--------------------------------------------------------------------------------
|
||||
|
||||
via: https://opensource.com/article/19/3/home-lab
|
||||
|
||||
作者:[Michael Zamot (Red Hat)][a]
|
||||
选题:[lujun9972][b]
|
||||
译者:[wyxplus](https://github.com/wyxplus)
|
||||
校对:[校对者ID](https://github.com/校对者ID)
|
||||
|
||||
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出
|
||||
|
||||
[a]: https://opensource.com/users/mzamot
|
||||
[b]: https://github.com/lujun9972
|
||||
[1]: https://opensource.com/sites/default/files/styles/image-full-size/public/lead-images/computer_keyboard_laptop_development_code_woman.png?itok=vbYz6jjb
|
||||
[2]: https://opensource.com/article/18/5/how-insecure-your-router
|
||||
[3]: /file/427426
|
||||
[4]: https://opensource.com/sites/default/files/uploads/pfsense2.png (Home computer lab PfSense)
|
||||
[5]: https://www.linux-kvm.org/page/Main_Page
|
||||
[6]: https://libvirt.org/
|
||||
[7]: https://virt-manager.org/
|
||||
[8]: https://www.proxmox.com/en/proxmox-ve
|
||||
[9]: https://ovirt.org/
|
||||
[10]: https://freenas.org/
|
||||
[11]: https://www.openmediavault.org/
|
||||
[12]: https://www.pfsense.org/
|
||||
Loading…
Reference in New Issue
Block a user