Skip to content

Business Requirements

Identity

  • Centralize user authentication.
  • Support role-based access control.
  • Prepare for Microsoft 365 integration.
  • Separate daily and administrative identities.

Network

  • Keep lab networks isolated from the home network.
  • Avoid 10.0.0.0/8 to reduce VPN overlap.
  • Segment traffic using VLANs.
  • Place a firewall between all internal zones.

Security

  • Use least privilege.
  • Enable auditing.
  • Avoid exposing RDP to the Internet.
  • Use a jump host for administration.
  • Prepare for MFA and Conditional Access.

Operations

  • Document every major change.
  • Keep an infrastructure inventory.
  • Maintain a deployment checklist.
  • Validate services after implementation.
  • Use Git as the source of truth for documentation.

Disaster recovery

  • Use snapshots before major changes.
  • Back up domain controllers appropriately.
  • Test recovery procedures.
  • Document RPO and RTO as the lab matures.