My homelab, looking for extend suggestion and share experience!

**
current deployment (Physical part)**

Server:2x Dell R720

CPU: E5-2640s

RAM:92GB each

Storage: VSAN 12.89TB

Software version: 6.7u2

Planning extend:

1.one more r720 or SAN server (data security) because VSAN advanced configuration i.e. software raid group (save VMs’ files in separate Hosts) need at least 3 Hosts to provide properly (Officially recommend 4 Hosts)

\2. synology for personal cloud storage due to DSM web interface is very user friendly and features are very powerful. Even it’s expensive ..

3.UPS … I didn’t purchase it yet

\4. more powerful networking swith

planning deployment (system part)

  1. Windows DC controller, maybe i will choose windows server 2019 for trialing new features. Question below:

  1. what features do you guys used for DC controller ?in my basic knowledge DC’s main job is for authorization for clients and support for SSO working properly and ACL control and remote login and remote disk automated mount.
  2. what ‘s windows version do you use currently? do you prefer 2019?

  1. pfSense soft router,questions below

  1. i didn’t use this soft router before but i saw lots of guys in their homelab environment choosed this for soft router, do anyone want to share expensive of use it and what is the advantage and difference of others’ similar soft router?
  2. is this soft router provide more secure firewall service than csf+lfs linux soft firewall (current useing), if do so i am planning create pfsense and put it into DMZ zone and act as VMware deployment gateway for security performance.
  3. if do so, do anyone have idea about where to deploy this soft router ? in vm? or try to get a physical host.
  1. Guacamole clientless remote access (jumping server?)

i read the documentation of this software and after that i am worry about security because this software directly to access the remote resources as system layer (if login successfully fully control with system) do anyone have suggestion to perform the security ? 2-auth?

  1. Ansible

one open source software and can add redhat commercial web-based interface and advance configuration

use this due to i am planning to create load balancer for my main server (server1) for my websites and the back-end for load balancer need more than 2 sub-system to response request so it means configuration and data of these 2 sub-system must be 100% same.

  1. vmware horizon group

like a cloud based destop, read through related documentation it has a very good architecture includes based on windows DC authorization, extremely fast speed of clone and delivery a new system for end-user automatically, built-in load balancer and hot space, and separate the controller and connection system, and separate security front-end server for strong confidence to use it in public network environment.

if anyone have any idea of change or do any extend of current deployment i will very happy to do so.