You will build a complete on-premises datacenter: a virtualization host, VLAN-segmented networking, core services, and monitoring. By the end you will have a documented, recoverable environment that mirrors a small production site.

Learning Objectives

  • Stand up virtualization and segment the network by VLAN.
  • Deploy core services (DNS, DHCP, web) as VMs.
  • Add monitoring and backups for recoverability.
  • Time: ~25 hours · Difficulty: Advanced · Prereqs: the server, networking, and KVM labs.

Architecture Overview

Environment Setup

  • A Proxmox/KVM host with enough RAM for several VMs.
  • A managed switch or virtual bridges for VLANs.
  • Backup storage separate from the host.

Step-by-Step Execution

01
Provision VMs and VLANs
qm create 110 --name dns --net0 virtio,bridge=vmbr0,tag=30
Creates a service VM on VLAN 30.
02
Deploy core services
ansible-playbook -i inventory.ini services.yml # DNS, DHCP, web
03
Add monitoring
$ curl -s localhost:9090/-/healthy
Prometheus is Healthy.

Progress So Far

Testing & Validation

dig @10.0.30.2 web.lab.tyfsadik.org +short && curl -s -o /dev/null -w "%{http_code}\n" http://web.lab.tyfsadik.org

DNS should resolve the web host and the site should return 200. Restore a VM from backup to confirm recoverability.

Troubleshooting
  • VLAN traffic blocked: confirm trunk ports allow the VLAN IDs end to end.
  • Service unreachable: check inter-VLAN routing and firewall rules.
  • Backup restore fails: test restores regularly, not just backups.

Extension Ideas

  • Add zero-trust access as in Proxmox Zero-Trust.
  • Centralize logs into a SIEM.
  • Document a full DR runbook and test it.

Key Results

  • Built a VLAN-segmented virtualized datacenter.
  • Deployed DNS, DHCP, and web as managed VMs.
  • Monitored the estate with Prometheus + Grafana.
  • Verified recoverability with a backup restore.