Hey everyone. Sorry in advance, this is a long post. I'm new to the IT field, just out of HS, and want to get some practical experience.
What I am trying to do is setup various servers in ESXi used for web, email, database, dns, a jump server, and management. I'm limited in hardware and money, so I need to try and make things work with what I have for now.
Initially, all servers will be internal with no external traffic accessing them (unless initiated by the server itself for updates and whatnot). I plan for this to change in the future as I plan to host a blog, obtain email, and be able to access my network, stream music, etc from my jump server.
All that being said, here is how my network is currently setup:
My ISP comes in to the WAN port on my firewall. My firewall right now is pfsense. From my pfsense firewall there are two links, one for DMZ and one for internal. The DMZ goes to its own switch and only has access externally. No internal traffic has access to the DMZ. The internal connection of my firewall goes into a Cisco switch via a transit link. The Cisco is then broken out by VLAN for Wireless, LAN, and Server networks.
To me, this setup sounds good for my network, but I have some questions ... I'm assuming once my web, email, database, and dns servers go into "production" they should be placed in the DMZ correct? If thats the case, with the DMZ not having access to my internal network, how would I access those systems for management, or monitor them from my management server? If they were allowed access for that reason, or if I kept my database on my internal network separate from my webserver, would that pose a security risk?
Moving on from there, here is the hardware I have available for my virtual system:
Intel Core 2 Duo E6750 2.66GHz
8GB DDR2 667
1 300GB SATA 7200RPM
2 500GB SATA 7200RPM
XFX nforce 680i mobo with MCP55 RAID/SATA Controller
2 nforce 10/100/1000 NICs
1 dual Intel Pro 1000 NIC
Now, I have ESXi 4 installed on the 300GB HD. The install was error free, I can access the host, vSphere client, see the drives and NICs, etc. What I cant figure out ATM is how to utilize the RAID controller, but that may just be a support issue with ESXi using software raid.
Anyway, here is what I plan to have virtual machine-wise.
1 Web server running on linux with Apache and PHP
1 MySQL server running on linux
1 Email server running on linux
1 DNS server running on linux
1 Jump server running on linux(used for internal and external network/server access)
1 Management server running on linux for nagios, ossim, etc.
I chose Linux b/c its open source and doesnt require a commercial license as Microsoft products do.
I plan to use the web and mysql to host a personal blog. I can't anticipate the amount of traffic, though I would imagine being able to support 50k unique would be a decent threshhold to work toward? The email will be used for that domains email addresses, and the DNS will be used as the SOA for the registered domain. The management server will be used to monitor the health of the systems, and OSSIM will be installed as well to deploy and manage security products (IDS, event collection, etc).
Alright, now aside from any questions above, I need some help with how to actually layout these server builds. I'm assuming from a performance perspective these shouldnt all be on the same server or same disk, correct? From a security perspective, I would think the database should be separate from the web server and not have external access. But what about DNS? And, would it be okay to combine web and email into one server? As for the jump and management servers, I plan for those both to be separate. How should I layout these systems amongst my disks for best performance?
Hopefully all of that was understandable. Sorry for the long post, but I wanted to make sure there was context and enough info for people to help me.