Category Archives: Doing IT at Home

Doing IT at Home: Enterprise Networking

In my fifth installment in the continuing series on Doing IT at Home I would like to focus on enterprise networking.  Many ways in which we can bring business class IT into our homes can really be done for free but networking is sadly, not one of those areas but it does not have to be as costly as you may, at first, think and having a good, solid, enterprise-class home network can bring many features that other IT at Home projects do not.

Implementing an real, working business class network at home lays the foundation for a lot of potential learning, experimenting, testing and growth; and compared to other, small and less ambitious projects this one will likely shine very brightly on a curriculum vitae.

Now we have to start by defining what we mean by “enterprise networking.”  Clearly the needs and opportunity for networking at home are not the same as they are in a real business, especially not a large one – at least without resorting to a pure lab setup which is not our goal of bringing IT home.  Having a lab at home is excellent and I highly recommend it, but I would not recommend building to “true lab” in your home until you have truly taken advantage of the far better opportunity to treat your home as a production “living lab” environment.  Needing your “living lab” to be up and running, in use every day changes how you view it, how you treat it and what you will take away from the experience.  A pure lab can be very abstract and it is easy to treat it in such a way that much of the educational opportunity is lost.

There are many aspects of enterprise networking that make sense to apply to our homes.  Every home is different and I will only present some ideas and I would love to hear what others can come up with as interesting ways to take home networking to the next level.

Firewall or Unified Thread Management (UTM):  This is the obvious starting point for upgrading any home network.  Most homes use a free multi-purpose device that is provided by their ISP that lacks features and security.  The firewall is the most featureful networking device that you will use in a home or in a small business and is the most important for providing basic security.  Your firewall provides the foundation of your home or small business network so getting this in place first makes sense.

There are numerous firewall and UTM products on the market.  Even for home or SMB use you will be flush with options.  You can only practically use a single unit and you need one powerful enough to be able to handle the throughput of a consumer WAN connection which may be a challenge with some vendors as consumer Internet access is getting very fast and requires quite a bit of processing power, especially from a UTM solution.

Choosing a firewall will likely mostly come down to your career goals and and price.  If you hope to pursue a career or certification in Cisco, Juniper or Palo Alto, for example, you will want to get devices from those vendors that allow you to do training at home.  These will be very expensive options but if that career path is your chosen one, having that gear at home will be immensely valuable not only for your learning and testing but for interviewing as well.

If you don’t have specific security or networking career goals your options are more open. There are traditional small business firewall suppliers like Netgear ProSafe that are low cost and easy to manage.  UTM devices are starting to enter this market like Netgear ProSecure, but these are almost universally more costly.  There is the software-only approach where you provide your own hardware and build the firewall yourself.  This is very popular and has many good options for software including pfSense, SmoothWall, Untangle and VyOS.  These vary in features and complexity.  For most cases, however, I would recommend a Ubiquiti EdgeMax router which runs Brocade Vyatta firmware.  These are less costly than most UTMs and run enterprise routing and firewall firmware – outside of needing a specific vendor’s product for networking career goals, this is the best learning, security and feature value on the market and will allow learning nearly any firewall or router skills outside of those specific to proprietary vendors.

When starting down the path of enterprise networking at home, remember to consider if you should also begin acquiring rackmount gear rather than tabletop equipment.  Having a racks, possibly just a half or even a quarter rack or cabinet, at home can make doing home enterprise projects much easier and can make the setup much more attractive, in many cases and is, like many of these projects, just that much more impressive.  Consider this when buying gear because firewalls in this category, are the hardest to find in rackmount configurations, much to my chagrin.

Switch: It has become common in home networking to begin forgoing a physical switch in favor of pure wireless solutions and for many homes where networking is not core to function this may make perfect sense.  But for us, it likely does not.  Adding switching makes for more learning opportunities, a better showcase, far more flexibility, faster data transfers inside of the house, a great number of connections and better reliability.  For a normal home user with few devices, most of which are mobile ones, this would be a waste, but for an IT pro at home, a real switch is practically a necessity.

Switching come in three key varieties.  Unmanaged, or dumb switches, which is all that you would find in a home or most small businesses.  Basic connectivity but nothing more.  This might be all that you need if you do not intend to explore deeper learning opportunities in networking.

Smart switching is a step up from an unmanaged switch.  A smart switch is often very low cost but adds additional features, normally through a web interface, that allow you to actively manage the switch, change configurations, troubleshoot, great VLANs and QoS, monitor, etc.  For someone looking to step up their at home network and approach networking from a higher-end small business perspective this is a great option and a very practical one for a home.

Managed switches are the most enterprise and by far the most costly.  These use SNMP and other standard protocols for remote management and monitoring and generally have the most features although often Smart switches have just as many.  Managed switches are not practical in a home for any reason as their benefits are around scalability, not features, but, like with everything, if learning those features is a key goal then this is another place where spending more money not only for those features but also to get “name brand” switches, like Cisco, Juniper, Brocade or HP can be an important investment.  But if the goal is only to learn the tools and standards of managed switches and not to go down the path of learning a specific implementation then lower cost options like Netgear Prosafe might make sense.

Once we decide on unmanaged, smart or managed switches then we have to decide on the “layer” of the switch.  This also has three options: Layer 2, Layer 2+ and Layer 3.  For home and small business use, L2 switches are the most common.  I have never seen more than an L2 in a home and rarely in a small business.  L2 are traditional switches that handle only Ethernet switching.  You can create VLANs on L2 switches but you cannot route traffic between the VLANs, that would require a router.  An L2+ switch adds some inter-VLAN traffic handling to allow VLANs to exist using static routes.  L3 switches have full IP handling and can do dynamic routing protocols.

So if you need to study “large” scale routing, an L3 switch is good.  This is not a common need and would be the most expensive route and would imply that you intend to purchase a lot more networking gear than just one switch.  In a home lab, this might exist, for handling the home itself, it would not.  If you want to implement VLANs in your home, perhaps one LAN, one Voice LAN, a DMZ and one Guest LAN then an L2+ switch is ideal.  If you don’t plan to study VLANing, stick to L2.

Cabling: One aspect of home networking that is far too often overlooking is implementing a quality cabling plant inside the home.  This requires far more effort than other home networking projects and falls more into the electrician space rather than the IT professional space but is also one of the most important pieces from the home owner perspective and end user perspective rather than the IT pro perspective.  A good, well installed cabling plant will make a home more attractive to buyers and make the value a powerful home network even better.

If you live in an apartment, likely you do not have the option to alter the wiring in this way, unfortunately.  But for home owners, cabling the house can be a great project with a lot of long term value.  Setting up a well labeled and organized cabling plant, just like you would in a business, can be attractive, impressive and eminently useful.  With good, well labeled cabling you can provide high speed, low latency connections without the need for wireless to every corner of your home.  I have found that cabling bedrooms, entertainment spaces and even the kitchen are very valuable.  This allows for higher throughput communications to all devices as wireless congestion is relieved and wired throughput is preferred when possible.  Devices such as video game consoles, smart televisions, receivers, media appliances (a la AppleTV, Roku, Google), desktops, docking stations, stationary laptops, VoIP phones and more all can benefit from the addition of complete cabling.

Wireless Access Point: These days home networks are primarily wireless with many homes being exclusively wireless.  Even if you follow my advice and have great wired networking you still need wireless whether for smart phones, tablets, laptops, guest access or whatever.    A typical home network will already have some cheap, probably unreliable wireless from the onset.  But I propose at least a moderate upgrade to this as a good practice in home networking.

Enterprise Access Points have come down in price dramatically today and a few vendors have even gotten then below one hundred dollars for high quality, centrally managed devices.  Good devices have high quality radios and antennae that will improve range and reliability.  Generally they will come with extra features like mapping, monitoring, centralized management console, VLAN support, hotspot login options, multiple SSID support, etc.  Most of these features are not needed in a home network but are commonly used even in a small business and having them at home for such a low price point makes sense.  If you own a large home, using good Access Points with centralized management can be additionally beneficial in providing whole home coverage.

Having secure guest access via the access point can be very nice in a home allowing guests to be isolated from the data and activities on the home network.  No need to share private passwords and provide access to data that is not necessary while still allowing guests to connect their mobile phones and tablets.  An ever more important feature.

If your home includes outdoor space, adding wireless projects to provide outdoor coverage could also make fora  great learning project.  Outdoor access points and specialized antenna can make for a fun and very useful project.  Make yourself able to stay connected even while roaming outdoors.

Good, enterprise access points are often quite attractive as well, being designed to be wall or ceiling mounted, making it easier to put them in good placement locations to better cover your available space.

Power over Ethernet: Now that you are looking at deploying enterprise access points and if you followed by earlier article on doing a PBX at home and you have desktop or wall mount VoIP phones you may want to consider adding additional PoE switching to reduce the need for electrical cables or power injectors.  A small PoE switch is not expensive and, while never really necessary, can make your home network that much more interesting and “polished.”  Many security devices take advantage of PoE as well as do some project board computers that are increasingly popular today.  The value to adding PoE is ever increasing.

Network Software: Once your home is upgraded to this level, it is only natural to then bring in network management and monitoring software to leverage it even further.  This could be as simple as setting up Wireshark to look at your LAN traffic or it could mean SNMP Monitors, Netflow tools and the like. What is available to you is highly dependent on the vendors and products that you choose but the options are there and this is really where much of the benefit comes in regards to the ongoing educational aspects of network.  Building the network and performing the occasional maintenance will, of course, be very good experience but having the tools to now watch the living network at work and learn from it will be key to the continuing value beyond the impressive end user experience that your household will enjoy.

Doing IT at Home: Logging

Continuing my series of making your home more like a serious business environment, this time I want to talk about log collection. We touched on this a little in “Doing IT at Home: Ticketing and Monitoring” as Spiceworks, which I mentioned there, does some amount of Windows event collection. That was a very light treatment of the subject, however, and a serious “Do IT at Homer” is going to want something more robust and enterprise class.

Enterprise log collection, searching and reporting has really moved from a niche to a core IT tool over the past decade with the charge lead by the ubiquitous Splunk. There are many products that potentially fit into this category with varying degrees of features and robustness. Traditional “old school” logging systems tend to fall into the categories of Windows event collectors like Spiceworks, Windows Event Collector and ManageEngine EventLog Analyzer. In the UNIX world and in networking hardware worlds we tend to work with syslog compatible systems like Rsyslog and Solarwinds Kiwi Syslog Server. But these products are pretty limited, being very focused on limited platforms and are often quite expensive (Kiwi) or lack a good user experience (Rsyslog.) In exploring for your home lab it may make sense to play with some of these products. But for really taking your logging to the next level we are going to need to looks at vastly more robust platforms that address all of these data sources and more, are extensible and are designed around not only collecting data but making it searchable and displayable and, hopefully, usable by more than just the hard core home system administrator.

Leading the charge for this new breed of log collection systems is Splunk. Splunk is primarily an on-premise, proprietary software package but is available with a “Free” option that is generally perfect for a home IT enthusiast. The Free edition limits the volume of daily log ingest and does not support multiple users which is unlikely to be a real stumbling block for home use. The ingest limit is currently 500MB per day which is an incredible volume of logs . Splunk understands that their paying customers will only ever be larger shops with large log volumes so giving their product away for free for small shops and personal users actually helps their bottom line by encouraging broader experience with and knowledge of their product. Splunk is relatively complex and will take some effort to set up but is extremely powerful and featureful.

Splunk is hardly the only on premise log handling game in town. In the open source realm there is a flurry of activity around log collection and reporting, mostly built atop the Elasticsearch NoSQL data platform and the key one is known as the “ELK” stack referring to the three principle components: Elasticsearch, Logstash and Kibana. A common alternative is to keep the stack but to replace Kibana, the data analytics interface, with Graylog2 which is also open source. The ELK or similar stacks provide very “Splunk like” functionality without the Splunk limitations. Splunk is certainly the more popular choice for enterprises today but ELK is making significant inroads in mindshare and is to be seen most often in more innovative companies such as technology startups, research firms and large hosting services (Dreamhost is a notable sponsor.)

Tackling an on premise log management project will provide a great excuse for all of that extra hardware lying around the house and will provide deeper systems administration experience as there is more “server” to be managed and maintained. Unlike in a business, when doing IT at Home there are significant benefits to technology sprawl and intentionally taking on the more difficult path. We are actively seeking challenges and meaningful systems to be run at home that produce real value and log analysis is a great place to add value by leveraging data that your network is already creating and providing it to you in a way that makes you better able to anticipate problems before they occur, track down issues after the fact and dramatically increase security – knowing what is going on on your network and in your devices has a lot of value and manually parsing Windows Events and UNIX syslogs is boring and error prone. Looking at graphical data is more effective and reliable. And logging platforms can send alerts based on logging events as well.

On premise log management is not the only option. Log management is also available in a Software as a Service business model with two really key players, Splunk – by way of their “Splunk Storm” service and the market leader, Loggly. Both of these vendors offer completely free, capacity limited versions of their hosted products which are far more than any home IT user will need. These services allow you to get up and running with enterprise log management in a matter of minutes without any investment, neither in time nor money nor hardware. If your goals are less around learning system administration and more purely around focusing on good log management or you simply lack the racks of hardware at home that precipitate intentionally creating “extra” IT services in the house then hosted log management is very likely the right choice for you. For those focused on development, network administration or other areas of IT this is likely the more useful option. Loggly, especially, is easy for anyone to sign up and start sending log data and is the leading hosted log management product today.

The larger and more active that your home network becomes the more valuable good log collection and management becomes. Logs provide deep insight into your network and a good log management solution will not only provide you with a high level view of your data but will also be useful in replacing the traditional views of your live log data. Working from an attractive web interface is generally far more effective than manually scouring logs, even when looking at current events.  And some log management solutions will also provide good facilities for long term log retention which is often lacking in non-centralized solutions.

Good log management is rapidly becoming more and more important and an expected service in business. Five years ago it was common to see even very large enterprises not yet adopting these kinds of tools. Today it is assumed that any company of any reasonable size will have a solid, mature logging solution, almost certainly Splunk, in place and with the increasingly lower and lower barriers to entry from ELK and Loggly we see enterprise logging working its way into smaller and smaller firms. Logging at home is an excellent way to enhance your personal portfolio, extend your knowledge and skillbase and build up your resume. Get logging today!

Doing IT at Home: Ticketing and Monitoring

Treating your home network more like a business network is often far easier than people realize and far more useful too.  There is a lot of utility is how businesses run their IT departments and it is often only oversight or social custom that keep us from doing more IT at home.

In this third installment of me “Doing IT at Home” series of articles, I’m going to look at ticketing and monitoring systems.  Home networks generally consist of end user workstations, that is desktops, laptops, tablets and the like.  Servers are a rarity although, if you are following with this series, perhaps they are common in your home.

Rarely are home networks monitored in any way.  This is a major differentiator between common home and business networks.  This is a great place to add functionality and value to your home network.  Monitoring does not have to be hard nor expensive.  You can almost certainly run your monitoring from some hardware device that you already have in your home such as an existing Linux, Solaris or FreeBSD virtual machine or a Windows desktop, as examples.  There are many free, business network monitoring solutions such as Spiceworks, Zenoss, Nagios and Zabbix.  Implementing one or more of these, or one of many others, in your home can be very beneficial and educational.

For most IT pros looking to expand their home solution set, Spiceworks is the most obvious choice.  Effectively everyone has Windows at home, even if only in desktop form.  And that is all that it takes to run Spiceworks, so Spiceworks is a great starting point for nearly everyone as a first monitoring platform at home, and as it is geared towards desktop and small business management it is very well suited for the types of systems and environments likely to be found in a home.

Spiceworks is especially valuable for a project such as this because it delivers both the monitoring and alerting component as well as a built in helpdesk component killing two birds with one stone and that is why I included both concepts together in one article.  They could easily be done separately and helpdesk functionality is easily found in an externally hosted service but in using Spiceworks you have an opportunity to put both on the home network as the goal is experience, not practicality.

Getting your home network monitoring in tip top shape is a great learning exercise.  Learning not only how the specific monitoring product works but also learning about networking, operating system specifics, network monitoring protocols (such as SNMP) and more.  Many IT pros find that a good monitoring package causes them to learn more about their internal DNS than they ever thought that they would need to know.

Using ticketing at home encourages and shows organization and is useful in presenting important concepts in IT management.  Having tickets at home can be very handy in maintaining change management for your home network, organizing tasks that need to be done or you plan to tackle in the future and is especially useful if you support a large family environment where you want family members to be able to submit and track their requests.  This gets even handier if you are doing this for an extended family network and you are supported more than just your own household.  This may sound a little silly to do for a home environment, but remember, the goal is to learn products and processes, not to be particularly productive for a home environment.

Like many good home IT projects, this is one that helps to add “life” to your network.  Too many projects result in unused systems that sit idle and quality as a project but serve no actual purpose once implemented.  Monitoring, alerting and ticketing are systems that will actually interact with your network and serve an ongoing purpose which makes them ideal for educational projects.  You’ll not only implement them but maintain them performing updates and possibly extending them with additional functionality.

A good home IT project will add value to your home as well as your portfolio of experience and, hopefully, will demonstrate end to end experience not only as an implementer of a system but as a maintainer and as an end user of that system – a well rounded level of experience often lacking in those who only implement or utilize systems in an enterprise environment.

Doing IT at Home: Good Documentation

One of the most rewarding home IT projects that I have done was to implement a system for “home documentation.”  In a business environment documentation is critical to nearly any process or department.  At home, documentation is critical too but often overlooked or approached from a completely different perspective than it is in a business, but there is no need for this.  Many people resort to special tools, iPhone apps or physical pen & paper notepads to address documenting things around the house.  I propose something far more enterprise and elegant.  A wiki.

Wikis have been around for some time now and nearly everyone is familiar with their use.  At its core a wiki is just a web-based application.  Wikis come in many shapes and forms and with varying degrees of complexity and run on different platforms.  This makes them very flexible and applicable to nearly anyone, regardless of what kind of systems you run at home.

Using a wiki for home use becomes very obvious quite quickly once the project is underway.  Documenting bills, accounts, purchases, home repairs, part numbers, service schedules, insurance information and your home network, of course, all make perfect sense and are easy to do.  The wiki does not need to be large, just big enough to be useful.  Mine is certainly not sprawling but all of my important data is housed in one, convenient place and is text searchable.  So even if I don’t know how I organized something, I can just search on it.  All of my important data is there, in a single place, so that I can look it up when needed and, more importantly, my wife can look it up and update it when needed.  It allows for simple, reliable collaboration.  And I make mine available from inside or outside the home, so I can access my information from work or while traveling.  That’s a functionality that traditional home documentation systems lack.

While there are many wikis available today, I will mention three that make the most sense for the vast majority of people.  These are DokuWiki, MediaWiki and SharePoint from Microsoft.  DokuWiki and MediaWiki have the advantage of running on UNIX so can be deployed in a variety of situations for low or no cost.  They are free themselves. DokuWiki shines in that it needs no database and uses nothing but the filesystem making it incredible simple to deploy, manage, backup and restore.  It is nothing more than a set of text files and a small PHP application that writes them.  MediaWiki is, by far, the most popular wiki option and, like DokuWiki, is an PHP application but is backed by a database, normally MySQL, making it more complex but giving it more power as well.  Many people would choose MediaWiki to use for home (as do I) because it provides the most direct experience for the largest number of businesses.  SharePoint is free if you have a Windows Server and is much more complex than the pure wiki options.  SharePoint is an entire application platform that also includes a wiki as a part of its core functionality.  If you are looking to move more heavily into the Microsoft ecosystem then using SharePoint would likely make the most sense and will provide a lot of additional functionality like calendaring and document storage too.

Running a wiki can help give meaning to a home web server.  Instead of sitting idle it can house important applications and really be used regularly.  While not a massive project having a wiki at home could be an important step to giving meaning to the home IT environment.  IT at home often suffers from lacking direction or purpose – implementing systems only like a lab and lacking real world use.  Like the PBX example in an earlier article, a home documentation wiki can give your network meaning and purpose.