My homelab has servered (and still does) as equal parts hobby and hands on education. As I was learning more about Linux, Windows Server, and virtualization in general I wanted something more robust than just running a virtual machine in Oracle VM or VMWare. At the same time I was also wanting to do more hands-on work with router/switch configuration and network configuration. Somehwere along the way I came across Craft Computing on Youtube and it kicked off a new chapter for me.
I run two seperate servers, a 2U Dell R710 and a 1U HyperZeus, that were purchased off eBay and now work as Type 1 hypervisors running ProxMox. Thanks to the storage capacity, memory capacity, and processing power I'm able to use these for projects that wouldn't otherwise be possible with a Type 2 hypervisor. Additionally I got rid of a standard SOHO modem/router to give me more granular control over my network.
ProxMox has been invaluable in terms of learning about virtualization, networking, and system administration. Because it's bare metal, and the underlying hardware is considerable, I'm not restricted to running just one virtual machine at a time. At any given time there will be at least a handful of virtual machines up and running. Some are on a permanent basis providing services from back-up to media servers to Kali. Others are created long enough to experiment with, like a new Linux distro, or Active Directory practice. ProxMox also makes it very easy to monitor the health of the servers and even easier to create snapshots of any of the running machines.
From a cybersercurity perspective, smart devicies are a challenge to harden and can provide an entry point into your network. It is often a best practice to create a seperate network segment, like a VLAN, to provide these devices internet access while keeping them apart from the rest of your network.
My homelab uses a 48-port switch which is far more ports than I ever hope to need (the ebay price was too good to pass up) so it was no issue finding a port that would serve as the Internet-of-Things VLAN.
The first step was logging into the switch to assign the port.
After this I needed to connect a WAP to that port and configure it with an SSID seperate from my main wireless netowrk. My apartment is small enough that one access point should be able to provide connectivity to all my smart devices, but in the future this could be expanded easily enough. Now because most WAPs assume you're going for a mesh set-up they would end up being overkill for my current space. Instead I opted for a cheap SOHO wireless router, disabled WPS on it, and it was good to go.
All that was left was the tedious work of switching all the necessary devices over to this new network. This included an Amazon Alexa, a robot vaccum, my Roku, my Kindle, and a Nintendo Switch. Was this whole process necessary? Probably not, but it IS a best practice and was good hands-on experience. Plus I have all this networking hardware, might as well put it to use.
While my proxmox server runs multiple headless virtual machines, it's rarely the case that I want to utilize the desktop of those machine via the ProxMox GUI. It's certainly possible, but it's a less than ideal user experience so once I've done the inital set-up of a given machine I'll enable it for SSH and/or RDP and then use a really cool program called Guacamole for the actual remote access.
Guacmole initally needs to be installed on a server, I am running it on an Ubuntue MATE virtual machine, but the actual Guacamole client is just a web application meaning that as long as I have a web browser, I can access any remote desktop connections I have set-up. Guacamole does support SSH connections as well as RDP, but I typically only use the latter. Currently the Guacamole server is only available on my LAN, but with something like OpenVPN it would possible to open that connection to literally any web browser. I don't have any immediate plans to do this, but it is something I intend to at least experiment with down the road.