As a systems administrator, there are times when you may find yourself faced with tasks that are tedious and repetitive. Whether it’s updating software, managing backups, or configuring new servers, these tasks are essential but can quickly become boring and time-consuming. While it may be tempting to procrastinate or rush through these tasks, doing so can lead to mistakes and ultimately cause more work in the long run.
Creating A Management VLAN
This is one such night. A bit more general management was needed before I could deploy additional infrastructure to my environment.
Let’s talk about my first acomplishment: Creating an Administration VLAN and migrating my existing Secure Access Workstation to the newly created VLAN.
One of my top priorities is keeping my network secure. To do this, I need to ensure that only authorized users have access to sensitive parts of my network. One way to accomplish this is by creating an administration VLAN, which will limit access to management interfaces and other sensitive parts of your network.
Step 1: Creating the VLAN
The first step in creating an administration VLAN is to set it up on your firewall and switches. In this case, we are using a Sophos firewall and HP switches. To create the VLAN on the Sophos firewall, you will need to log in to the web interface and navigate to the VLAN section. Here, you can create a new VLAN and specify the appropriate settings.
Once the VLAN is created on the firewall, you will need to create it on the HP switches. This involves configuring the VLAN ID and port assignments for each switch.
Configure The Network on ESXI
Step 2: Trunking ESXi host and creating a distributed switch
Next, you’ll need to trunk the ESXi host and create a distributed switch. This will enable virtual machines to communicate across the administration VLAN.
Once the ESXi host is configured, you can create a distributed switch and specify the VLAN settings for each port group. This will ensure that virtual machines can communicate across the administration VLAN.
Step 3: Migrating SAW VM to the administration VLAN
Now that the administration VLAN is set up, it’s time to migrate your SAW VM to the new network. This involves changing the network settings for the virtual machine to use the administration VLAN instead of the general internal server network.
Step 3: Creating firewall rules and blocking external network access
SAWs typically have privileged access to the network, which means that they have access to sensitive data and resources. Allowing SAWs to access the external network can put this sensitive information at risk of being compromised by external threats such as hackers or malware.
By utilizing my Sophos firewall to create pinhole access restrictions to more priveleged areas of my network and blocking external network access, ensures everything remains secure.
Creating VMware Templates
Now with that out of the way, let’s talk about my second accomplishment: Creating VMware templates for Windows Server 2022 and Linux.
By creating templates, you can quickly deploy new virtual machines with the appropriate settings and configurations. This can save you time and ensure consistency across your network.
To streamline the process of creating new virtual machines, I created VMware templates for Windows Server 2022 Desktop and Core as well as Alma and Red Hat Enterprise Linux.
Before I converted the golden image to a template, I performed updates, installed VMware tools, and syspreped the Windows VMs.
It’s a bit late, so it’s off to bed for me. Be sure to take a look at my other posts or my wiki in the mean time!
Start the discussion at forum.sysadminafterdark.com