Hak's Capstone ← TradingWithHak
Server+ Capstone · Cybertex

Building a 3-Zone Lab on a Single Server

Real hardware, four virtual machines, three security zones, one perimeter firewall. The full build, the artifacts, and a teaching guide so anyone can follow it.

By Hak Tang Course Server+ at Cybertex Hardware HPE ProLiant ML350p Gen8 Hypervisor Proxmox VE 8.2
Hardware
ML350p Gen8
Xeon E5-2609 v2 · 48 GB · RAID 5 ~2 TB
Phases
11 + glossary
From bare metal to demo-ready
Virtual Machines
4
Jump Box · Win Server · Linux · pfSense
Docs & Decks
10 artifacts
Walkthrough · two decks · proof photos

The Build — What I Made

Every artifact is open. Click into any card — the walkthrough is the textbook, the decks are how I present it, the screenshots are proof the lab actually runs.

📖 Complete Walkthrough
New
Eleven-phase teaching guide. Build the lab from a bare server to a working demo. Each phase has Goal, Why it matters, Steps, Verify, Common mistakes, and Presenter notes. 22 photos, full glossary, every acronym spelled out.
Read PDF
🎤 Week 2 Presentation
Deck
23-slide live deck. Required vs. extra-credit topology side by side, real proof slides from the live lab, full glossary. Use ← / → arrow keys to navigate.
Present PDF
🛡 Jump Box Presentation
Deck
14-slide deep dive on the Jump Box VM. DMZ placement, SSH hardening, UFW rules, key-only authentication, and the audit story for why one hardened door beats many open ones.
Present
🔧 Week 1 — Hardware
Done
ML350p Gen8 inventory, BIOS function keys, Smart Array P420i RAID 5 setup in ORCA, Proxmox install. The phase that turns iron into a hypervisor.
Open
🌐 Week 2 — Networking
Done
Bridges (vmbr0/1/2), iptables NAT and DNAT, ISO uploads, four VMs created. The phase where one server becomes a small enterprise network.
Open
🛡 pfSense Setup Guide
Extra Credit
Step-by-step for the extra-credit perimeter firewall. VM specs, console interface assignment, the web wizard, and the two checkboxes that bite everyone (RFC1918 + bogons).
Open PDF
🎞 Photo Slideshow
View
Auto-rotating gallery of every photo from the build — hardware identification, BIOS screens, RAID setup, Proxmox dashboards, pfSense console + web UI. Useful as a kiosk display.
Run
🏠 Local Hub
Index
Original index page that lists every file in the local ~/Capstone-Guide/ folder. Linked here for completeness — mostly used as a desktop launcher during the build.
Open

About this project

A real Server+ capstone build, not a tutorial walkthrough. Hardware, networking, and operating systems — all in one box.

What was built

A single HPE ProLiant ML350p Gen8 server was set up from bare metal as a Proxmox VE hypervisor and configured to run four virtual machines arranged into three security zones:

  • Management zone — how administrators reach the host, bridged to the school's LAN
  • DMZ — a buffer network where the Jump Box lives
  • Private LAN — trusted internal segment hosting the Windows DNS server and the Linux server

The required path uses iptables on the Proxmox host for routing. The extra-credit path replaces those rules with a real pfSense firewall appliance on three NICs, mimicking how a small enterprise actually deploys perimeter security.

What was learned

Every layer of a working server — hardware identification, RAID configuration, BIOS & firmware, hypervisor install, network segmentation, NAT & firewall rules, multiple operating systems, internal DNS, and remote access via Jump Box. Plus the documentation and presentation discipline to teach it to someone else.

Proxmox VE Virtualization (KVM) RAID 5 iLO 4 iptables NAT / DNAT / SNAT pfSense SSH hardening UFW Windows Server 2022 Active Directory DNS Ubuntu Server Network segmentation Tailscale
Educational project for a Server+ capstone build. Not a security recommendation for production environments.
TradingWithHak · BudgetWithHak · GitHub