If you're going to have 2 systems you can cluster them and make anything you're
running HA even without duplicate vms.
<div>-------- Original message --------</div><div>From: Chuck Mariotti
<cmario...@xunity.com> </div><div>Date:02/05/2015 22:22 (GMT-05:00)
</div><div>To: pfSense Support and Discussion Mailing List
<list@lists.pfsense.org> </div><div>Subject: Re: [pfSense] Firewall
Hardware/Setup for Datacenter... </div><div>
</div>> Thanks… I am leaning that way I think… just trying to wrap my head
around if it is worth trying to buy more ram + more storage (HW RAID) to make
them ESXI worthy to run VMs, or if I should just keep it basic… the ESXI is
tempting since I can at least make the secondary server do other stuff instead
of just waiting for a failure on primary. Trying to think of a useful virtual
machines to run that are not mission critical if a machine dies (since not
raid), don’t have license to real-time replicate it on the VMWare side, but
that might be useful for datacenter...
>
>
>
> From: List [mailto:list-boun...@lists.pfsense.org] On Behalf Of Jason Whitt
> Sent: February-05-15 3:23 PM
> To: pfSense Support and Discussion Mailing List
> Subject: Re: [pfSense] Firewall Hardware/Setup for Datacenter...
>
>
>
>
> I would add that for "data center" workloads the apu's may not be
> the best choice ... Those 8 core atoms are plenty for multi 1gig feeds and
> the nic's are solid.
>
>
>
>
>
>
> Sent from my iPhone
>
>
>
> On Feb 5, 2015, at 12:38 PM, Jeremy Bennett <jbenn...@hikitechnology.com>
> wrote:
>
>
> Jason is correct. Those Supermicro boxes are awesome. Be careful when
> ordering though... they want ECC memory.
>
>
>
>
> The APUs from Netgate are nice too–the year of bundled support has already
> saved my bacon a number of times. Well worth the cost.
>
>
>
>
>
> On Thu, Feb 5, 2015 at 9:19 AM, Jason Whitt <jason.wh...@gmail.com> wrote:
>
> Ive ran as vm's using vmxnet3's as well as physical on these
> http://m.newegg.com/Product/index?itemnumber=16-101-837
>
>
>
>
>
> Both are viable options.
>
>
>
>
>
> Jason
>
> Sent from my iPhone
>
>
>
> On Feb 5, 2015, at 11:11 AM, Walter Parker <walt...@gmail.com> wrote:
>
>
> I've used pfSense in a VM on my ESXi application server. This is mostly to
> firewall the Windows VMs from the Internet.
>
>
>
>
> If you want fail-over, I'd suggest getting one of the new Netgate
> (http://store.netgate.com/NetgateAPU2.aspx or
> http://store.netgate.com/1U-Rack-Mount-Systems-C84.aspx) or pfSense
> (https://www.pfsense.org/hardware/#pfsense-store) embedded systems with an
> SSD. Then you can run a full install that supports package installs with a
> power budget of ~10-15 Watts for the APU units. Then you have a choice of
> getting a second HW unit for an additional $400 to $1000, or setting up
> pfSense in a VM (not on a separate VMware server, on an existing VM server).
>
>
>
>
>
> The higher end HW systems on those pages are 8 core Atom systems built for
> run pfSense (of course, the power requirements will be in the 100W range).
> With an SSD, these systems should last for a long time with no issues.
>
>
>
>
>
> How much firewall horsepower do you need? What are your constrains (time,
> money, space)?
>
>
>
>
>
> P.S. You can run packages on embedded in 2.2, you just want to be careful
> not to run packages that would trash the SD card with too many writes.
>
>
>
>
>
>
>
>
> Walter
>
>
>
>
>
> On Thu, Feb 5, 2015 at 9:40 AM, Chuck Mariotti <cmario...@xunity.com> wrote:
>
> Have been using pfSense for years at our datacenter, very happy with it
> running on old dedicate hardware with failover. The hardware is overdue to be
> retired and I’m wondering what people are doing/recommending for a datacenter
> setup. We want to use OpenVPN Server, IDS, dBandwidth, etc… so need to keep
> out option open for the ability to run packages... behind it we are running
> multiple servers and vCenter/ESXI servers.
>
>
>
> What’s the go-to setup for a datacenter these days?
>
>
>
> Do we stick with two dedicated boxes?
> Since we pay for power, nice to have lower power… So do we go as low as using
> embedded hardware? It used to not be recommended for packages… still the case
> I assume?
>
> So I’m leaning towards some of the newer SuperMicro Atom boxes (quad core, or
> 8 core!!??! etc…).
>
>
>
> But then I see so many people running pfSense in VMWare and I wonder if we
> should consider this. Then I think about the hardware needs and VMWare
> Licensing (would like to avoid)… and what else can I run on the hardware
> along side without hurting pfSense from running properly, etc…
>
>
>
> If pfSense is setup to failover, that means the hardware can be cheap…. No
> RAID needed.
>
> If dedicated, do I go with Hard Drives/SSD drives? USB? We need packages… can
> I run it off of USB stick then or do I still need HDD/SSD?
>
>
>
> If setting up new hardware so can run pfSense as Virtual Machines… I would
> need two VM Hosts running pfSense as VM’s so would have the failover... What
> should we consider for the hardware in this case… should I go with RAID
> w/HDD/SSD on ESXI? If pfSense is setup for failover, do I really need RAID?
> But I assume I would need something reliable if I’m going to run other
> non-pfsense VMs on the same hardware… so I would need RAID w/HDD/SSD and it
> would need to be larger… what are other people running in datacenter setups
> along side the pfSense? I don’t want to put it onto our existing vCenter
> infrastructure, licensing/costs and isolation needed. Do I setup one hardware
> as basic, no RAID running ESXI and pfSense, and the other more robust setup
> (RAID, more memory).
>
>
>
> I’m really interested in what people are using in production
> environments/datacenters.
>
>
>
> Regards,
>
> Chuck
>
>
>
>
>
>
> _______________________________________________
> pfSense mailing list
> https://lists.pfsense.org/mailman/listinfo/list
> Support the project with Gold! https://pfsense.org/gold
>
>
>
>
>
>
>
>
> --
> The greatest dangers to liberty lurk in insidious encroachment by men of
> zeal, well-meaning but without understanding. -- Justice Louis D. Brandeis
>
>
>
>
> _______________________________________________
> pfSense mailing list
> https://lists.pfsense.org/mailman/listinfo/list
> Support the project with Gold! https://pfsense.org/gold
>
>
>
> _______________________________________________
> pfSense mailing list
> https://lists.pfsense.org/mailman/listinfo/list
> Support the project with Gold! https://pfsense.org/gold
>
>
>
>
>
>
> _______________________________________________
> pfSense mailing list
> https://lists.pfsense.org/mailman/listinfo/list
> Support the project with Gold! https://pfsense.org/gold
>
>
>
> _______________________________________________
>pfSense mailing list
>https://lists.pfsense.org/mailman/listinfo/list
>Support the project with Gold! https://pfsense.org/gold
>
_______________________________________________
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project with Gold! https://pfsense.org/gold