Menu

dev_and_testing_env

🛠️Development and Testing Environment

🌐 Network Architecture

This environment is composed of three core network zones, designed to mimic a typical hybrid enterprise setup:

  1. Development VLAN
    Functions as a proxy-to-internet zone used to hijack or intercept DNS and service calls as needed. It enables testing of redirect logic, hostname spoofing, or simulating cloud resources and CDN endpoints.

  2. Internal Host Transit Network
    A dedicated transit layer that links all Opnsense VMs with static routing only, simulating WAN connectivity across isolated customer domains while allowing controlled traffic flows between them.

  3. Domain Networks (White, Gray, Black)
    Each domain resides in its own internal network segment with no direct internet access. These simulate fully isolated customer environments. All connectivity is routed through the Opnsense perimeter via the transit network.

🏢 Domain Setup: White, Gray, Black

Each domain represents a generation of enterprise environments, with matching OS families across Windows and Linux:

DomainOS GenerationWindows StackLinux Stack
WhiteModernServer 2022, Windows 11RHEL 9, Ubuntu 24
GrayPrior GenServer 2019, Windows 10RHEL 8, Ubuntu 22
BlackLegacyServer 2012 R2, Windows 7RHEL 6, Ubuntu 16

🧩 Machine Templates Per Domain

Each domain uses a consistent template to represent key enterprise services and endpoints:

  • Domain Controller
    DNS, DHCP, NTP, Certificate Services
    dc01.ad.white.com

  • Infrastructure Node
    File Server, DFS, WSUS
    infra01.ad.white.com

  • Authentication Node
    ADFS, RADIUS, WEF Collector
    auth01.ad.white.com

  • Web Services Node
    IIS + RDS Web Gateway
    web01.adwhite.com

  • Windows Endpoint
    Domain-joined Windows desktop
    endpoint01.ad.white.com

  • Linux Endpoints

    • RHEL Web Server: web02.ad.white.com

    • RHEL Desktop: endpoint02.ad.white.com

    • Ubuntu Web Server: web03.ad.white.com

    • Ubuntu Desktop: endpoint03.ad.white.com

🔧 Features and Testing Capabilities

This environment supports complex enterprise simulation, including:

  • DNS Forwarding & Hijacking
    Forward queries to internal services or simulate external CDN/identity provider endpoints.

  • Cross-Domain Trust & User Delegation
    Establish trust relationships for authenticating and authorizing access across multiple AD forests.

  • Multi-OS Compatibility Testing
    Validate GPOs, authentication mechanisms, and deployment tools across multiple OS generations.

  • Service Simulation
    Simulate production-like behavior for DFS, WSUS, ADFS, RADIUS, Kerberos, NTLM, and modern authentication flows.

  • Security Policy Validation
    Test the effect of hardening policies (e.g., disabling NTLM, enforcing Kerberos, firewall scoping) in isolated and mixed-generation domains.

🔍 Use Cases

  • Troubleshooting real-world client issues in a controlled replica

  • Cross-version validation of infrastructure tools and scripts

  • Legacy migration planning (e.g., WS 2012 R2 → WS 2022)

  • Domain join and trust failure diagnosis

  • Authentication policy testing (NTLM fallback, Kerberos tickets, RADIUS policies)