ITS7 Server+ — Capstone Lab

Lab Guide

Step-by-step walkthrough for setting up the HP ProLiant ML350p Gen8 with Proxmox VE, a 3-bridge network, and a full VM lab that mirrors enterprise server infrastructure.

HP ML350p Gen8

Server

2× Xeon E5-2620

CPU

48 GB ECC RDIMM

RAM

RAID 5 · 3 TB usable

Storage

Proxmox VE 8.x

Hypervisor

pfSense, Win2022, Ubuntu

VMs

Phase 1

Hardware Overview

Server specs

HP ProLiant ML350p Gen8 tower server·Dual Intel Xeon E5-2620 (12 cores total)·48 GB ECC RAM (6× 8 GB RDIMMs)·HP Smart Array P420i RAID controller·4× 1 TB SAS HDDs·Dual redundant PSUs

RAID configuration

RAID 5 across 4× 1 TB SAS drives using HP ORCA (F8 at POST) — 3 TB usable, 1 drive fault tolerance. Battery-backed write cache enabled on P420i for write performance.

iLO 4 (Integrated Lights-Out)

Connect iLO NIC to management network. Default credentials on label. Browser to https://<iLO-IP>. Use iLO to mount ISO remotely for OS installation — no monitor/keyboard needed.

BIOS settings

Enable VT-x and VT-d (CPU virtualization + IOMMU) in BIOS — required for KVM. Set boot order to CDROM first for initial install. Disable legacy boot if using UEFI installer.

Phase 2

Proxmox VE Installation

Download Proxmox VE ISO

Download latest Proxmox VE 8.x ISO from proxmox.com/downloads. Create bootable USB with Rufus (Windows) or `dd` (Linux). Alternatively, mount ISO via iLO Virtual Media.

Install Proxmox VE

Boot ISO → Install Proxmox VE → Select installation disk (use OS drive, NOT RAID array) → Set FQDN: proxmox.hak.solutions → IP: 10.10.10.10/16 → Gateway: 10.10.10.1 → DNS: 10.10.10.1 → Set root password.

Post-install updates

`apt update && apt full-upgrade -y` after removing the enterprise repo. Add no-subscription repo in /etc/apt/sources.list.d/. Reboot after kernel update.

Access the web UI

Browse to https://10.10.10.10:8006 — accept self-signed cert warning. Login: root / your-password / realm: PAM. Node view shows CPU, RAM, storage, and network summary.

Phase 3

Network Bridges

vmbr0 — Management

Bridge on physical NIC (eno1). CIDR 10.10.10.0/16, GW 10.10.10.1. Hosts Proxmox management IP and all VMs on the management/campus network. Edit /etc/network/interfaces.

vmbr1 — DMZ

Second bridge (no physical NIC — internal only). CIDR 172.16.0.0/24. Hosts public-facing VMs (web server, jump box). pfSense WAN leg connects here to simulate internet-facing traffic.

vmbr2 — Private LAN

Third bridge (internal only). CIDR 192.168.0.0/24. Hosts backend VMs (AD DS, file server, database). Only reachable from vmbr1 via pfSense routing and firewall rules.

Apply network config

`systemctl restart networking` or `ifreload -a` (ifupdown2). Verify with `ip addr` and `brctl show`. All three bridges should appear as UP with correct CIDR.

Phase 4

VM Deployment

pfSense firewall / router

VM ID 100·2 vCPUs·2 GB RAM·WAN on vmbr1 (172.16.0.1)·LAN on vmbr2 (192.168.0.1)·Management on vmbr0. NAT/MASQUERADE from LAN → WAN. DHCP server on vmbr2 scope: 192.168.0.100–200.

Jump Box / Bastion

VM ID 101·Ubuntu Server 22.04 LTS·1 vCPU·1 GB RAM·vmbr1 (172.16.0.10)·SSH port 2222·key-only authentication·PermitRootLogin no·Acts as single entry point to private LAN. External access via campus VPN to vmbr0.

Windows Server 2022 (AD DS)

VM ID 102·Windows Server 2022 Datacenter·4 vCPUs·8 GB RAM·vmbr2 (192.168.0.10, static)·Roles: AD DS, DNS. Run DCPromo after static IP set. Domain: hak.local. Integrated DNS creates SRV records automatically.

Ubuntu Web Server

VM ID 103·Ubuntu Server 22.04 LTS·2 vCPUs·2 GB RAM·vmbr2 (192.168.0.20, static)·NGINX reverse proxy·UFW: allow 80,443 from vmbr1 only·Hosts capstone web app.

Snapshots & Templates

After initial config of each VM, take a snapshot named "clean-install". Convert to template only for base images reused for clone testing. Snapshots stored on local-lvm (thin-provisioned).

Phase 5

Verification Checklist

Ping test

From pfSense: ping 192.168.0.10 (Windows DC), ping 192.168.0.20 (Ubuntu). From Jump Box (172.16.0.10): ping 192.168.0.1 (pfSense LAN). Confirm routing works.

DNS resolution

From Windows DC: nslookup hak.local should return 192.168.0.10. From domain-joined client: nslookup any hostname. Forward/reverse zones should resolve.

AD DS join

Join Ubuntu VM to hak.local using `realm join`. Verify `id username@hak.local` works. Check in AD Users and Computers.

RAID health

HP SSA (F10 at POST) or HPE Smart Storage Administrator CLI: `ssacli ctrl all show status`. Array should show "OK". No failed/predictive-fail drives.

iLO connectivity

Confirm iLO web UI accessible from campus network. Test virtual media (mount ISO). Test remote console (Java or HTML5). Power cycle test via iLO.

Next: explore the topology diagram

Once the lab is running, the topology page shows exactly how traffic flows between the three network bridges, the firewall, and each VM.

View topology →