As part of the development of ProjectFury, we use a few different systems tied together with some nifty (and quite hacky) methods.
A quick mockup of our typical network diagram is below:
So as you can see, to test and deploy a physical download file, we use three physical servers to collaborate, store & build our data.
You could quite easily run all systems on a hypervisor, but issues quickly pop up due to the resources Jenkins wants to have available and if you want your build time to feel like hours rather than days.
So, the core of this entire system is one that isn't even mentioned on the original network diagram due to a few different reasons. First of all, our AD system is far from perfect and something that I'm hoping to swap out at some point for something like Ldap or just a newer version of AD.
Due to legacy reasons, we're currently running a version of Windows Server 2008 R2 which provides AD auth for development accounts. This is also tied into an exchange server, but that really doesn't get used in this setup at all. You can definitely get results by not using AD, but it provides a good experience for whoever might be working on your team to issue them one account that can be used for all services, fortunately GitEA & Jenkins both support Active Directory authentication, even if it is a bit kludgy.