In my previous post, What’s In My Lab Now, 2024 Edition, I detailed my lab’s Active Directory setup which relies on Windows Server 2022 VMs. While that setup has served me perfectly well to date, recent advancements in Samba’s support for Active Directory features, combined with a desire to reduce my need for software licenses in the future, presented an opportunity to experiment with cross-platform AD domains.
Almost four years ago (agh!) I published What’s In My Lab, an overview of the systems and software I use at home for my own personal infrastructure. You might think that at a certain point you achieve some kind of serenity, and the desire to modify or expand is sated. Hah! Guess again.
Running a Kubernetes cluster on a few Raspberry Pi 4s has been a rewarding but challenging experience. The biggest limitation was storage - each Pi was booting from an SD card, which, while convenient, proved to be a massive bottleneck. SD cards are not only slow, but also wear out quickly under constant read/write operations. Over time, I experienced several cases of data corruption which brought that cluster to its knees.
When I kicked off the latest iteration of my homelab project about 10 years ago, everything was harder. Shared storage was a luxury that meant diving into expensive SAN solutions which were neither feasible nor affordable for anyone not running a data center. Containers were still in buzzword territory, and their real-world application was confined either to early versions of Docker (pre-OCI, mind you!), or to cutting-edge cloud-native projects like Google’s Borg.
The low risk and low-to-no budget of a home lab environment often results in security taking a back seat. Services are sometimes left open and unguarded in the name of “Just Make It Work”. Home labs aside, the complexity of running even a halfway-decent security infrastructure makes doing so a non-starter even in many small business environments.
As a result, the largest and most easily exploitable gap you’re bound to find in many home labs and small networks is unencrypted traffic. This of course allows for a variety of attack methods against locally-hosted services.