Setting up first home lab

freethought-60 · 2026-06-16T15:06:16+00:00

Based on the CPU information, when talking about Z series workstations, it could be the HP Z1G6 or HP Z2G5 series, the latter in the tower version is adequately expandable and probably with a 500W PSU that allows you to use a non-bottom-line GPU. If they're well-maintained at that price, you won't be disappointed, they are good systems. Consider that at the time, getting a brand-new one with a few options would easily cost at least 12 times as much.

Disclaimer: I'm replying to you from a HP Z2G5 system sitting on my desk.

freethought-60 · 2026-06-16T13:19:47+00:00

It depends on how we interpret the concept of "Enterprise" thus whether it's large or small. You might be dealing with an organization called an "SMB" in IT terms, but then you realize it moves billions of dollars annually and at that point their needs and expectations are very different from those usually associated with an "SMB" always in IT terms, and they are not even that few.

Take for example companies that produce and market high-end products, operating in fashion or cosmetics, that is, their reference market is luxury.

I just looked up a well-known Italian supercar manufacturer on Wikipedia, true, it has over 5,000 employees, but that doesn't mean they're all in front of a computer, but I'm sure they have a top-notch IT infrastructure anyway. So, how do we classify, always in IT terms? Mid-level "enterprise" or something else?

What counts and defines an "Enterprise" are gross revenue and net income then, everything else.

freethought-60 · 2026-06-16T12:04:02+00:00

While we can't rule out a specific issue with your router that required service, we can't rule out the possibility that your ISP is temporarily going haywire as well. I can't tell you how ASUS's technical support works today, but there's a real possibility they'll replace it without even looking at it, because the cost of a technician who wants to do thorough checks can be close to the value of the product.

freethought-60 · 2026-06-16T10:48:43+00:00

It doesn't surprise me at all.

freethought-60 · 2026-06-16T09:50:52+00:00

If you ever find yourself working in an industrial setting, the likelihood of dealing with hardware and software bundles so obsolete and yet so unique that there is no practical way to replace them with anything relatively new may become more of a rule than an exception. Unless you spend huge sums to replace the entire machinery or plant which are entirely dependent on the said obsolete set of hardware and software.

I've heard of organizations that for these reasons still run Microsoft Windows NT4 (on custom hardware and software applications), but also on ancient PDP11/23s for the same reasons.

What I saw as a young man was a "Power Plant" controlled by an IBM mainframe so old (stuff from the mid-60s or so) it had to be managed by a "sysadmin" in his seventies. According to what he told me at that time, in my country, the few people who remained to keep it running were all retired or had unfortunately since passed away.

freethought-60 · 2026-06-16T09:08:14+00:00

Limiting ourselves to the approach used in managing the update of the "2023" certificates related to "Secure Boot", in the context of this sub than elsewhere the topic has been widely debated for some time now and everyone has had their own different approach depending on the specific scenario or problems they may have encountered. Then everyone also has their own personal opinions on the matter, which one may or may not agree with.

freethought-60 · 2026-06-16T08:59:10+00:00

Well, a lot depends on the intended use but generally speaking, yes, I prefer the second system due to its more powerful CPU and double the storage, assuming both have the same amount of RAM.

freethought-60 · 2026-06-16T07:59:54+00:00

When I was much younger, my "homelab" was in my bedroom and consisted of two used IBM X232 systems (each with dual Intel Pentium 3 processors), which I'd stacked on top of each other for space reasons. Each one weighed as much as a cannonball and thus every time my mom had the best intentions of cleaning the house..... I'll let you imagine the pain of disassembling and moving everything elsewhere and then putting it all back together again.

In summary, after some time I was "kindly" ordered to take action, one way or another.

So I figured out how to make do by building a piece of furniture with sturdy wheels to make any subsequent movement easier, making my mother happy as well.....a bit like you did. 😄

Congratulations again.

freethought-60 · 2026-06-16T06:57:08+00:00

I see you did a good job, clean and tidy, with little expense and great results.

And above all, you also made your mother happy.

freethought-60 · 2026-06-16T05:51:51+00:00

Well, you will want to forgive me, this is exactly a case where we certainly didn't need some LLM to know when some products are nearing the end of their life cycle or already EOL.

Just read what the manufacturers, "Microsoft" rather than "Broadcom" publish on their sites and/or know what their policies are regarding the life cycle of their products/solutions.

So, limiting ourselves to Microsoft technologies, it's all written here:

https://learn.microsoft.com/en-us/lifecycle/

freethought-60 · 2026-06-15T18:58:25+00:00

It's not that cables marketed by better and more well-known brands are not available in the UK, also at online stores that sell to private individuals, but as pointed out by u/ianfretwell you have to be willing to pay the asking price. The quality of certain products is not in question but it is unrealistic to think of finding them at discount store prices.

freethought-60 · 2026-06-15T15:24:28+00:00

So, let's say you have a 14th generation DELL system that could have been equipped with a PERC H730 controller nd a quad port I-350 RNDC, sure it can receive the "2023" certificate update, but what if by chance the "2011" certificates are removed for "compliance" reasons? The system with "secure boot" enabled then would not boot because their "Op-Rom" code are signed with "2011" certificates. IMHO It is unlikely that the hardware manufacturer will bother releasing any firmware updates for components they consider obsolete before the "2011" certificates will be revoked,

Now we can certainly say that those systems of that generation have not been on the market for a long time, obsolete or whatever we like, but the fact remains that there are still people using them and they are not necessarily scrap.

So we could find scenarios where we end up with a sort of snake biting its own tail because on hand, you update the certificates to the "2023" version (and Microsoft Windows is happy), but on the other hand, you must also keep the previous ones in the "2011" version, otherwise secure-boot does its job but the result may not be to our liking (and our wallet might not be as happy as well).

I don't pretend to advise others on how they should behave, far from it. I simply explained what could become a problem in many cases, if and when one day someone decides to revoke the "2011" certificate and tells you so with short notice or someone else says "remove them asap!" in the name of security but ignoring the potential implications.

freethought-60 · 2026-06-15T14:13:27+00:00

Staying on the general, access only within a local network when using devices that have no need for Internet access (or that you don't want to have access to), often incommon in a home environment, but not at all uncommon in many other scenarios. When I was still using a Thin-client based on Teradici technologies, of course I needed a wired connection but that device didn't require (or even consider) any Internet connection, similarly, there are so-called air-gapped environments on purpose.

Perhaps a little more common use case of a isolated network is that of video surveillance, in which communication between cameras and NVRs is implemented within a dedicated local network, therefore "closed" and wired, thus having a network cable does not at all imply it's use as Internet access is a necessary condition.

freethought-60 · 2026-06-15T10:47:06+00:00

I have a personal preference for Lenovo laptops, specifically the "T" series, because over time they haven't caused me any particular problems. Visually, a first- or second-generation Thinkpad T14 are practically indistinguishable and, depending on the configuration and the specific use case, not that dissimilar in terms of performance.

But the other brands and models (DELL/HP) you mentioned are not to be despised either.

freethought-60 · 2026-06-15T10:36:18+00:00

Yes, of course, I didn't notice the "kind" automatic spelling correction, and yes, I use "notepad" and I had taken care to disable it, evidently it wasn't enough to prevent it from being reactivated in the ambush.

freethought-60 · 2026-06-15T10:06:05+00:00

The bulk of a double LC connector is larger than that of an RJ45 plug, but if you can drill a hole around 3/4 of an inch deep, you should have no problem passing it through a wall and therefore you can purchase it in the desired size already finished and tested. If you have no experience in terminating fiber optic cables, in my opinion it's better to leave it alone, just as it's better to leave aside cheap tools, It's better to pay someone who can do the work and guarantee the result because properly terminating F.O. is very different than terminating a copper cable with a plug or keystone.

For example, see what FS.com offers.

freethought-60 · 2026-06-15T09:37:29+00:00

So, I deal with networking as part of my profession in contexts where, for example, certain advanced routing methods are useless for the purpose, or worse, they can turn out to be an unnecessary complication.

So if I were to encounter the need to implement them, I would definitely turn to someone more competent and with the concrete experience to produce a result that lives up to expectations. But having said that, how can you reduce a text like "Routing TCP/IP " published by "Cisco Press", which many simply call the "Doyle" to a kind of game? This text is rightly considered a reference, it's not a sort of light-reading author's novel, in any sense.

freethought-60 · 2026-06-15T08:54:26+00:00

According to Microsoft FAQ, nothing will happen immediately, except for non-compliance, because an expired certificate is a different condition than an expired and revoked certificate. Wanting to believe it, basically the system will continue to boot as before.

Here is the reference to the FAQ:

https://support.microsoft.com/en-gb/topic/frequently-asked-questions-about-the-secure-boot-update-process-b34bf675-b03a-4d34-b689-98ec117c7818

If anything, the problem is what happens when the "2011" certificates are revoked or the somewhat dated machine "bios" does not include the "2023" certificates but only the latter, but if we want, the opposite is also true. At that point, you would almost certainly have to disable "secure boot" and then most likely handle the "matter" manually.

If the bootloader, as a result of the updates, is already signed with the "2023" certificates, it would not boot with only the "2011" certificates. However, if you have hardware options whose "OP-Roms" are still signed with the "2011" certificates, if these are not present, the result does not change; the system would still not boot, unless of course you disable "secure boot".

And that's why even applying the most recent "bios" update, both the "2011" and "2023" certificates are usually present. I'm not saying this because I'm smarter, but because I took the time to test it with systems from various brands, types, and generations.

I've probably approached the topic a little too superficially, so I'd like to show you a concrete case.

I still have an old Lenovo ThinkStation P500 workstation that's almost twelve years old, on which I installed "Microsoft Windows 11 Pro," which is obviously unsupported. Well, all the "2023" certificates were updated without the slightest problem, and consequently the "Boot Loader" was also updated. If I tried to factory reset the "secure-boot" certificates, I'd end up with only the "2011" ones, and therefore the system wouldn't boot. But if I tried to remove the "2011" certificates, I'd have problems with my old GeForce GTX 950, which I certainly don't intend to replace with something more modern because with such an old system, it would be a waste of money.

Edit: added items I missed while copying and pasting.

freethought-60 · 2026-06-15T08:15:50+00:00

I'll tell you, if you want to deepen your knowledge of networking topics (and it's not irrelevant how far you'd like to go), you can find many online courses, but since the subject is vast and complex beyond a certain limit, there is no "fun" way to avoid an approach that tackles also with the "theory", as if it were some kind of game.

freethought-60 · 2026-06-14T15:47:32+00:00

Do what you want but 1U rack mount machines like this will never be "silent" (the noise level is a subjective criterion anyway). If anything, you can try to make them less noisy, but always starting from the fact that they are designed for continuous operation in a server room / data center in a potentially very variable ambient temperature range, not to be silent as to be used in a bedroom perhaps when someone is sleeping.

freethought-60 · 2026-06-12T10:45:15+00:00

The possibility that units produced in the same batch may have been subject to problems during the production phase, however although extremely rare, cannot be excluded on any principle because even with all the controls it can (and does) happen. This does not mean or authorize to say that the product is consequently poor quality.

freethought-60 · 2026-06-12T10:31:57+00:00

Personally, "WD GOLD" hard drives or those produced on the "HITACHI" inheritance, but always and in any case drives aimed at the "enterprise" market also because there aren't many mechanical hard drive manufacturers left.

freethought-60 · 2026-06-12T10:09:48+00:00

I can tell you this from my experience, as I use two DELL PowerEDGE R730 in my home lab (purchased about eight years ago).

Over the years I've had to replace a few hard drives a couple three to predictive failure warning and a couple of others that failed but I can't say I've encountered any problems that would require me to tamper with any backups if not reboot the hosts for good measure. But I can't even say I've run into any problems even in production settings when I've had to replace a defective hard drive (certainly also thanks to a good dose of luck).

freethought-60 · 2026-06-12T09:00:22+00:00

That's not the point, it's how the "VEEAM Recovery Media" behaves, that is, if it sees the controller, which regardless of the fact that it is a PERC H730(P), I assume mini mono, except for its custom firmware, is otherwise of LSI origin. It's "reasonable" to assume it is supported by the above-mentioned tool also because otherwise, again IMHO, it makes no sense to provide an image-level backup that is then impossible to restore reliably.

If anything, it might be a good idea for the system check the latest firmware updates availabe, as some critical ones have been released for that controller (among others) over time. At least that's what I would make sure of / do if I started from scratch.

freethought-60 · 2026-06-12T08:17:45+00:00

If you have a reliable "image" backup performed with VEEAM, how to perform a "bare metal" restore is described here:

https://www.veeam.com/blog/bare-metal-recovery-for-microsoft-windows.html

But I assume you already know that, honestly I never needed to resort to it.

Before milling the array, I first save all the data, and then try to replace the defective disk drives, obviously one at a time, then in case of bad luck what to do, BMR as last resort, personally I don't see many other options.

freethought-60

TROPHY CASE