Hardware specification
This is a cluster setup, the whole network has been deployed on one Dell PowerEdge T430, one Lenovo ThinkPad, one Raspberry PI 5, Mikrotik RB750GR3 and one fanless NETGEAR layer-2 switch.
Dell PowerEdge T430
This network cluster uses Dell PowerEdge T430 13th Gen. This server is equipped with iDRAC 8 as its out-of-band management (OOBM) interfaces or Baseboard Management Controllers (BMCs) with an enterprise license. The hardware specifications are as follows.
|
Category |
Specifications |
|
Form Factor |
Tower (5U) |
|
Processor (CPU) |
2x Intel Xeon E5-2698 v3 16 core and total threads 32Haswell |
|
Total Cores |
64 vCPU |
|
Memory (RAM) |
- Slots : 8x DDR4 DIMMs * 32 GB = 256 GB - Speed: 2133 MHz |
|
Storage |
- Drive Bays: 6 x 3.5 hot-swap 1 TB = 6 TB SATA - Controller: PERC H730 with Raid 5 configured on it - SSD independent storage: 1 x 2TB, 2 x 500 GB, 2 x 1 TB |
|
Expansion Slots |
- PCIe Slots: 4x Gen3 (x16, x8) |
|
Networking |
- Onboard NIC: Broadcom Gigabit Ethernet BCM5720 |
|
Power Supply |
- 2 x 750W |
|
Management |
iDRAC8 (Enterprise) with Lifecycle Controller |
|
Front Ports |
2x USB 3.0, 1x VGA, |
|
Rear Ports |
2x USB 3.0, 1x USB 2.0, 1x Serial, 1x VGA, 1x iDRAC dedicated port |
|
Dimensions (HxWxD) |
432 x 218 x 696 mm (17 x 8.6 x 27.4 in) |
|
Weight |
50 kg |
|
OS |
ESXi 8 |
Mikrotik Router Model and specification
On MikroTik, RouterOS 7.18.2 is installed notwithstanding the fact that the default version was 6.x. So upgrade was compulsory.
Specifications
|
Details |
|
|
Product code |
E50UG |
|
Architecture |
ARM |
|
CPU |
EN7562CT |
|
CPU core count |
2 |
|
CPU nominal frequency |
950 MHz |
|
Switch chip model |
EN7562CT |
|
Dimensions |
113x89x28mm |
|
RouterOS license |
4 |
|
Operating System |
RouterOS v7 |
|
Size of RAM |
512 MB |
|
Storage size |
128 MB |
|
Storage type |
NAND |
|
MTBF |
Approximately 100'000 hours at 25C |
|
Tested ambient temperature |
-40°C to 70°C |
|
IPsec hardware acceleration |
Yes |
|
Suggested price |
$59.95 |
Powering
|
Details |
|
|
Number of DC inputs |
2 (DC jack, PoE-IN) |
|
DC jack input Voltage |
12-28 V |
|
Max power consumption |
10 W |
|
Max power consumption without attachments |
4 W |
|
Cooling type |
Passive |
|
PoE in |
Passive PoE |
|
PoE in input Voltage |
12-28 V |
Ethernet
|
Details |
|
|
10/100/1000 Ethernet ports |
5 |
Peripherals
|
Details |
|
|
Number of USB ports |
1 |
|
USB Power Reset |
Yes |
|
USB slot type |
USB type A |
|
Max USB current (A) |
1 |
Other
|
Details |
|
|
CPU temperature monitor |
Yes |
|
PCB temperature monitor |
Yes |
|
Voltage Monitor |
Yes |
|
Mode button |
Yes |
Certification & Approvals
|
Details |
|
|
Certification |
CE, EAC, ROHS |
|
IP |
20 |
NETGEAR layer-2 switch
NETGEAR (GS308EV4) 8-Port RJ45 Metal Gigabit Ethernet Switch (10/100/1000), Plus Series Web Manageable RJ45 Switch, Plug-and-Play, Silent Fanless, Desktop or Wall Mountable. This switch is the layer-2 access switch for the cluster; Hence, all nodes and NICs use it to rich to layer-3 router.
Laptop Lenovo ThinkPad T470
To protect the cluster against power-outage, bring out-of-server high availability and redundancy, this laptop is used. Thus, k8s APIserver, API endpoint VIP and etcd are located on both master nodes and the master node on this laptop. This laptop is protected with Lenovo voltage application to protect its battery and being always-on. The hypervisor on this laptop is VMware pro 18 and OS on the only VM on it is the same as other master node “Ubuntu 22.4”.
Raspberry PI 5
The Raspberry PI5 with Ubuntu ARM base running on it. The specification is Raspberry Pi 5 8GB Kit 64GB Edition with Active Cooler, 27W 5.1V5A USB-C Power Supply, Pi5 8GB Board, 64GB Card Reader Kit, Pi 5 Case, Dual 4K Micro HD Out Cables with 256.
This node has a very important role in 2-tier security architecture which has been explained in its own chapter.
CPU Type: Raspberry Pi 5’s Cortex-A76 CPU
Architecture: aarch64: 64-bit ARM.
CPU op-mode(s): 32-bit, 64-bit: The CPU supports both 32-bit and 64-bit modes, but OS is running in 64-bit mode in our setup.
CPU(s): 4: Quad-core CPU (Cortex-A76).
Model name: Cortex-A76: Matches the Raspberry Pi 5’s 2.4GHz quad-core ARM Cortex-A76 CPU.
CPU max MHz: 2400.0000: 2.4GHz clock speed.
Caches: Details cache sizes (L1, L2, L3), typical for Cortex-A76
Caches (sum of all):
L1d: 256 KiB (4 instances)
L1i: 256 KiB (4 instances)
L2: 2 MiB (4 instances)
L3: 2 MiB (1 instance)
YUBICO YubiKey 5 Nano
This trusted USB stick is my HSM and stores all certificates, private, public keys and sensitive databases. Multi-protocol security key, eliminate account takeovers with strong two-factor, multi-factor and passwordless authentication, and seamless touch-to-sign. Multi-protocol support allows for strong security for legacy and modern environments. And a full range of form factors allows users to secure online accounts on all of the devices that they love, across desktops and mobile.
- Multi-protocol support; FIDO2, U2F, Smart card, OTP, OpenPGP 3
- IP68 rated, crush resistant, no batteries required, no moving parts
Figure 1 - YubiKey 5 Nano
Strongest 2FA
A physical security key, that can be added to a keychain and plugged into a computer, tablet or mobile device, adds an extra layer of protection on top of passwords to offer the strongest second factor authentication protection against phishing attacks.
Strongest MFA
Users can combine the hardware authenticator with a PIN or biometric to meet high assurance identity verification requirements before engaging in sensitive transactions.
Passwordless
Eliminate passwords altogether and move to a more secure and efficient account login experience with passwordless workflows, using the authenticator and PIN or biometric.
|
Flash memory type |
USB key |
|
Manufacturer |
YUBICO |
|
Hardware connectivity technology |
USB Type A |
|
Hard drive size |
1 GB |
|
Memory card type |
USB key |
|
Item dimensions L x W x H |
13 x 12 x 3 millimeters |
|
Miscellaneous |
Tamper Resi, Compact, Water Resistant |