I’m a self-funded student reading for MSc in Cybersecurity and trying to expand on my home lab for cybersecurity and machine learning. The primary use of the lab is to simulate cyberattacks and carry out machine learning tasks to algorithmics.
This lab is built using monthly savings, and hence you’d see some decision mistakes, such as taking a 2 bay NAS as opposed to a 4 bay or more. I am not sure if buying an expandable NAS to add a 5 bay add-on was a good decision or not - but I am open to honest feedback to help me make a better decision in the future.
For all the answers, please keep in mind I am from India and getting suitable second-hand hardware or even stuff from eBay is usually a scam.
Here is what I have: Dell Precision 3440 SFF:
Intel Xeon 1290
128 GB DDR non-ECC RAM
2 x 1 TB SSD (1 - 2.5’ and 1 M.2)
1 x 2TB 2.5’ SSD.
2 x 1 Gbps LAN ports (currently in load balancer mode)
OS: VMWare ESXi 7.0 Update 1c
7 GPU: None
Synology 718+ 2 Bay NAS
6 TB (2x6 TB - 7,200 RPM)
RAID - 1
2 x 1 Gbps LAN ports (currently in bond mode)
6 Raspberry Pis (from Model 2B to 4B). All of these are using Wi-Fi to connect to the network)
I have 4 Noctua Fans to help with cooling as I do not have a cabinet/rack.
I am looking for advice to upgrade/change/use my home lab and need communities inputs for the following:
Networking:
I want to improve my networking, especially security capabilities. At the bare minimum, I need VLAN segregation and layer 3 routing capabilities. The Wi-Fi router I have does not even allow for DHCP forwarding, and I am stuck with its limited capabilities.
I have: Netgear R7000 router:
1 x WAN port
4 x 1 Gbps LAN ports - utilised by Synology (2) and Dell Precision (2)
Is it more prudent to get a UTM/Firewall such as Sophos XG 115 / 115w and an access layer switch?
Any other option?
Compute:
My wife is entering the world of data science and machine learning. We both share a single personal laptop & we have decided that we both need a laptop.
My opinion was to go ahead with a laptop for my wife without the graphic card but a sturdy Dell Latitude with i5 and a single storage device. I reckon it is better to invest in a graphic card to fit my current compute (Dell Precision SFF) and run her graphic-intensive workload on a VM. Is this a viable option, or should we look at a laptop with a discrete graphics card?
Storage:
I currently have a 2-bay NAS, with 3 years of warranty left (I took 5 years total).
Is it better to get an expansion (Synology: DX517 costing 450 GBP), or it is better to buy a new 4 bay (such as Synology 920+ costing 500 GBP) NAS, given that costing of Synology expansion is near to the cost of a new 4bay NAS.
My thought is to buy a 4 bay NAS since there will be a better performance with a new NAS (more IOPS and bandwidth) instead of an expansion.
Any other opinions are welcome as I’m looking to learn and improve. Thank you very much for your time.
There’s a lot to unpack there, may be better to answer one item at a time. But I’ll try to answer what I can for now.
Have you considered pfsense at all? It’s not a Linux solution, so it falls outside the scope of my channel (which is why I never cover it). My friend Tom Lawrence does a great job of that on his channel. If you have access to another desktop with two gigabit network ports, pfsense can be a great fit. Usually, it seems to work best with Intel network cards, unless that’s been improved. I would think that even really old second-hand desktops should be able to handle pfsense well, and it will give you the network capabilities that you mentioned. I generally don’t recommend Cisco anything to anyone, unless you are specifically wanting to learn Cisco for achieving a certification. Even then, the power requirements of some of the Cisco gear can drive up your energy bill depending on what electricity costs there.
Virtual machines are normally not a great fit for graphic intensive things, unless you are passing through a PCI GPU to a VM. I haven’t personally done that yet. You can use an external GPU with some laptops, but that technology is too new right now, and is not only expensive, but limited to very specific models that have the correct bus speed to support such workloads. Depending on what’s available there, it’s often the case that a laptop with a GPU can’t really compare to a desktop with a GPU. While newer laptops have blurred the lines between performance on laptops or desktops, it’s often the case that desktops outperform laptops for graphic-intensive workloads. I’ve seen some Latitude laptops with GPU’s that are barely better than internal graphics, so it really depends on what is available there.
For the Synology, it probably comes down to whether you want to manage both physical units via one GUI or two, but I haven’t set up a two-Synology system yet so I’m not completely sure on that one.
I think for data science/machine learning, you’re better off getting even a used desktop PC (you can test it out with a live distro) that has an Nvidia GPU; then you can get Nvidia’s (free) CUDA toolkit and use something like pycuda to learn with. There’s some videos about it on freeCodeCamp.org’s YouTube channel. Plus, with a Linux distro on it, she can even work from a Pi over SSH (even tunneling X for graphics applications). This will give you (her) lots better performance for much lower cost vs a laptop.
Synology has a nice app built into DSM for managing multiple NAS, though I think if it’s just going to be a file server, and you have a port that supports it, adding a DX517 will be sufficient. We have one on one of our DS1618+ units and it works really nice.
Regarding what Jay said about Cisco I would generally agree though I am out of networks and servers in a professional way these days. A few decades ago I did the CCNA training, though never took the exam due to cost and I didn’t need the accolade in my job. In those days Cisco were way behind the times with regards to routers and switches and were still talking about hubs, etc. Of all the kit we had there were only two items that we were involved with that were Cisco and they were routers and didn’t actually belong to us. Cisco uses different terminology to most other vendors, is expensive, and most of all I could buy 3-4 switches from others for one of theirs with the specification we required. (I was pretty good at negotiating on price.) For SoHo or Home Lab use I certainly would never consider it. (Even pre-owned Cisco switches were expensive.) However Cisco is one of the longest surviving network kit manufacturers with an enviable reputation but not for cost.
Thank you very much for your reply. It was a pleasant surprise to see your response. I recently joined your channel and started deploying honeypots on Linode. I’m happy to inform you that Linode even gave me a small sponsorship for my research. Thank you very much for all the knowledge you share and for putting up this community.
Firewall / Networking
I had not considered pfsense. But yesterday, I was point by a member on another forum towards a very detailed writeup for deploying it on my Dell Precision workstation, which runs ESXi and has two NICs. pfSense Configuration Recipes — Virtualizing pfSense with VMware vSphere / ESXi | pfSense Documentation. In my case, your preceding recommendations work well too. I will look at the YouTube channel you mentioned, and fortunately, I have two Intel NICs on the workstation.
I was swayed away by a YouTube channel to look at Cisco (especially the 1000 series). My job does not require Cisco specific certification. My personal thought was to invest in a Cisco switch running IOS as a long term investment since I could build on top of it. Plus, Cisco provides solid hardware & a lifetime warranty. Is there any other networking vendor you’d recommend? I am really unhappy with the Netgear router. While it’s primary job is not to support a homelab, it is causing a significant bottleneck and keep going offline every time a laptop in my house restart (or joins the Wi-FiWi-Fi network). The router’s firmware is the latest, and I’ve only done 30 odd MAC to IP bindings.
I’m also looking for a small switch for my Raspberry Pis since I reckon they will be causing a lot of network contention using Wi-FiWi-Fi and providing essential services like DNS and VPN. Plus, the Pi’s run code keeps reporting malicious IPs I’ve picked up from my honeypots. What I need is an 8 port switch with 4x100 Mbps ports and 4x1000 Mbps ports – I am stuck since the Wi-FiWi-Fi router (Netgear) has only 4 LAN ports. Hence I’m back to the contention
GPU and Machine learning
I saw VMWare Bitfusion - An Introduction to vSphere with Bitfusion - YouTube, which allows for GPU acceleration. I was hoping to use this. I still need to figure out which GPU is supported, and it’s the cost compared to other alternatives suggested by you and other community members.
I will look at the second hand desktop option but I’ve only found fraud in India. Even though I’m a computer science student the level of fraud is daunting at best. I will try and see if I can find a seller who is OK for me to visit and check the PC using a distro. I reckon finding someone in India selling a good GPU second hand will be a good catch.
I will try and relook at the expansion v/s new Synology depending on the cost. I got mine from UK and it was almost 25% cheaper to India. I am still tilted towards a new DSM given the performance benefits of getting SSD caching as opposed to DSX expansion which will run off the 718+ bandwidth and compute.
I will drop the idea of Cisco. Is there any other company you’d recommend to get a good access layer switch? 16 ports without PoE is OK for me?
Also, between getting an accesslayer switch and a Cisco RV having additional services such as routing and filtering - What is your recommendation there?
A lot of what you can get hold off depends on where you live. I am in the UK and have access to lots of different manufacturers. I used to use a lot of Netgear kit and they were one of the forerunners in level 3 switches. (Their support used to be very good though less so for home gear. They sometime market their new gear under two model numbers. The only difference appears to be the cost and the length of the warranty. One place where they did a lot even for commercial equipment was detailed documentation on how to do things.) I still use Netgear stuff but have also used others for my personal use. There is also the fact that you can use software to do a lot of things these days. It used to be the fact that hardware switching was faster than software though that is far less so these days. You have people installing OpenWRT into Linux for routing, especially in VMs and on the likes of PI. Another thing is do you need 10GB, 2.5GB or is Gigabit acceptable. Personally I am still using 1GB, but your needs may be different. I think you need to look at what you need, research the market and see what is available, and also see what you can do with software and whether that is acceptable. Trawl YouTube and elsewhere to see what others are doing as it may give you ideas.
Thank you very much for all the knowledge you share and for putting up this community.