An image showing the deployment of a Windows 11 machine nearing completion

An image showing the deployment of a Windows 11 machine nearing completion

We’re happy to announce the completion of a months long process, going on since April, gradually improving our networks backend. Over in the Discord, our IT and Cyber Security branches were both allowed to participate in a text discussion channel alongside staff to talk about establishing an official network to host our web services and to train people on a variety of software tools.

Network Changes and Establishing a Domain

The first thing we discussed was establishing a IPv4 address numbering convention. The chosen convention includes..

  • First octet for the location (State, Provence, or Country) where that data center is located
  • Second octet for the incremental site number within that State, Provence, or Country
  • Third octet for the type of device, may differ between each site and ultimately up to the site owner
  • Fourth octet for the incremental device number

As an example.. The third [3] virtual machine server instance, on the fourth [4] hypervisor, at the second [2] datacenter located within the US state of Alabama ([22]nd state admitted to the union) would have an IPv4 address of 22.2.4.3.

Hardware upgrades were required at Westwood to accommodate the need for securing a tunnel to Arrowhead. Those updates were completed in a timely manner and a IPsec tunnel was established between the two sites. We also established a domain environment with at least one domain controller at each site.

A need for accessible virtual machine clients has been a topic since we started hosting web service, so the plan to allow users to remote into a virtual client in order to access the rest of the network was established. I attempted to install a VMware v-Center environment, but met limitations that didn’t comply with our current infrastructure. v-Center in our case would have required a ESXI virtual machine as well as a separate portal for v-center. ESXI could not run as a virtual machine.

All sites currently consist of at least one Windows Hyper-V hypervisor. This is mainly due to all of the extra crap that gets connected to the machine like webcams and microphones for the outdoor Meat N’s (Bar-B-Ques). I think it’s fun and Arrowhead won’t be opting out of this configuration for a long while. So, the Vmware plan was scrapped, and I then proceeded to go through the process of setting up Proxmox before realizing that although a secure container for allowing users to manage machines would be ideal, there is a better way. That container would ultimately have been limited to a finite amount of resources. Here is the first new tool that we have…

Apache Guacamole

Apache Guacamole is a remote desktop gateway that allows users to access their desktop environments through a web browser. It supports standard protocols like VNC, RDP, and SSH providing versatile connectivity options. The platform requires no plugins or client software, making it accessible from any device with a web browser. Guacamole’s architecture includes a web application (the client) and a proxy daemon (the server) that handle all connections and sessions. It offers robust security features, including SSL/TLS encryption, multi-factor authentication, and integration with LDAP and other authentication systems. Guacamole’s architecture allows for easy customization and integration with other systems and applications. All we had to do was make sure a RDP server was running on each of our Linux and Windows virtual machines that we designated as clients, and then proceed to add their ip address as a new connection in Guacamole. The Linux machines work flawlessly when remoting in, but Windows is proving a challenge when creating new user profiles.

I created a few tutorials over in the IT Portal for joining a couple of the Linux variants shown above to a Windows Active Directory domain.

Fog Project

We also need a easy way to deploy an operating system. We should be able to image a virtual or physical machine with Windows or Linux and set everything up the way it needs to be. We can install most of the software, and configure the system to our liking, but we won’t join it to the domain just yet. First we’re going to make a copy of that machine as a template to deploy others.

The FOG Project is an open-source computer cloning and management solution designed for rapid deployment and maintenance of networked systems. It uses PXE (Preboot Execution Environment) booting to streamline the process of imaging and deploying operating systems across multiple machines. FOG provides a web-based management interface, allowing administrators to manage tasks, configurations, and images from a centralized location. It supports a wide range of operating systems, including Windows, Linux, and macOS (gross), making it a versatile tool for various environments. The system includes powerful features such as disk imaging, multicast deployments, and scheduled tasks, enabling efficient management of large-scale networks. FOG also offers comprehensive hardware inventory tracking, providing detailed information about the machines in the network. Its advanced features include snap-ins for post-deployment software installations and configuration changes, ensuring systems are fully prepared for use immediately after imaging. Additionally, FOG Project is community-driven, benefiting from continuous improvements, updates, and support from a dedicated user base.

The build out of this project doesn’t really seem like much, but it’s a solid base and it’s going to be easy for us to build going forward. If you maintain a Black Cat site, you are the Tool Man, and you’ll have all the tools for collaborating with other site owners, along with providing for the community. And we’re anticipating a good number of events that will require these services in the near future.

Leave a Reply