I've always wondered if other IT Professionals take their work home??? I don't take work home, I take my hobby to work....There is a serious side to this approach, it allows freedom to explore Microsoft and Linux products without constraints and it provides insights into the tech articles vs reality without the constraints of deliverables.
The following describes my main home environment.
Hardware:
Intel NUC's - i7's with 32Gb RAM, 1Tb SSD and 4TB 2.5" SSD
Intel NUC Skull Canyon 32Gb RAM, 1Tb SSD VNAND
Dell XPS 15
ASUS Zenbook 580
ASUS Zenbook 490
ASUS Zenbook 301LA
Synology Nas 4 Bay 8Tb Usable
Synology Nas 1 bay 4Tb Usable (Selective Backup)
Zyxel USG60W
4 * Odroids UX4 (2 * load-balanced PI Holes)
Raspberry Pi 4
Raspberry Pi Zero * 2
Odroid C4 (RAT) Dual Wifi and RJ45 - Kali Rat
Various 1Gb switches
HP 476MFD
Software:
Microsoft Action Pack - £470 per year
Linux and Pi distros
Main infrastructure, doesn't include vm's that are only spun up for testing:
NUC1 (HYP1)
DC19-1
DC19-2
SCCM-1
NUC2 (HYP2)
OPS-1
MDT-1
DC19-3
The diagram below details the internal DNS setup, there's a method to this madness. The 2 Synology NAS's act as DNS proxies performing all-recursive queries, protecting the DC's from connecting directly to the Internet. The Pi Holes are load balanced and placed between the member servers, clients and DC's, enabling hostname resolution in the PiHole logs. Whilst filtering all the nasties away from the clients and servers.
NUC's - The powerful and relatively cheap to run Intel NUC's are host servers. Don't criticise they're Hyper-V, there are benefits, more secure than alternatives....bare with me... don't rage, they receive their patches automatically every month from Microsoft. I specialise in Microsoft OS security and am more confident in securing Windows. Hyper-V finally allows me flexibility with migrating vm's across all the NUC's, Laptops and Skull Canyon.
Shares and DFS - NUC1 hosts the main bulk of the user shares with shares for Home, Groups and Media, plus a Software Library going all the way back to Windows NT 4 sp3. The shares are presented to the user with GPO preferences. DFS allows moving the data to a new host without the users (my family) being aware.
DC's - Windows 2019 Server makes up the Domain Controllers, each Hyper-V host has a DC. The 3rd DC doesn't run any FSMO roles and it's the first to be replaced with a new OS release. Build a new DC alongside and demote the old. No in-place upgrades help keep the DC's clean.
SCCM\MECM - Yes I've deployed an enterprise management solution at home. Yes, it does deploy Windows clients and applications and there is the odd, quite a lot, to be honest, compliance rules. Yes, it can deploy Windows Updates, just doesn't any longer. Until a couple of years ago, my main job was as an SCCM engineer.
SCOM - Monitors performance of all servers and various synthetic transactions eg the Internet from client to Google. Custom event rules alert for activities that shouldn't happen across all DC's, servers and clients.
MDT - Creating gold images of course....
Backups - 2-way replication exists between the Windows Shares and Synology-1. Android phones automatically upload new photos and videos to the NAS, and then replicated them to the Windows Media share. Equally any new content added to the Windows shares is backed up to the NAS. Synology-2 provides a sort of off-site backup, being away from the main house.
Clients - Windows 10 clients run the very latest release and are members of the Domain. I don't allow any non-domain joined Windows on the main network. Android is Ok, not Windows and never the head in the sand crapple.
Security - It's extensive, from firewalls to GPO, Applocker, Device Guard, IPSec and role separation with AD. Clearly, I'm not going to give too much away, everything is turned up to level 10.
That's a very quick overview of the home network.