Return to SoftwareBySid.org

My Hybrid Cloud Lab

04:28:38 AM
Thursday, April 17, 2025

Welcome to My Home Lab!

Explore our integrated on-prem and cloud services, including:

Apache2 web server Apache Web Server
MySQL Database MySQL Databases
Hypervisors & Virtual Machines AWS Virtual Machines
VPN Server IKEv2 VPN Tunnel
File Server Icon Network File Server
<

Index

×

Warning: Unauthorized access detected! 🔓
Just kidding—you’re totally welcome here. This hybrid lab is where I design break, fix, and innovate every day.

Firefox Firefox
File Explorer Prom 2018
Mail Mail
Recycle Bin Recycle Bin
Hardware Hunter Hardware Hunter
Settings Settings
Files: Prom 2018 ×
Filename Size Date Added
182349324.jpg 1.9 MB Mar 22, 2025
182934829.jpg 3.1 MB Mar 22, 2025
Amelia_forever.txt 15 KB Mar 22, 2025
Daniel_Cloud_Engineering.pdf 320 KB Mar 22, 2025
Coud_Computing.txt 3.1 MB Mar 22, 2025
182933728.jpg 3.1 MB Mar 22, 2025
182982939.jpg 3.1 MB Mar 22, 2025
182982984.jpg 3.1 MB Mar 22, 2025
189283961.jpg 3.1 MB Mar 22, 2025
Genevieve_taylor.txt 3.1 MB Mar 22, 2025
Files: Recycle Bin ×

This folder is empty.

Home Lab Highlights

Routers

A quick overview of router hardware and config.

Virtual Machines

Explore AWS EC2 instances and their role in my hybrid cloud infrastructure.

On-Premise Servers

Detailed look at the physical servers running my home lab's core services.

Network Architecture

This webpage covers the overall design and purpose of my hybrid lab—managing administration, hosting web solutions, AI services, API apps, and more. It also supports ongoing learning, certification training, and hands-on experience in system administration & network engineering. My lab integrates a site-to-site VPN between my on-premise servers and AWS EC2 instances, ensuring secure communication and seamless connectivity between cloud and local environments. By combining cloud and on-premise resources, this setup enables flexible infrastructure management, allowing for seamless workload distribution and network optimization. This hybrid setup allows for advanced network simulations, penetration testing, and cloud resource management—all tailored for real-world enterprise environments.

Click a card above to learn more about my implementations.

Network Router

Private LAN & WAN Setup

Hybrid network architecture blending on-prem hardware with AWS cloud integration

Network Evolution

Verizon CR1000a Legacy: Verizon CR1000a

Basic NAT, Limited VLAN Support

Cisco 1111-4p Current: Cisco 1111-4p

Enterprise-grade routing & switching, VPN termination

Upgrade Benefits: Advanced QoS, BGP routing support, and 1Gbps throughput for lab experiments

Layer 2 Network Segmentation

Network Segmentation
Servers Dell PowerEdge R740 - Vlan 10
Workstations 2x Mobile Laptops + Desktop - Vlan 20
IoT IP Cameras + Smart Devices - Vlan 30

AWS WAN Integration

Established site-to-site VPN between Cisco router and AWS VPC using:

  • 🔸 AWS Virtual Private Gateway
  • 🔸 BGP dynamic routing
  • 🔸 AES-256 encryption

Direct Connect Advantages

300ms → 50ms
Latency Reduction
1.2Gbps
Sustained Throughput

Core Configuration

VLANs

Network Segmentation

  • VLAN 10: Servers
  • VLAN 20: Workstations
  • VLAN 30: IoT
DHCP

IP Management

  • /24 Subnets per VLAN
  • DHCP Reservations
  • VPN Pool: 172.16.50.0/24
AWS

Cloud Services

  • EC2 t3.medium Instances
  • S3 Glacier Backups
  • CloudWatch Monitoring
Apache Logo

Apache Web Server

Hosting services with security, redundancy, and performance.

Overview

My Apache web server runs on a secured Linux VM, hosting multiple projects including:

  • Industry Exams Plus - A practice test platform for industry certifications.
  • Tavernix.io - A dynamic web app for community engagement.
  • SoftwarebySid.org - My Professional Web-based Portfolio displaying projects, awards, & certifications
  • Additional Hosting - Reverse proxies, databases, and cloud integrations.

Hosted Services

Future Project
SoftwarebySid.org
Tavernix.io
Tavernix.io
Industry Exams Plus
Industry Exams Plus
RSVP page for bilingualslpny.com
Rsvp.Bilingualslpny.com
VirtualOffice
VirtualOffice.Softwarebysid.org

Configuration & Security

My Apache setup includes SSL encryption, reverse proxying, and security hardening for high availability and scalability.

MySQL Logo

MySQL Database

Powering user input storage, data analytics, and dynamic web applications.

Overview

The MySQL database in my hybrid lab is responsible for storing and managing user input across multiple platforms, including:

  • Industry Exams Plus - Handles user test results, progress tracking, and performance analytics.
  • SoftwareBySid.org - Stores user authentication, form submissions, and personalized content.
  • Data Analytics - Supports real-time data processing for system logs and performance monitoring.

Purpose & Integration

MySQL plays a critical role in ensuring data persistence and reliability. It works seamlessly with PHP-based applications, allowing dynamic interactions between the Apache2 web server and stored information. Some key integrations include:

  • 🔹 Secure user authentication & session management.
  • 🔹 Database-driven web applications using PHP & MySQL queries.
  • 🔹 Integration with Apache2 to deliver fast, real-time web responses.
  • 🔹 Automated data backups and recovery mechanisms.

Configuration & Security

My MySQL setup is optimized for security, reliability, and high availability with:

File Server Logo

Network File Server

Centralized storage with secure access, scalability, and remote connectivity.

Overview

The Network File Server operates on a Windows Server 2025 virtual machine, providing seamless file access across both AWS cloud instances and on-premise systems. Network devices can easily view, modify, and store files using shared drives that ensure organization and security. Remote users and VPN-connected devices have secure access, making data retrieval and collaboration effortless.

Implementation

AWS Cloud Storage Cloud Storage
On-Prem Storage On-Prem Network
Shared Drives Shared Drive Access

Configuration & Security

The file server is optimized for performance, security, and accessibility, ensuring smooth file transfers across cloud and local systems.

Remote Access & VPN

IKEv2

Secure, fast, and efficient VPN tunneling for remote access.

OpenVPN

Reliable encryption for private and enterprise network access.

Remote Desktop Services

Access your home lab securely from any location.

Remote Access

In my hybrid lab, secure connectivity is paramount. After deploying both primary IKEv2 and secondary OpenVPN tunnels, I’m able to manage on-premise servers and AWS virtual machines from anywhere. Each device uses two‐factor authentication (unique certificates + user credentials), ensuring robust data encryption and seamless remote administration. Whether I'm controlling a Windows VM via RDP or SSHing into a Linux server, the VPN layer protects all traffic from prying eyes. Site‐to‐site encryption extends across my entire network, bridging on‐prem and cloud resources for a unified environment. Even the VMware hypervisor’s web UI and AWS management consoles remain safely accessible over these VPN connections.

IKEv2 Icon

IKEv2

IKEv2 integrates natively with Windows and macOS, requiring no extra client software. I rely on my internal Certificate Authority to generate certs for each device, plus a username/password for multi‐factor authentication. This approach leverages IPsec on ports 500/4500, providing fast reconnects and stable performance across varied networks.

  • Public Key Infrastructure (PKI) for certificate-based authentication
  • Strong AES‐256 encryption & NAT traversal support
  • Works seamlessly with built‐in OS VPN settings
OpenVPN Icon

OpenVPN

As a secondary fallback, OpenVPN offers an external client solution for devices that don’t support IPsec or face firewall restrictions. It also uses certificate + password authentication, ensuring two‐factor security across diverse networks. By hosting OpenVPN servers on both on‐prem and AWS Linux VMs, I guarantee full redundancy if IKEv2 is ever unavailable.

  • Client config files with embedded certificates & keys
  • UDP/TCP modes for easier firewall compatibility
  • Excellent cross‐platform support (Windows, macOS, Linux, mobile)
RDP Icon

Remote Desktop & SSH

Once connected via VPN, I can RDP into Windows Server 2025 or Windows 11 VMs from any location. For Linux systems, secure SSH provides streamlined administration. This setup extends to my VMware ESXi web interface, enabling me to manage hypervisors, snapshots, and new virtual machines.

  • RDP client for graphical Windows sessions
  • SSH for robust command‐line Linux control
  • Full hypervisor management from remote networks

VPN Workflow

VPN Workflow

This visual highlights how a user with the correct certificate + credentials forms a secure tunnel, then accesses on‐prem servers and AWS VMs, all while data remains encrypted and protected.

AWS Cloud

AWS Cloud Services

Enterprise-grade cloud infrastructure with high availability and seamless hybrid integration

EC2

EC2 Instances

t3.medium
2vCPU | 4GB RAM
m5.large
2vCPU | 8GB RAM
  • 🔸 Ubuntu & Windows Server 2025
  • 🔸 Auto-scaling groups
  • 🔸 Spot Instance optimization
S3

Storage Solutions

5TB+
S3 Standard
1.2TB
Glacier Archive
  • 🔸 Versioning enabled
  • 🔸 Cross-region replication
  • 🔸 Lifecycle policies

Cloud Architecture

AWS Architecture
VPC VPC Peering with On-Prem
VPN Site-to-Site VPN
Monitoring CloudWatch Metrics

Security & Compliance

  • 🔹 IAM role-based access control
  • 🔹 Security Groups with least privilege
  • 🔹 AWS Config rules enforcement
  • 🔹 Encrypted EBS volumes (AES-256)

Monitoring & Optimization

99.95%
Uptime
$0.14/hr
Avg Cost
82%
Utilization
  • 🔹 CloudWatch dashboards
  • 🔹 Lambda-based automation
  • 🔹 Cost Explorer reports

Cloud Skill Development

Certification

Certification Prep

Hands-on practice for AWS Solutions Architect

DR

Disaster Recovery

Multi-AZ deployment strategies

Automation

Infra as Code

CloudFormation templates

Encryption

PKI & Encryption Infrastructure

Ensuring confidentiality, integrity, and availability through robust cryptographic controls

Certificate Authority
1

OpenSSL Root CA

2

Intermediate CAs

3

Device Certificates

Certificate Authority

  • 🔐 4096-bit RSA root certificates
  • 📋 CRL published every 24 hours
  • 🔄 OCSP stapling for validation
AES Encryption

AES-256 Implementation

256-bit
Key Strength
GCM
Mode

AAA Framework

Authentication
Authentication
  • ✅ Certificates + OTP
  • ✅ Windows/macOS compat
Authorization
Authorization
  • ✅ RBAC policies
  • ✅ Least privilege
Accounting
Accounting
  • ✅ SIEM integration
  • ✅ Audit trails

Cross-Platform Compatibility

Windows macOS Linux

Unified certificate templates for all operating systems

Security Controls

2FA

All administrative access

90d

Certificate rotation

24/7

HSM monitoring

Monitoring

Security Monitoring & Logging

Enterprise-grade observability across hybrid infrastructure with real-time threat detection

Centralized Logging

Centralized Logging

Our Graylog cluster aggregates logs from on-prem servers, AWS CloudTrail, and system logs, ingesting around 15GB/day with 90-day retention. Advanced queries and analytics are performed in real-time, ensuring anomalies or suspicious patterns are quickly identified. AWS CloudWatch further monitors key performance metrics across VMs and triggers alerts when thresholds are exceeded.

  • Real-time dashboards & automated alerting
  • Data archiving & rotation to maintain 90-day retention
  • SNMP integration for additional network insights
Threat Prevention

Threat Prevention & Network ACLs

We utilize Suricata (a free open-source inline IPS) alongside custom Snort rules to automatically block malicious traffic. Our ACLs explicitly allow legitimate services (HTTPS, MySQL, SMB) while blocking known threats (SSH bruteforce, port scanning). Suricata logs feed into Graylog, enabling real-time correlation of suspicious events.

  • Suricata inline IPS for advanced threat detection
  • Granular firewall rules & VPN protocol filtering
  • Automated host blocking on repeated intrusion attempts
SIEM & Alerting

SIEM & Alerting

Our SIEM aggregates logs from Suricata, Graylog, and OS event logs. Critical alerts are relayed via AWS SNS for phone/email notifications, ensuring we stay informed on security incidents and system health. Additionally, syslog and SNMP implementations collect device statuses, feeding them into the SIEM for a comprehensive view.

  • Centralized correlation of security & system logs
  • AWS SNS for real-time phone/email alerts
  • Integration with CloudWatch Alarms for proactive monitoring
Security Dashboard

Holistic Security Dashboard

We unify Suricata, Graylog, SIEM data, and AWS CloudWatch metrics into a single web-based dashboard, offering real-time insights into system performance and threat intelligence. This centralized console helps identify vulnerabilities or anomalies across our hybrid environment at a glance.

  • Live threat maps & event correlation
  • System health & resource usage trends
  • Proactive alerts on key metrics & anomalies
Return to Top ↑
Designed by Sidiq Daniel
Return to SoftwareBySid.org