Welcome to My Wiki

glimmer

Who am I?

My name is Zach! I made this wiki to show off all of the projects I've worked on in the past and present. I will also be documenting my educational journey!

Ways to connect with me:

Github

My Projects

Building a Virtual Enterprise Infrastructure for DevOps, Security, and AI Research

Introduction

I built this lab to demonstrate end-to-end enterprise infrastructure skills: network segmentation, identity management, orchestration, storage, and AI workloads. It’s a reproducible, interview-ready project that showcases practical experience with modern systems engineering and DevOps tools.

Overview

This project replicates a small enterprise network with domain services, Linux and Windows integration, DevOps automation, and a Kubernetes cluster — all virtualized under Proxmox VE 9.

Host Hardware

  • CPU: AMD Threadripper 9970X (32 cores / 64 threads)
  • Memory: 128 GB DDR5-5600
  • GPU: NVIDIA RTX 5090 (VFIO-ready)
  • Storage: Samsung 9100 PRO 1 TB NVMe
  • Motherboard: ASUS TRX50-SAGE Pro WS A
  • PSU: Corsair RM1000e 1000 W Gold

Virtualization Stack

  • Host OS: Arch Linux
  • Hypervisor: Proxmox VE 9
  • Filesystem: Btrfs RAID0 with zstd compression
  • Network: VLAN-aware bridges (vmbr0) with pfSense as the virtual router/firewall

Network Design

The lab network is segmented into multiple VLANs for isolation and realism. Each VLAN maps to a distinct subnet in the 10.0.x.0/24 range.

VLANPurposeSubnetGatewayDHCP Range
10Management10.0.1.0/2410.0.1.110.0.1.100–10.0.1.200
20Servers / AD10.0.2.0/2410.0.2.110.0.2.100–10.0.2.200
30Kubernetes / DevOps10.0.3.0/2410.0.3.110.0.3.100–10.0.3.200
40NAS / Storage10.0.4.0/2410.0.4.110.0.4.100–10.0.4.200
50SIEM / Cyber Range10.0.5.0/2410.0.5.110.0.5.100–10.0.5.200

Virtual Machine Topology

HostnameOS / RoleVLANIPvCPURAMNotes
FW01pfSense (Firewall/Router)trunk10.0.x.144 GBTrunked for all VLANs
DC01Windows Server 2025 Core2010.0.2.1068 GBAD DS + DNS
ADLIN01Rocky Linux 10 (Client)2010.0.2.2044 GBAD-joined
ADLIN02Rocky Linux 10 (Client)2010.0.2.2144 GBAD-joined
K8S-M1Rocky Linux 10 (K8s Master)3010.0.3.1088 GBControl Plane
K8S-W1Rocky Linux 10 (K8s Worker)3010.0.3.1166 GBWorker
K8S-W2Rocky Linux 10 (K8s Worker)3010.0.3.1266 GBOptional Worker
NAS01TrueNAS SCALE4010.0.4.1024 GBNFS / SMB / Kubernetes-ready storage
SIEM01Rocky Linux 10 (Wazuh SIEM)5010.0.5.1048 GBIDS + Log Aggregation

Storage Integration

TrueNAS SCALE delivers:

  • NFS + iSCSI for Kubernetes persistent volumes
  • SMB shares for Windows and Linux clients
  • AD integration for ACL management
  • Built-in Docker and K3s support
  • ZFS snapshots and replication

Identity & Access

  • AD Domain: lab.local
  • Domain Controller: DC01 (10.0.2.10)
  • Linux clients join AD via realm join --user=Administrator lab.local
  • DNS points to the AD server to enable Kerberos authentication and group-based access.

Kubernetes & DevOps

  • Cluster setup with kubeadm, containerd, and Calico CNI
  • Terraform manages VM provisioning and cluster resources
  • AD integration planned through OIDC (Dex or Keycloak)
  • Practice environment for IaC and GitOps (ArgoCD)

AI & Cyber Range

  • Ollama + OpenWebUI on host GPU for LLM use
  • Stable Diffusion for image and video generation
  • SIEM01 collects telemetry and detects simulated attacks from Cyber Range VMs

Technical Highlights

  • Multi-VLAN design using Proxmox VE 9 and pfSense
  • Hybrid Windows/Linux identity integration
  • Kubernetes cluster automation with Terraform
  • Enterprise-class storage with TrueNAS SCALE
  • SIEM deployment and network security simulation

Next Steps

  • Integrate OIDC authentication for Kubernetes
  • Expand Terraform automation and GitOps tooling
  • Deploy centralized logging (OpenSearch / ELK)
  • Extend cyber range and incident response testing

Author: Zach Yorks Date: October 2025 Technologies: Proxmox VE 9 | pfSense | Windows Server 2025 | Rocky Linux 10 | TrueNAS SCALE | Kubernetes | Terraform

From Homelab Engineer to AI Infrastructure Architect

🧩 Overview

Starting in Spring 2026, I will begin my journey toward becoming a Cybersecurity Architect specializing in AI infrastructure and enterprise networking.
This roadmap outlines how I will progress from my academic study at UTSA’s BBA in Cybersecurity to advanced Cisco certifications such as CCIE Data Center, leading toward a role in AI-first companies like NVIDIA or Cisco.

🎓 Current Certifications and Skills (as of 2025)

CertificationFocus AreaStatus
CompTIA A+IT hardware, troubleshooting, OS fundamentals✅ Completed
RHCSALinux system administration and automation✅ Completed
Proxmox / pfSense / VLAN LabVirtualization, routing, segmentation🧠 Active project
TrueNAS Scale / Rocky Linux / Windows Server 2025Domain services, storage, and AD integration🧠 Active project

📅 Career Roadmap Timeline (2026–2034)

YearPhaseGoals & FocusKey CertificationsCareer Milestones
2026–2028Phase 1: Academic FoundationBegin UTSA Cybersecurity BBA, strengthen networking and Linux fundamentals, develop Proxmox enterprise labCCNA, Security+, AWS Cloud PractitionerEntry-level IT or NOC Technician, Fiber Field Technician
2028–2030Phase 2: Network Engineering GrowthDesign enterprise VLANs, firewalling, automation (Ansible, Terraform), expand homelabCCNP Enterprise, CyberOps Associate, Azure/AWS AssociateNetwork Engineer, Security Operations Engineer
2030–2032Phase 3: Architecture and AutomationStudy Cisco ACI, SDN, VXLAN/EVPN, hybrid cloud networkingCCNP Security, DevNet ProfessionalSenior Network Architect, Cybersecurity Engineer
2032–2034Phase 4: Cybersecurity & AI InfrastructureFocus on AI cluster networking, Zero Trust, and data center automationCCIE Data Center, CISSP, DevNet ExpertCybersecurity Architect, AI Infrastructure Architect

🧱 Phase 1: Academic Foundation (2026–2028)

Goal: Build strong networking and cybersecurity fundamentals while completing UTSA’s BBA in Cybersecurity.

Focus Areas

  • Network architecture, subnetting, and VLANs
  • Virtualization with Proxmox and pfSense
  • Security fundamentals and risk management
  • Scripting with Bash and Python

Short-Term Certifications

  • 🎯 Cisco CCNA
  • ⚙️ CompTIA Security+
  • ☁️ AWS Cloud Practitioner

Experience Targets

  • Part-time IT or NOC position
  • Expand Proxmox enterprise network simulation
  • Document homelab projects using mdBook

🚀 Phase 2: Network Engineering Growth (2028–2030)

Goal: Transition into full-time network or cybersecurity engineering roles.

Focus Areas

  • Enterprise Layer 2/3 design and VLAN segmentation
  • Automation via Ansible and Terraform
  • Network monitoring and observability (Prometheus, Grafana)
  • Cloud networking and security integration

Key Certifications

  • 🧠 CCNP Enterprise
  • 🔐 Cisco CyberOps Associate
  • ☁️ Azure Network Engineer Associate

Roles

  • Network Engineer
  • Security Operations Engineer
  • Infrastructure Automation Specialist

🧩 Phase 3: Advanced Architecture (2030–2032)

Goal: Develop advanced data center and security architecture skills.

Focus Areas

  • Cisco ACI (Application Centric Infrastructure)
  • VXLAN, EVPN, and SDN frameworks
  • Cloud-native network automation
  • Identity and Access Management across AD and Kubernetes

Certifications

  • 📘 CCNP Security
  • ⚙️ Cisco DevNet Professional
  • 🧩 CCIE Data Center (Written)

Career Path

  • Senior Network Architect
  • Cybersecurity Engineer (Automation Focus)

🧠 Phase 4: AI Infrastructure Leadership (2032–2034)

Goal: Design and secure high-performance AI networks.

Focus Areas

  • AI cluster networking (InfiniBand, NVLink, RoCEv2)
  • Zero Trust architectures and multi-tenant security
  • High-throughput data center automation pipelines
  • AI security compliance and monitoring

Certifications

  • 🏅 CCIE Data Center (Lab Complete)
  • 🔐 CISSP or CCSP
  • 👨‍💻 DevNet Expert (Optional)

Career Path

  • Cybersecurity Architect
  • AI Infrastructure Architect
  • Principal Network Engineer (AI Systems)

🧰 Supporting Technologies in the Homelab

ComponentFunctionSoftware Used
Proxmox VE 9Virtualization and orchestrationVLANs, ZFS/Btrfs, nested VMs
pfSenseFirewall and gatewayVLAN routing, DHCP/DNS services
TrueNAS ScaleNetwork-attached storageiSCSI shares, NFS, SMB
Rocky Linux 10K8s nodes and AD clientsDocker, Kubernetes, Realmd
Windows Server 2025Domain ControllerAD DS, DNS, GPO, DHCP
Terraform / AnsibleAutomation and infrastructure-as-codeIaC deployment of VMs and configs

📚 Continuous Learning Resources

AreaRecommended Resources
Networking“Network Warrior” by Gary Donahue, Jeremy’s IT Lab (YouTube)
Linux / AutomationRHCSA Study Guide, Ansible, Terraform Docs
SecurityTryHackMe, HackTheBox, “Blue Team Field Manual”
CiscoINE Labs, Boson ExSim, Cisco Learning Network
FiberFOA Online Certification, ETA Fiber Optics Training

🏁 Final Vision

By combining formal education from UTSA, hands-on homelab architecture, and progressive Cisco certifications, my long-term mission is to design and secure scalable AI-driven network infrastructures.

Through this roadmap, I aim to evolve from a homelab engineer to an AI Infrastructure Cybersecurity Architect — capable of building and defending intelligent, data-driven networks for the next generation of computing.

🏗️ Homelab Topology Overview

My homelab environment is designed to simulate an enterprise-grade network and cybersecurity infrastructure, fully virtualized on Proxmox VE 9 with pfSense, TrueNAS Scale, and multiple Linux and Windows VMs.
This environment is used for hands-on practice in Active Directory, network segmentation, Kubernetes, and infrastructure automation using Terraform and Ansible.

🌐 Network Architecture

VLAN IDSubnetPurposeGateway (pfSense)Example Systems
1010.0.1.0/24Management / Infrastructure10.0.1.1Proxmox, TrueNAS, pfSense LAN
2010.0.2.0/24Server / AD Network10.0.2.1Windows Server 2025 (DC), Rocky Linux AD Nodes
3010.0.3.0/24Kubernetes / DevOps10.0.3.1Rocky Linux K8s Master & Workers
4010.0.4.0/24Security / SIEM10.0.4.1Security Onion, Wazuh
5010.0.5.0/24Storage / Backup10.0.5.1TrueNAS Scale iSCSI, Backup nodes
9910.0.99.0/24Out-of-Band / Admin Access10.0.99.1Management terminals, monitoring tools

All VLANs are trunked through pfSense, which acts as the default gateway, DHCP/DNS provider, and inter-VLAN router.
Firewall rules and NAT policies are defined in pfSense to isolate or allow traffic between VLANs as needed for testing.

🧱 Virtual Machine Layout

VM NameOSvCPUsMemoryStorageVLANPurpose
pfsense-vmpfSense44 GB20 GBVLAN 10Core firewall, DHCP/DNS, routing
proxmox-veProxmox VE 95095 GB680 GB (Btrfs RAID0)VLAN 10Hypervisor hosting entire lab
truenas-scaleTrueNAS Scale416 GB100 GBVLAN 50Centralized storage, NFS/iSCSI
dc01-win2025Windows Server 2025 (Core)816 GB80 GBVLAN 20Active Directory Domain Controller
ad-node01Rocky Linux 1048 GB40 GBVLAN 20AD-joined Linux node
ad-node02Rocky Linux 1048 GB40 GBVLAN 20Secondary AD Linux node
k8s-masterRocky Linux 10816 GB60 GBVLAN 30Kubernetes control plane
k8s-worker01Rocky Linux 10816 GB60 GBVLAN 30K8s worker node
siem-nodeRocky Linux 10616 GB80 GBVLAN 40Wazuh or Security Onion SIEM server

🧩 Network Services Overview

ServiceProvided ByVLANDescription
DHCP / DNSpfSense10, 20, 30, 40, 50Dynamic addressing and domain resolution
Active Directory (AD DS)Windows Server 202520Domain Controller and central auth
LDAP / Kerberos IntegrationAD DS + Rocky Linux20SSO for Linux nodes and K8s
NFS / SMB / iSCSITrueNAS Scale50Centralized storage and VM backups
Kubernetes ClusterRocky Linux nodes30Container orchestration for apps
SIEM StackRocky Linux (Wazuh / Security Onion)40Security event monitoring and log analysis
Automation / IaCTerraform, Ansible10 / 30Automates provisioning and configuration

🔒 Security and Segmentation

  • pfSense enforces inter-VLAN policies — for example, K8s nodes can reach AD for authentication but not directly access SIEM.
  • VLAN 99 is isolated for admin-only access to pfSense, TrueNAS, and Proxmox GUIs.
  • All traffic to the internet routes through pfSense’s WAN (bridged or passthrough NIC).
  • Firewall rules simulate Zero Trust segmentation, testing lateral movement prevention and network hardening.

⚙️ Automation and Integration

  • Terraform provisions VMs, network bridges, and VLANs inside Proxmox.
  • Ansible configures systems post-deployment (networking, packages, K8s init).
  • LDAP / RealmD connects Linux systems to AD for central authentication.
  • TrueNAS shares storage via iSCSI/NFS for VM disks and backup volumes.
  • Kubernetes runs lab microservices and containerized testing tools.

🧠 Lab Use Cases

  • Practicing Active Directory and LDAP integration with Linux-based services
  • Simulating enterprise segmentation and security policy enforcement
  • Deploying Kubernetes and Terraform in realistic networked environments
  • Hosting SIEM and log correlation tools for threat monitoring practice
  • Running TrueNAS-based storage networks with VLAN-isolated traffic

🧩 Summary

This homelab provides a self-contained enterprise network ecosystem designed for hands-on learning in:

  • Network security architecture
  • Virtualization and infrastructure-as-code
  • Active Directory and domain management
  • Kubernetes and DevOps automation
  • Cybersecurity monitoring and analysis

Together, these systems form the foundation for my path toward becoming an AI Infrastructure Cybersecurity Architect — blending networking, security, and automation into one cohesive platform for experimentation and professional growth.