Infrastructure

A practical design for a home lab or small office where the goals are strong perimeter control, centralized visibility (SIEM), and repeatable response (SOAR), while keeping the environment easy to operate and document.

ISP Modem → Firewall → Router → Primary Switch (+ Backup Switch) → KVM → Endpoints
                                              ├─ Windows / macOS workstations
                                              ├─ Linux / Kali (testing)
                                              ├─ SIEM (log collection + correlation)
                                              └─ SOAR (workflow automation)
Power: Back-UPS for network + monitoring stack

Component Breakdown

• Modem: terminates ISP service and provides internet handoff.
• Firewall: security boundary (NAT, inspection, threat filtering, VPN, logging).
• Router: internal routing / subnet design (sometimes combined into firewall).
• Primary + Backup switch: access-layer connectivity and fast recovery from switch failure.
• KVM switch: operational control of multiple endpoints from one console.
• SIEM: central telemetry for detection, investigation, and reporting.
• SOAR: playbooks for triage, enrichment, notifications, and controlled response actions.
• Back-UPS: prevents monitoring and routing interruption during brief power events.

How SIEM + SOAR Work Together

• Collect: endpoints and firewall forward logs/telemetry into the SIEM.
• Detect: correlation rules generate alerts with context (user/device/network).
• Automate: SOAR ingests alerts, enriches data, and runs playbooks (ticket, notify, script).
• Respond (controlled): safe actions such as blocking a test IP or isolating a lab endpoint (where supported).

A traditional business infrastructure design with primary + backup ISP, VMware-hosted server workloads, and centralized identity/services to support internal applications and remote access.

Primary ISP + Backup ISP → Firewall → Switch (+ Backup Switch) → VMware Hosts → Server Workloads
                                         ├─ Domain Controller (Primary)
                                         ├─ Domain Controller (Secondary/Backup)
                                         ├─ Remote Desktop Services (Employees)
                                         ├─ QuickBooks Server (DB/App role)
                                         ├─ IIS Web Server
                                         ├─ SQL Server
                                         ├─ Linux Server (apps/services)
                                         └─ Exchange Server (or migration path to M365)

Why This Design Works

• ISP failover: continuity when the primary circuit fails (policy enforced at firewall).
• Virtualization: consolidates workloads, improves recovery options, and supports scaling.
• Identity-first: domain services enable centralized authentication, policy, and access control.
• Remote access: RDS provides controlled access to internal tools without exposing services directly.

Role Breakdown (High-Level)

• Domain Controllers: authentication, GPO, and often DNS (resilience with a secondary DC).
• RDS: secure workspace access for employees and contractors.
• QuickBooks Server: centralized accounting database/app access for multi-user workflows.
• IIS: internal applications, web portals, or service endpoints.
• SQL: database layer for business apps and services.
• Linux: app runtimes, automation services, monitoring, or middleware.
• Exchange: on-prem messaging or transitional hybrid model.

Operational Practices Typically Paired

• Patch and change windows for servers and network infrastructure.
• Backups (image + app-aware) and periodic restore testing.
• Least privilege, RBAC, and administrative separation.
• Network segmentation (VLANs) and restricted management access.