Infrastructure

Infrastructure designs focused on reliability, segmentation, operational resilience, and hybrid scalability across cloud and on-prem environments.

Design 1 — Secure Lab / Small Office Topology

Network Security Resilience

A practical design for a home lab or small office where the goals are strong perimeter control, centralized visibility (SIEM), and repeatable response (SOAR), while keeping the environment easy to operate and document.

ISP Modem → Firewall → Router → Primary Switch (+ Backup Switch) → KVM → Endpoints
                                              ├─ Windows / macOS workstations
                                              ├─ Linux / Kali (testing)
                                              ├─ SIEM (log collection + correlation)
                                              └─ SOAR (workflow automation)
Power: Back-UPS for network + monitoring stack

Component Breakdown

How SIEM + SOAR Work Together

Segmentation SIEM SOAR Back-UPS Operational Resilience

Design 2 — Business On-Prem Virtualized Environment

Virtualization WAN Failover Core Services

A traditional business infrastructure design with primary + backup ISP, VMware-hosted server workloads, and centralized identity/services to support internal applications and remote access.

Primary ISP + Backup ISP → Firewall → Switch (+ Backup Switch) → VMware Hosts → Server Workloads
                                         ├─ Domain Controller (Primary)
                                         ├─ Domain Controller (Secondary/Backup)
                                         ├─ Remote Desktop Services (Employees)
                                         ├─ QuickBooks Server (DB/App role)
                                         ├─ IIS Web Server
                                         ├─ SQL Server
                                         ├─ Linux Server (apps/services)
                                         └─ Exchange Server (or migration path to M365)

Why This Design Works

Role Breakdown (High-Level)

Operational Practices Typically Paired

VMware Active Directory RDS QuickBooks IIS / SQL Business Continuity

Design 3 — Hybrid Network Topology Diagram

Hybrid Segmentation Architecture

This reference diagram illustrates hybrid connectivity between on-prem infrastructure and Azure cloud components, including segmented VLANs, firewall boundaries, site-to-site VPN, and tiered server architecture.

Diagram is intentionally abstracted to avoid internal identifiers.

Architecture Highlights

Cloud + On-Prem Network Boundaries Tiered Architecture Resilience

All details are shared at a high level with no internal IPs, hostnames, or sensitive configuration data.