A comprehensive enterprise-grade IT infrastructure deployment simulating real-world corporate environment, built from ground-up in a virtualized home lab environment. This project demonstrates end-to-end infrastructure management capabilities including network design, Active Directory deployment, cloud integration, and advanced enterprise services configuration.
Project Objective:
Design, deploy, and operationalize a fully functional enterprise IT infrastructure in a controlled virtualized environment to demonstrate practical competency in IT Infrastructure Management Services and Cybersecurity Infrastructure protection.
Business Context:
This project simulates a mid-to-large enterprise network environment with integrated on-premises and cloud services, mimicking real-world corporate IT infrastructure requirements. The lab serves as both a learning platform and a demonstration of enterprise IT administration capabilities essential for IT infrastructure and system administration roles, which gives an overall knowledge base to an informed cyber defender.
Key Outcomes:
- Fully operational Active Directory domain environment
- Integrated cloud services (Microsoft 365, Azure AD)
- Multi-service enterprise infrastructure (Exchange, SharePoint, MySQL, Web Services)
- Advanced networking with DHCP, DNS, NAT configurations
- Comprehensive security policy implementation
- Successfully tested and validated infrastructure under operational load
Duration: Initial Planning Phase
Activities:
- Requirements analysis for enterprise infrastructure components
- Network topology design using Cisco Packet Tracer
- Resource allocation planning (CPU, RAM, Storage for VMs)
- Service dependency mapping
- Security policy framework design
Deliverables:
- Network architecture diagram
- System requirements specification
- Component integration plan
Duration: Preparation Phase
Activities:
- Acquired Windows Server ISOs (2016/2019/2022)
- Obtained Windows 10/11 Enterprise client ISOs
- Downloaded necessary service installation packages (Exchange, MySQL, etc.)
- Prepared VMware Workstation 16 Pro environment
- Created resource allocation baseline
Deliverables:
- Complete software inventory
- ISO library for deployment
- VMware environment configured
Duration: Core Development Phase
Activities:
- Virtual machine provisioning (6 simultaneous VMs)
- Base OS installations and configurations
- Network infrastructure setup (vSwitches, vNICs)
- Core services deployment (DHCP, DNS, NAT)
- Active Directory Domain Services installation
- Domain controller configuration
- Client workstation domain joining
Deliverables:
- Operational VM infrastructure
- Functional AD domain
- Network services operational
Duration: Advanced Implementation Phase
Activities:
- ADDS (Active Directory Domain Services) configuration
- ADFS (Active Directory Federation Services) setup
- ADCS (Active Directory Certificate Services) deployment
- Remote Access Services configuration
- iSCSI storage server setup
- NFS (Network File System) implementation
- IIS Web Server deployment
- Load Balancer configuration
- IPAM (IP Address Management) setup
- Exchange Server 2016 installation and configuration
- MySQL database server deployment
- Microsoft 365 tenant creation and integration
- Azure AD Connect setup (hybrid identity)
- SharePoint Services configuration
- Power Platform setup (Power Automate, Power BI)
Deliverables:
- Fully integrated enterprise service stack
- Cloud-to-on-premises connectivity
- Advanced security policies active
Duration: Security Configuration Phase
Activities:
- Group Policy Objects (GPO) creation and deployment
- Dynamic Access Control (DAC) implementation
- Network Access Control (NAC) configuration
- Security baseline enforcement
- User and computer OU structure optimization
- Password and account policies configuration
- Audit policy implementation
Deliverables:
- Comprehensive security policy framework
- Hardened infrastructure
- Compliance-ready environment
Duration: Operational Testing Phase
Activities:
- Functional testing of all deployed services
- User authentication and authorization testing
- Network connectivity and service availability validation
- Load testing with multiple concurrent users
- Failover and redundancy testing
- Cloud integration testing
- End-to-end workflow validation
Deliverables:
- Test results documentation
- Performance metrics
- Validated operational infrastructure
Duration: Ongoing
Activities:
- Infrastructure documentation creation
- Network diagram finalization
- Service configuration documentation
- Troubleshooting guide development
- Knowledge base creation
Deliverables:
- Complete project documentation
- Operational runbooks
- Architecture reference materials
Host Environment:
- Hypervisor: VMware Workstation 16 Pro
- Host OS: Windows 11 (64-bit)
- Host CPU: Intel Core i7
- Host RAM: 16GB (32GB+ recommended)
- Host Storage: 2TB SSD
- Network: Gigabit Ethernet adapter
| VM Name | Role | vCPU | RAM | Storage | OS |
|---|---|---|---|---|---|
| DC-01 | Primary Domain Controller | 2 | 4GB | 60GB | Windows Server 2019 |
| DC-02 | Secondary Domain Controller (Optional) | 2 | 4GB | 60GB | Windows Server 2019 |
| EXCH-01 | Exchange Server 2016 | 4 | 16GB | 100GB | Windows Server 2016 |
| WEB-01 | IIS Web Server / iSCSI Target | 2 | 4GB | 80GB | Windows Server 2019 |
| DB-01 | MySQL Database Server | 2 | 4GB | 60GB | Windows Server 2019 |
| CLIENT-01 | Domain-joined Workstation | 2 | 4GB | 60GB | Windows 10/11 Enterprise |
Virtual Network Topology:
- Internal Network (NAT): 192.168.10.0/24
- Gateway: 192.168.10.1
- DC-01: 192.168.10.10
- DC-02: 192.168.10.11
- EXCH-01: 192.168.10.20
- WEB-01: 192.168.10.30
- DB-01: 192.168.10.40
- DHCP Pool: 192.168.10.100-200
- External Network (Bridged): For internet connectivity
- Host-Only Network: For isolated testing scenarios
Server Operating Systems:
- Windows Server 2016 Datacenter/Standard (ISO)
- Windows Server 2019 Datacenter/Standard (ISO)
Client Operating Systems:
- Windows 10 Enterprise (ISO)
- Windows 11 Enterprise (ISO)
Applications & Services:
- Microsoft Exchange Server 2016 (ISO)
- Microsoft SQL Server (for Exchange prerequisites)
- MySQL Community Server
- Microsoft 365 Tenant (Trial)
- Azure subscription (Student)
Design & Planning Tools:
- Cisco Packet Tracer (for network design)
Knowledge Requirements:
- Windows Server administration fundamentals
- Active Directory concepts and management
- Networking fundamentals (OSI model, TCP/IP, subnetting)
- DNS and DHCP configuration
- Basic PowerShell scripting
- Cloud services fundamentals (Azure, Microsoft 365)
Hardware Minimum Requirements:
- 64-bit capable processor with virtualization extensions (Intel VT-x/AMD-V)
- Virtualization enabled in BIOS/UEFI
- Minimum 16GB RAM (64GB recommended for full lab)
- 500GB available disk space (SSD strongly recommended)
- Stable internet connection for cloud services integration
- Multi-forest, single-domain architecture
- Organizational Unit (OU) structure for users, computers, groups
- Domain controller replication (Backup - DC)
- FSMO roles configured and verified
- Global Catalog services
- Primary DNS zone configuration
- Forward lookup zones for domain
- Reverse lookup zones for subnets
- DNS forwarders configured for external resolution
- Integration with Active Directory
- Scope configuration for automatic IP addressing
- Reservation management for servers
- DHCP options configuration (DNS servers, default gateway)
- Multi-scope support across subnets
- Internet connectivity for internal network
- Routing and Remote Access Service (RRAS) configuration
- Port forwarding rules for external access
- Network isolation and segmentation
- Single Sign-On (SSO) infrastructure
- Claims-based authentication
- Integration with Microsoft 365
- Multi-factor authentication support
- Enterprise Certificate Authority deployment
- Certificate templates for SSL/TLS, code signing, user authentication
- Auto-enrollment policies
- Certificate revocation list (CRL) distribution
- VPN server configuration
- DirectAccess setup (Windows 10+ clients)
- Remote Desktop Gateway
- Network Policy Server (NPS) for RADIUS authentication
- iSCSI Target Server configuration
- Virtual disk provisioning
- Initiator connection from clients
- Shared storage for high availability scenarios
- NFS server role installation
- Share creation and permissions
- Cross-platform file sharing (Windows/Linux)
- Internet Information Services deployment
- Website hosting with SSL/TLS certificates
- Application pool configuration
- Web application deployment
- Network Load Balancing (NLB) configuration
- Traffic distribution across multiple servers
- High availability for web services
- Health monitoring and failover
- Centralized IP address tracking
- DHCP and DNS server management
- IP address space planning
- Audit and reporting capabilities
- Mailbox server role deployment
- Client Access Server (CAS) configuration
- Email routing and transport rules
- Outlook Web Access (OWA) setup
- Integration with Active Directory
- Public folder configuration
- MySQL Community Server installation
- Database creation and management
- User account and privilege management
- Remote connection configuration
- Integration with web applications
- Tenant creation and configuration
- User licensing and assignment
- Exchange Online mailbox migration readiness
- Microsoft Teams deployment
- OneDrive for Business configuration
- Compliance and security features
- Azure AD tenant setup
- Azure AD Connect installation and configuration
- Hybrid identity synchronization (on-prem AD to Azure AD)
- Password hash synchronization or Pass-through authentication
- Seamless Single Sign-On (SSO)
- Conditional Access policies
- SharePoint Online site collection creation
- Document libraries and lists
- Permission management and sharing
- Integration with Microsoft Teams
- Workflow automation
- Power Automate: Automated workflows between services
- Power BI: Data visualization and reporting dashboards
- Integration with Microsoft 365 data sources
- Custom business process automation
- Resource property definitions
- Central Access Policies
- File classification infrastructure
- Claims-based access control
- 802.1X authentication
- Network Policy Server (NPS) policies
- Device compliance verification
- Quarantine network for non-compliant devices
- Comprehensive GPO structure
- Security policies (password, account lockout, audit)
- Software deployment via GPO
- Folder redirection and drive mapping
- Desktop configuration and restrictions
1. Initial Planning & Design
└─> Network topology created in Cisco Packet Tracer
└─> Resource requirements defined
└─> Service integration plan documented
2. Environment Preparation
└─> VMware Workstation 16 Pro configured
└─> Virtual networks created (NAT, Host-Only)
└─> ISO files organized and ready
3. Core Infrastructure Deployment
└─> Domain Controller (DC-01) deployed
└─> ADDS installed and domain created
└─> DNS configured as AD-integrated
└─> DHCP server role installed and scopes defined
4. Network Services Validation
└─> DHCP leases tested and verified
└─> DNS resolution tested (internal and external)
└─> NAT configured for internet access
5. Client Integration
└─> CLIENT-01 workstation deployed
└─> Domain join successful
└─> User accounts created in AD
└─> GPO applied and tested
6. Advanced Services Layer 1
└─> ADFS server configured for federation
└─> ADCS deployed for certificate management
└─> Remote Access configured for VPN
7. Advanced Services Layer 2
└─> Exchange Server 2016 installed
└─> Mailbox databases created
└─> OWA and email flow tested
└─> Web Server (IIS) deployed with SSL
└─> MySQL database server operational
8. Storage & File Services
└─> iSCSI Target configured on WEB-01
└─> NFS shares created and tested
└─> File server role with DFS
9. Cloud Integration Phase
└─> Microsoft 365 tenant created
└─> Azure AD Connect installed on DC-01
└─> Identity synchronization activated
└─> Hybrid identity validated
└─> SharePoint sites provisioned
└─> Teams and OneDrive configured
10. Power Platform Configuration
└─> Power Automate flows created
└─> Power BI workspace setup
└─> Data connectors configured
11. Security Hardening
└─> DAC policies implemented
└─> NAC with 802.1X configured
└─> Security GPOs deployed
└─> Audit logging enabled
12. Load Testing & Validation
└─> Multi-user authentication tests
└─> Email send/receive validation
└─> Web service availability checks
└─> Database connection tests
└─> Cloud service integration verified
13. Documentation & Finalization
└─> Network diagrams completed
└─> Service documentation created
└─> Configuration backups performed
Active Directory → Cloud Integration:
On-Premises AD (DC-01)
↓ [Azure AD Connect]
Azure Active Directory
↓ [Synchronization]
Microsoft 365 Services
├─> Exchange Online
├─> SharePoint Online
├─> Microsoft Teams
└─> OneDrive for Business
Authentication Flow:
User Workstation (CLIENT-01)
↓ [Kerberos]
Domain Controller (DC-01)
↓ [ADFS Token]
Azure AD
↓ [OAuth 2.0]
Microsoft 365 / Cloud Services
Network Communication Flow:
CLIENT-01 (192.168.10.100)
↓ [DHCP Request]
DC-01 (192.168.10.10) - DHCP Server
↓ [IP Lease: 192.168.10.100]
CLIENT-01 → DNS Query → DC-01
↓ [Name Resolution]
Resource Access (Exchange, Web, Database)
- Windows Server Administration: Installation, configuration, and management of Windows Server environments (2016/2019)
- Active Directory Management: Domain design, OU structure, user/group administration, GPO management
- Virtualization Technologies: VMware Workstation advanced features, VM lifecycle management, resource optimization
- Network Infrastructure: DHCP, DNS, NAT configuration and troubleshooting
- Server Roles Deployment: Multi-role server configuration and integration
- Messaging Systems: Exchange Server 2016 deployment, mailbox management, transport rules
- Web Services: IIS administration, SSL certificate management, web application hosting
- Database Management: MySQL installation, database administration, user privilege management
- Storage Technologies: iSCSI configuration, NFS setup, shared storage management
- Load Balancing: NLB cluster configuration, traffic distribution, high availability
- Microsoft 365 Administration: Tenant management, user licensing, service configuration
- Azure Active Directory: Hybrid identity setup, Azure AD Connect, SSO implementation
- SharePoint Administration: Site collection management, permission configuration
- Power Platform: Process automation with Power Automate, data visualization with Power BI
- Cloud Integration: On-premises to cloud service integration and migration strategies
- Identity Management: Federated authentication (ADFS), certificate services (ADCS)
- Access Control: Dynamic Access Control (DAC), Network Access Control (NAC), 802.1X
- Security Policies: GPO-based security hardening, audit policy configuration
- Remote Access: VPN configuration, DirectAccess, Network Policy Server (NPS)
- Certificate Management: PKI infrastructure, certificate templates, auto-enrollment
- Network Design: Topology planning with Cisco Packet Tracer
- IP Address Management: IPAM deployment, subnet planning, IP tracking
- Network Protocols: TCP/IP, DHCP, DNS, routing protocols understanding
- Network Segmentation: VLAN concepts, subnet isolation, traffic management
- Troubleshooting: Network connectivity issues, service availability, performance optimization
- SDLC/Systems Development: Structured approach from planning through deployment and testing
- Requirements Analysis: Infrastructure needs assessment, resource planning
- Technical Documentation: Network diagrams, configuration guides, runbooks
- Testing & Validation: Functional testing, load testing, integration testing
- Problem-Solving: Complex multi-service integration, dependency resolution
- Systematic Thinking: Ability to architect complex enterprise systems with multiple dependencies
- Attention to Detail: Precise configuration of interconnected services
- Troubleshooting Methodology: Root cause analysis for infrastructure issues
- Time Management: Multi-phase project execution over extended timeline
- Self-Learning: Independent research and implementation of advanced technologies
- Documentation: Clear technical writing for future reference and knowledge transfer
This project provides foundational knowledge essential for cybersecurity roles by demonstrating:
- Understanding of infrastructure that must be secured and defended
- Attack surface awareness across multiple service layers
- Identity and access management critical for security
- Logging and auditing infrastructure for security monitoring
- Network segmentation and isolation concepts
- Secure configuration and hardening practices
- Integration points that introduce security considerations
Relevance to Security Operations:
- SOC analysts must understand the infrastructure they protect
- Incident responders need knowledge of AD, Exchange, web services for investigation
- Security engineers require infrastructure expertise for defense-in-depth strategies
- Penetration testers benefit from knowing how enterprise environments are built
- Microsoft Active Directory Documentation
- Exchange Server 2016 Documentation
- Microsoft 365 Admin Documentation
- Azure Active Directory Documentation
- VMware Workstation Pro Documentation
- Cisco Packet Tracer Resources
- VMware Workstation 16 Pro: Virtualization platform
- Cisco Packet Tracer: Network design and simulation
- Windows Server 2016/2019: Core infrastructure OS
- Microsoft 365: Cloud services platform
- Azure Portal: Cloud management interface
- PowerShell ISE: Automation and scripting
- Microsoft TechCommunity Forums
- Reddit: r/sysadmin
- Stack Overflow: Windows Server, Active Directory tags
This project was developed as a culmination of 4 years of study during my Bachelor's degree in IT, Information Management Systems (IMS), and Cybersecurity. It represents the practical application of theoretical knowledge gained throughout the degree program and serves as a comprehensive portfolio piece demonstrating enterprise IT infrastructure competency.
This infrastructure was built in a controlled home lab environment for educational R&D and demonstration purposes. It simulates enterprise environments but should not be directly replicated in production without proper security assessments and enterprise-grade configurations.
- Default Credentials: All default passwords and credentials should be changed in any production environment
- Security Hardening: Additional security measures beyond this lab scope are required for production deployment of such infrastructure
- Patch Management: Regular patching and updates are essential for operational environments
- Backup Strategy: Production environments require comprehensive backup and disaster recovery plans
- Monitoring: Enterprise monitoring solutions (SIEM, alerting) should be implemented
- Software Licensing: All software used in this lab was obtained through legitimate means (evaluation licenses, student licenses, or purchased licenses)
- Microsoft Evaluation: Many components may use evaluation or development licenses not suitable for production
- Compliance: Production environments must adhere to organizational compliance requirements (GDPR, HIPAA, SOC 2, etc.)
- Resource Constraints: This lab operated on limited hardware compared to production data centers
- Simplified Topology: Production networks typically have additional layers (DMZ, security zones, etc.)
- Single Points of Failure: This lab may not implement full redundancy present in enterprise level environments
- Internet Exposure: Production environment may require additional firewall and security appliances
Potential options for succession for this lab environment:
- Implementation of SIEM solution (Splunk, ELK Stack)
- Intrusion Detection/Prevention Systems (IDS/IPS)
- Next-generation firewall deployment (pfSense, FortiGate)
- Endpoint Detection and Response (EDR) solutions
- Centralized logging and monitoring
- Container orchestration (Kubernetes) for modern workloads
- Zero Trust architecture implementation
Common issues encountered and resolved during lab development:
- VM Performance: Adjusted CPU/RAM allocation, enabled hardware virtualization
- Network Connectivity: Verified virtual switch configurations, NAT settings
- Active Directory Replication: Ensured proper DNS configuration, time synchronization
- Exchange Installation: Verified all prerequisites, schema extensions
- Azure AD Sync: Troubleshot firewall rules, verify Azure AD is able to communicate with on-prem AD
Mello-io
Security Analyst | Incident Response | Security Operations, GRC, Digital Forensics
Connect:
- 💻 GitHub
- 🌐 Portfolio Website
Repository: Enterprise-IT-Infrastructure-Lab
Project Type: Home Lab / Portfolio Project
Status: ✅ Completed & Archived
Lab Last Updated: December 2024
License: Creative Commons Attribution-NonCommercial-NoDerivatives 4.0 International (CC BY-NC-ND 4.0)
Project Tags:
#HomeLabProject #ITInfrastructure #ActiveDirectory #MicrosoftCloud #EnterpriseIT #WindowsServer #NetworkAdministration #CybersecurityFoundations #SystemsAdministration #CloudIntegration
- GU - AIM: For providing foundational knowledge and learning resources
- Microsoft: For evaluation licenses and comprehensive documentation
- VMware: For Workstation Pro virtualization platform
- IT Community: Forums, blogs, and community members who shared knowledge
- Open Source Contributors: For tools and utilities that aided development
Interested in discussing this project or potential collaboration opportunities in cybersecurity or IT infrastructure?
Feel free to reach out via LinkedIn or open an issue in this repository.
This project showcases practical infrastructure competency essential for security analysts and engineers, demonstrating the ability to understand, build, and secure enterprise IT environments from the ground up.