ServeTheHome 2013 Architecture Discussion
- Thread starter Patrick
- Start date
Notice: Page may contain affiliate links for which we may earn a small commission through services like Amazon Affiliates or Skimlinks.
Unboxing the C6100 now. I missed the 160gb Intel 320's arriving today.
Last edited:
Did a Ubuntu 12.10 installation on the machines. Easy to run Folding@Home for some load. Made a big thread with the Dell C6100 XS23-TY3 information.
Do you mean like a VM with Vyatta or Pfsense?
Honestly, I am sure its perfectly safe, but for whatever reason virtualizing your security on the same hardware as production has always made me uncomfortable.
Before the tin foil hat people chime in
DISCLAIMER: Yes I realize that hypervisors are just software and like all software it can contain vulnerabilities and potentially expose other vms on the same hardware, but I think that it is very unlikely to occur and even less likely to be discovered.
Honestly, I am sure its perfectly safe, but for whatever reason virtualizing your security on the same hardware as production has always made me uncomfortable.
Before the tin foil hat people chime in
DISCLAIMER: Yes I realize that hypervisors are just software and like all software it can contain vulnerabilities and potentially expose other vms on the same hardware, but I think that it is very unlikely to occur and even less likely to be discovered.
Use the real router-firewall config as shown. Setting it up on ESXi might be fun, but in the long run you'll be happier with a stable network environment underneath the VMs. Keeping the functions separate will make it much simpler to maintain - problems with your ESXi won't impact the network configs, the functions upgrade independently, etc.
Last thing you want is to end up needing to upgrade something on the server, discover its dependent on ESXi release foo, but your firewall software faults when running foo as the hypervisor.
All this is even more important since you will be in the valley and all your equipment will be living the high-life in Vegas Baby! You really want to ensure your remote access is rock solid and independent of the rest of the equipment in the colo.
Last thing you want is to end up needing to upgrade something on the server, discover its dependent on ESXi release foo, but your firewall software faults when running foo as the hypervisor.
All this is even more important since you will be in the valley and all your equipment will be living the high-life in Vegas Baby! You really want to ensure your remote access is rock solid and independent of the rest of the equipment in the colo.
Last edited:
Thanks nitrobass24 and PigLover.
I think you are probably correct on this architecture idea. The only way I would even consider this is if I could do some kind of HA setup where at least two of the servers were running it.
I do need to simplify this.
I think you are probably correct on this architecture idea. The only way I would even consider this is if I could do some kind of HA setup where at least two of the servers were running it.
I do need to simplify this.
That is likely the case. I ordered a Fortinet Fortigate 60C to run as the firewall/ VPN. Going to try it out and possibly buy a second one for HA.
On the software side... still a BIG question. OpenStack, Eucalyptus, OnApp, Proxmox VE all possibilities at this point.
Well dont waste your time with Openstack. Too complicated to setup IMO.
What are you thinking regarding SAN and Mgt Server?
What are you thinking regarding SAN and Mgt Server?
Are you going to do VM for everything? Maybe a 2 node cluster with the web nodes and a VM for each of the sites?
Also, after I read the firewall thread, you could do a single Fortinet and then virtualize a secondary. It wont get you much in the way of load balancing, but might help you separate web from management. You probably don't *need* another NIC, put external on a VLAN on the switch and trunk to the vSwitch.
Also, after I read the firewall thread, you could do a single Fortinet and then virtualize a secondary. It wont get you much in the way of load balancing, but might help you separate web from management. You probably don't *need* another NIC, put external on a VLAN on the switch and trunk to the vSwitch.
Thanks re: OpenStack. Was also thinking about StackOps with that route, but enterprise is the HA version.
Not 100% sure I'm going that route on the SAN side.
Cactus - that is very much what I'm thinking. Just make everything into VMs.
Added 192GB of DDR3 RDIMMs yesterday. Kinda fun to see:
Another major architectural change may be adding a second C6100 so that each chassis can hold a node with a single L5520. Comes down to the fact that this would be very inexpensive to just spin up compared to new Atom based machines which will cost $900+. Also, the L5520 v. the Atom D525 is a big difference performance wise.
Another major architectural change may be adding a second C6100 so that each chassis can hold a node with a single L5520. Comes down to the fact that this would be very inexpensive to just spin up compared to new Atom based machines which will cost $900+. Also, the L5520 v. the Atom D525 is a big difference performance wise.