Part 2: Architecting The Home Lab
In my last post, I discussed planning the setup of my home lab. I researched and procured all of my equipment as well as had a notional idea of what I wanted to build out. Now it was time to sit down and architect out my design. First, I needed to decide on what kind of home lab environment that I wanted to build, and because of my current experience in DevSecOps, I wanted to stay on that track of learning and design a robust DevSecOps network that would support a Continuous Integration / Continuous Deployment (CI/CD) lifecycle as well as code storage & maturation repo, automation, scalability and resilience platform. As well, I also wanted my network to be as High Availability (HA) as possible given my budget and bandwidth constraints. So, with all of that, I started to look at my current DevOps learning path that I had designed for myself.
So what is DevSecOps Anyways?? Well, DevSecOps is the philosophy of integrating security practices within the DevOps process. DevSecOps involves creating a ‘Security as Code’ culture with ongoing, flexible collaboration between engineers and security teams. The DevSecOps movement, like DevOps itself, is focused on creating new solutions for complex software development processes within the Agile framework. DevSecOps is a natural response to the bottleneck effect of older security models on the modern continuous delivery pipeline. The goal is to bridge traditional gaps between IT and security while ensuring fast, safe delivery of code. Silo thinking is replaced by increased communication and shared responsibility of security tasks during all phases of the delivery process. In DevSecOps, two seemingly opposing goals —“speed of delivery” and “secure code”—are merged into one streamlined process. In alignment with lean practices in agile, security testing is done in iterations without slowing down delivery cycles. Critical security issues are dealt with as they become apparent, not after a threat or compromise has occurred.
One of the key benefits of DevSecOps is the ability to make full use of cloud services. For example, organizations running services in the Amazon Web Services (AWS) cloud reap the benefits of increased preventive and detective security controls within the continuous integration and deployment model of AWS. As more organizations rely on cloud applications to keep operations up and running, security efforts independent of those performed by AWS are crucial to prevent costly downtimes. The safety measures inherent in DevSecOps have many other advantages to include:
- Greater speed and agility for security teams
- An ability to respond to change and needs rapidly
- Better collaboration and communication among teams
- More opportunities for automated builds and quality assurance testing
- Early identification of vulnerabilities in code
- Team member assets are freed to work on high-value work
I have been actively working in AWS and was recently certified as a cloud solutions architect. From there, I wanted to really get heavily invested into automation and Infrastructure As Code (IAC), so I started dabbling in Terraform and Ansible, and I soon learned that there was much more that I wanted and frankly need to learn and master, if I was to remain competitive in my current profession; not only as a Cybersecurity practitioner, but as a cyber range engineer. So, I got to it and started to deep dive into each of the above listed technologies. Currently, I am working on mastering Ansible and will soon take the Red Hat Certified Engineer certification (RHCE) to codify what I have learned. Then, I plan to move on to Terraform. My DevSecOps lab will help me work in a safe space that will provide me a extra layer of knowledge beyond what I can learn by using a public could provider and I am the provider of my own infrastructure.
Here is my current home lab reference architecture design (some details have been redacted):
The next step is to fire up the devices and start building out my hardware. This part will be fun; I learned a lot. Stay tuned…
