Re: [pfSense] Firewall Hardware/Setup for Datacenter...
If you're going to have 2 systems you can cluster them and make anything you're running HA even without duplicate vms. div Original message /divdivFrom: Chuck Mariotti cmario...@xunity.com /divdivDate:02/05/2015 22:22 (GMT-05:00) /divdivTo: pfSense Support and Discussion Mailing List list@lists.pfsense.org /divdivSubject: Re: [pfSense] Firewall Hardware/Setup for Datacenter... /divdiv /div Thanks… I am leaning that way I think… just trying to wrap my head around if it is worth trying to buy more ram + more storage (HW RAID) to make them ESXI worthy to run VMs, or if I should just keep it basic… the ESXI is tempting since I can at least make the secondary server do other stuff instead of just waiting for a failure on primary. Trying to think of a useful virtual machines to run that are not mission critical if a machine dies (since not raid), don’t have license to real-time replicate it on the VMWare side, but that might be useful for datacenter... From: List [mailto:list-boun...@lists.pfsense.org] On Behalf Of Jason Whitt Sent: February-05-15 3:23 PM To: pfSense Support and Discussion Mailing List Subject: Re: [pfSense] Firewall Hardware/Setup for Datacenter... I would add that for quot;data centerquot; workloads the apu's may not be the best choice ... Those 8 core atoms are plenty for multi 1gig feeds and the nic's are solid. Sent from my iPhone On Feb 5, 2015, at 12:38 PM, Jeremy Bennett jbenn...@hikitechnology.com wrote: Jason is correct. Those Supermicro boxes are awesome. Be careful when ordering though... they want ECC memory. The APUs from Netgate are nice too–the year of bundled support has already saved my bacon a number of times. Well worth the cost. On Thu, Feb 5, 2015 at 9:19 AM, Jason Whitt jason.wh...@gmail.com wrote: Ive ran as vm's using vmxnet3's as well as physical on these http://m.newegg.com/Product/index?itemnumber=16-101-837 Both are viable options. Jason Sent from my iPhone On Feb 5, 2015, at 11:11 AM, Walter Parker walt...@gmail.com wrote: I've used pfSense in a VM on my ESXi application server. This is mostly to firewall the Windows VMs from the Internet. If you want fail-over, I'd suggest getting one of the new Netgate (http://store.netgate.com/NetgateAPU2.aspx or http://store.netgate.com/1U-Rack-Mount-Systems-C84.aspx) or pfSense (https://www.pfsense.org/hardware/#pfsense-store) embedded systems with an SSD. Then you can run a full install that supports package installs with a power budget of ~10-15 Watts for the APU units. Then you have a choice of getting a second HW unit for an additional $400 to $1000, or setting up pfSense in a VM (not on a separate VMware server, on an existing VM server). The higher end HW systems on those pages are 8 core Atom systems built for run pfSense (of course, the power requirements will be in the 100W range). With an SSD, these systems should last for a long time with no issues. How much firewall horsepower do you need? What are your constrains (time, money, space)? P.S. You can run packages on embedded in 2.2, you just want to be careful not to run packages that would trash the SD card with too many writes. Walter On Thu, Feb 5, 2015 at 9:40 AM, Chuck Mariotti cmario...@xunity.com wrote: Have been using pfSense for years at our datacenter, very happy with it running on old dedicate hardware with failover. The hardware is overdue to be retired and I’m wondering what people are doing/recommending for a datacenter setup. We want to use OpenVPN Server, IDS, dBandwidth, etc… so need to keep out option open for the ability to run packages... behind it we are running multiple servers and vCenter/ESXI servers. What’s the go-to setup for a datacenter these days? Do we stick with two dedicated boxes? Since we pay for power, nice to have lower power… So do we go as low as using embedded hardware? It used to not be recommended for packages… still the case I assume? So I’m leaning towards some of the newer SuperMicro Atom boxes (quad core, or 8 core!!??! etc…). But then I see so many people running pfSense in VMWare and I wonder if we should consider this. Then I think about the hardware needs and VMWare Licensing (would like to avoid)… and what else can I run on the hardware along side without hurting pfSense from running properly, etc… If pfSense is setup to failover, that means the hardware can be cheap…. No RAID needed. If dedicated, do I go with Hard Drives/SSD drives? USB? We need packages… can I run it off of USB stick then or do I still need HDD/SSD? If setting up new hardware so can run pfSense as Virtual Machines… I would need two VM Hosts running pfSense as VM’s so would have the failover... What should we
Re: [pfSense] Firewall Hardware/Setup for Datacenter...
On Thu, Feb 5, 2015 at 12:40 PM, Chuck Mariotti cmario...@xunity.com wrote: Do we stick with two dedicated boxes? Since we pay for power, nice to have lower power… So do we go as low as using embedded hardware? It used to not be recommended for packages… still the case I assume? So I’m leaning towards some of the newer SuperMicro Atom boxes (quad core, or 8 core!!??! etc…). A couple of years ago I updated my data center systems to a pair of SuperMicro systems from Silicon Mechanics. I bought their smallest boxes (half depth) and had them custom configure them with a single SSD each and 16GB of RAM which was their minimum. I also had them put in the low-power Xeon CPUs since I, too, pay for power. I run two point to point OpenVPNs and a handful of road warrior VPN connections. I don't run any other pfSense packages. There are about 25 or so firewall rules and about that many aliases as well. I've measured the outbound traffic peaking at over 200Mbps. I'm sure it can do more but I just can't generate that much traffic naturally. I'm not boding the NICs either -- these are just single gigabit ethernet connections. Last year I upgraded my main office firewall from an ALIX based twin configuration to a pair of pfSense branded C2758. I think these are mighty fine boxes and would be able to handle my data center traffic just fine as well, had they been available at the time I needed them. ___ pfSense mailing list https://lists.pfsense.org/mailman/listinfo/list Support the project with Gold! https://pfsense.org/gold
Re: [pfSense] Firewall Hardware/Setup for Datacenter...
On 6/Feb/15 05:22, Chuck Mariotti wrote: Thanks… I am leaning that way I think… just trying to wrap my head around if it is worth trying to buy more ram + more storage (HW RAID) to make them ESXI worthy to run VMs, or if I should just keep it basic… the ESXI is tempting since I can at least make the secondary server do other stuff instead of just waiting for a failure on primary. Trying to think of a useful virtual machines to run that are not mission critical if a machine dies (since not raid), don’t have license to real-time replicate it on the VMWare side, but that might be useful for datacenter... We bought from high-end HP servers back in June last year whose CPU's didn't agree with pfSense (2.1 at the time). The only solution was to run pfSense in a VM on that particular hardware. We used ESXi for this. Maybe it's worth trying to run 2.2 natively to see if those CPU's are now covered. Mark. ___ pfSense mailing list https://lists.pfsense.org/mailman/listinfo/list Support the project with Gold! https://pfsense.org/gold
Re: [pfSense] Firewall Hardware/Setup for Datacenter...
If you really want to setup two copies of pfSense, both running on ESXi hosts, using VMWare replication is a very expensive solution. pfSense supports router replication using CARP, so you don't need VM level replication only the data replication in CARP. If VMWare costs are your big issue, you might think about loading one system bare (just a simple SSD). If you want mirroring of the drive, use FreeBSD GEOM mirroring or even BIOS mirroring. Given modern SSDs, the chance of failure would be very low. Compared to most Windows Servers, pfSense is tiny and almost stateless (every can be restored using one tiny XML file). How you setup up the second host depends on what you trust most. But, then i guess it gets into a case of CYA if solutions other than VMWare replication are frowned upon. Walter On Thu, Feb 5, 2015 at 7:22 PM, Chuck Mariotti cmario...@xunity.com wrote: Thanks… I am leaning that way I think… just trying to wrap my head around if it is worth trying to buy more ram + more storage (HW RAID) to make them ESXI worthy to run VMs, or if I should just keep it basic… the ESXI is tempting since I can at least make the secondary server do other stuff instead of just waiting for a failure on primary. Trying to think of a useful virtual machines to run that are not mission critical if a machine dies (since not raid), don’t have license to real-time replicate it on the VMWare side, but that might be useful for datacenter... *From:* List [mailto:list-boun...@lists.pfsense.org] *On Behalf Of *Jason Whitt *Sent:* February-05-15 3:23 PM *To:* pfSense Support and Discussion Mailing List *Subject:* Re: [pfSense] Firewall Hardware/Setup for Datacenter... I would add that for data center workloads the apu's may not be the best choice ... Those 8 core atoms are plenty for multi 1gig feeds and the nic's are solid. Sent from my iPhone On Feb 5, 2015, at 12:38 PM, Jeremy Bennett jbenn...@hikitechnology.com wrote: Jason is correct. Those Supermicro boxes are awesome. Be careful when ordering though... they want ECC memory. The APUs from Netgate are nice too–the year of bundled support has already saved my bacon a number of times. Well worth the cost. On Thu, Feb 5, 2015 at 9:19 AM, Jason Whitt jason.wh...@gmail.com wrote: Ive ran as vm's using vmxnet3's as well as physical on these http://m.newegg.com/Product/index?itemnumber=16-101-837 Both are viable options. Jason Sent from my iPhone On Feb 5, 2015, at 11:11 AM, Walter Parker walt...@gmail.com wrote: I've used pfSense in a VM on my ESXi application server. This is mostly to firewall the Windows VMs from the Internet. If you want fail-over, I'd suggest getting one of the new Netgate ( http://store.netgate.com/NetgateAPU2.aspx or http://store.netgate.com/1U-Rack-Mount-Systems-C84.aspx) or pfSense ( https://www.pfsense.org/hardware/#pfsense-store) embedded systems with an SSD. Then you can run a full install that supports package installs with a power budget of ~10-15 Watts for the APU units. Then you have a choice of getting a second HW unit for an additional $400 to $1000, or setting up pfSense in a VM (not on a separate VMware server, on an existing VM server). The higher end HW systems on those pages are 8 core Atom systems built for run pfSense (of course, the power requirements will be in the 100W range). With an SSD, these systems should last for a long time with no issues. How much firewall horsepower do you need? What are your constrains (time, money, space)? P.S. You can run packages on embedded in 2.2, you just want to be careful not to run packages that would trash the SD card with too many writes. Walter On Thu, Feb 5, 2015 at 9:40 AM, Chuck Mariotti cmario...@xunity.com wrote: Have been using pfSense for years at our datacenter, very happy with it running on old dedicate hardware with failover. The hardware is overdue to be retired and I’m wondering what people are doing/recommending for a datacenter setup. We want to use OpenVPN Server, IDS, dBandwidth, etc… so need to keep out option open for the ability to run packages... behind it we are running multiple servers and vCenter/ESXI servers. What’s the go-to setup for a datacenter these days? Do we stick with two dedicated boxes? Since we pay for power, nice to have lower power… So do we go as low as using embedded hardware? It used to not be recommended for packages… still the case I assume? So I’m leaning towards some of the newer SuperMicro Atom boxes (quad core, or 8 core!!??! etc…). But then I see so many people running pfSense in VMWare and I wonder if we should consider this. Then I think about the hardware needs and VMWare Licensing (would like to avoid)… and what else can I run on the hardware along side without hurting pfSense from running properly, etc… If pfSense is setup to failover, that means the hardware can be cheap…. No RAID needed
Re: [pfSense] Firewall Hardware/Setup for Datacenter...
Ive ran as vm's using vmxnet3's as well as physical on these http://m.newegg.com/Product/index?itemnumber=16-101-837 Both are viable options. Jason Sent from my iPhone On Feb 5, 2015, at 11:11 AM, Walter Parker walt...@gmail.com wrote: I've used pfSense in a VM on my ESXi application server. This is mostly to firewall the Windows VMs from the Internet. If you want fail-over, I'd suggest getting one of the new Netgate (http://store.netgate.com/NetgateAPU2.aspx or http://store.netgate.com/1U-Rack-Mount-Systems-C84.aspx) or pfSense (https://www.pfsense.org/hardware/#pfsense-store) embedded systems with an SSD. Then you can run a full install that supports package installs with a power budget of ~10-15 Watts for the APU units. Then you have a choice of getting a second HW unit for an additional $400 to $1000, or setting up pfSense in a VM (not on a separate VMware server, on an existing VM server). The higher end HW systems on those pages are 8 core Atom systems built for run pfSense (of course, the power requirements will be in the 100W range). With an SSD, these systems should last for a long time with no issues. How much firewall horsepower do you need? What are your constrains (time, money, space)? P.S. You can run packages on embedded in 2.2, you just want to be careful not to run packages that would trash the SD card with too many writes. Walter On Thu, Feb 5, 2015 at 9:40 AM, Chuck Mariotti cmario...@xunity.com wrote: Have been using pfSense for years at our datacenter, very happy with it running on old dedicate hardware with failover. The hardware is overdue to be retired and I’m wondering what people are doing/recommending for a datacenter setup. We want to use OpenVPN Server, IDS, dBandwidth, etc… so need to keep out option open for the ability to run packages... behind it we are running multiple servers and vCenter/ESXI servers. What’s the go-to setup for a datacenter these days? Do we stick with two dedicated boxes? Since we pay for power, nice to have lower power… So do we go as low as using embedded hardware? It used to not be recommended for packages… still the case I assume? So I’m leaning towards some of the newer SuperMicro Atom boxes (quad core, or 8 core!!??! etc…). But then I see so many people running pfSense in VMWare and I wonder if we should consider this. Then I think about the hardware needs and VMWare Licensing (would like to avoid)… and what else can I run on the hardware along side without hurting pfSense from running properly, etc… If pfSense is setup to failover, that means the hardware can be cheap…. No RAID needed. If dedicated, do I go with Hard Drives/SSD drives? USB? We need packages… can I run it off of USB stick then or do I still need HDD/SSD? If setting up new hardware so can run pfSense as Virtual Machines… I would need two VM Hosts running pfSense as VM’s so would have the failover... What should we consider for the hardware in this case… should I go with RAID w/HDD/SSD on ESXI? If pfSense is setup for failover, do I really need RAID? But I assume I would need something reliable if I’m going to run other non-pfsense VMs on the same hardware… so I would need RAID w/HDD/SSD and it would need to be larger… what are other people running in datacenter setups along side the pfSense? I don’t want to put it onto our existing vCenter infrastructure, licensing/costs and isolation needed. Do I setup one hardware as basic, no RAID running ESXI and pfSense, and the other more robust setup (RAID, more memory). I’m really interested in what people are using in production environments/datacenters. Regards, Chuck ___ pfSense mailing list https://lists.pfsense.org/mailman/listinfo/list Support the project with Gold! https://pfsense.org/gold -- The greatest dangers to liberty lurk in insidious encroachment by men of zeal, well-meaning but without understanding. -- Justice Louis D. Brandeis ___ pfSense mailing list https://lists.pfsense.org/mailman/listinfo/list Support the project with Gold! https://pfsense.org/gold ___ pfSense mailing list https://lists.pfsense.org/mailman/listinfo/list Support the project with Gold! https://pfsense.org/gold
[pfSense] Firewall Hardware/Setup for Datacenter...
Have been using pfSense for years at our datacenter, very happy with it running on old dedicate hardware with failover. The hardware is overdue to be retired and I'm wondering what people are doing/recommending for a datacenter setup. We want to use OpenVPN Server, IDS, dBandwidth, etc... so need to keep out option open for the ability to run packages... behind it we are running multiple servers and vCenter/ESXI servers. What's the go-to setup for a datacenter these days? Do we stick with two dedicated boxes? Since we pay for power, nice to have lower power... So do we go as low as using embedded hardware? It used to not be recommended for packages... still the case I assume? So I'm leaning towards some of the newer SuperMicro Atom boxes (quad core, or 8 core!!??! etc...). But then I see so many people running pfSense in VMWare and I wonder if we should consider this. Then I think about the hardware needs and VMWare Licensing (would like to avoid)... and what else can I run on the hardware along side without hurting pfSense from running properly, etc... If pfSense is setup to failover, that means the hardware can be cheap No RAID needed. If dedicated, do I go with Hard Drives/SSD drives? USB? We need packages... can I run it off of USB stick then or do I still need HDD/SSD? If setting up new hardware so can run pfSense as Virtual Machines... I would need two VM Hosts running pfSense as VM's so would have the failover... What should we consider for the hardware in this case... should I go with RAID w/HDD/SSD on ESXI? If pfSense is setup for failover, do I really need RAID? But I assume I would need something reliable if I'm going to run other non-pfsense VMs on the same hardware... so I would need RAID w/HDD/SSD and it would need to be larger... what are other people running in datacenter setups along side the pfSense? I don't want to put it onto our existing vCenter infrastructure, licensing/costs and isolation needed. Do I setup one hardware as basic, no RAID running ESXI and pfSense, and the other more robust setup (RAID, more memory). I'm really interested in what people are using in production environments/datacenters. Regards, Chuck ___ pfSense mailing list https://lists.pfsense.org/mailman/listinfo/list Support the project with Gold! https://pfsense.org/gold
Re: [pfSense] Firewall Hardware/Setup for Datacenter...
Thanks… I am leaning that way I think… just trying to wrap my head around if it is worth trying to buy more ram + more storage (HW RAID) to make them ESXI worthy to run VMs, or if I should just keep it basic… the ESXI is tempting since I can at least make the secondary server do other stuff instead of just waiting for a failure on primary. Trying to think of a useful virtual machines to run that are not mission critical if a machine dies (since not raid), don’t have license to real-time replicate it on the VMWare side, but that might be useful for datacenter... From: List [mailto:list-boun...@lists.pfsense.org] On Behalf Of Jason Whitt Sent: February-05-15 3:23 PM To: pfSense Support and Discussion Mailing List Subject: Re: [pfSense] Firewall Hardware/Setup for Datacenter... I would add that for data center workloads the apu's may not be the best choice ... Those 8 core atoms are plenty for multi 1gig feeds and the nic's are solid. Sent from my iPhone On Feb 5, 2015, at 12:38 PM, Jeremy Bennett jbenn...@hikitechnology.commailto:jbenn...@hikitechnology.com wrote: Jason is correct. Those Supermicro boxes are awesome. Be careful when ordering though... they want ECC memory. The APUs from Netgate are nice too–the year of bundled support has already saved my bacon a number of times. Well worth the cost. On Thu, Feb 5, 2015 at 9:19 AM, Jason Whitt jason.wh...@gmail.commailto:jason.wh...@gmail.com wrote: Ive ran as vm's using vmxnet3's as well as physical on these http://m.newegg.com/Product/index?itemnumber=16-101-837 Both are viable options. Jason Sent from my iPhone On Feb 5, 2015, at 11:11 AM, Walter Parker walt...@gmail.commailto:walt...@gmail.com wrote: I've used pfSense in a VM on my ESXi application server. This is mostly to firewall the Windows VMs from the Internet. If you want fail-over, I'd suggest getting one of the new Netgate (http://store.netgate.com/NetgateAPU2.aspx or http://store.netgate.com/1U-Rack-Mount-Systems-C84.aspx) or pfSense (https://www.pfsense.org/hardware/#pfsense-store) embedded systems with an SSD. Then you can run a full install that supports package installs with a power budget of ~10-15 Watts for the APU units. Then you have a choice of getting a second HW unit for an additional $400 to $1000, or setting up pfSense in a VM (not on a separate VMware server, on an existing VM server). The higher end HW systems on those pages are 8 core Atom systems built for run pfSense (of course, the power requirements will be in the 100W range). With an SSD, these systems should last for a long time with no issues. How much firewall horsepower do you need? What are your constrains (time, money, space)? P.S. You can run packages on embedded in 2.2, you just want to be careful not to run packages that would trash the SD card with too many writes. Walter On Thu, Feb 5, 2015 at 9:40 AM, Chuck Mariotti cmario...@xunity.commailto:cmario...@xunity.com wrote: Have been using pfSense for years at our datacenter, very happy with it running on old dedicate hardware with failover. The hardware is overdue to be retired and I’m wondering what people are doing/recommending for a datacenter setup. We want to use OpenVPN Server, IDS, dBandwidth, etc… so need to keep out option open for the ability to run packages... behind it we are running multiple servers and vCenter/ESXI servers. What’s the go-to setup for a datacenter these days? Do we stick with two dedicated boxes? Since we pay for power, nice to have lower power… So do we go as low as using embedded hardware? It used to not be recommended for packages… still the case I assume? So I’m leaning towards some of the newer SuperMicro Atom boxes (quad core, or 8 core!!??! etc…). But then I see so many people running pfSense in VMWare and I wonder if we should consider this. Then I think about the hardware needs and VMWare Licensing (would like to avoid)… and what else can I run on the hardware along side without hurting pfSense from running properly, etc… If pfSense is setup to failover, that means the hardware can be cheap…. No RAID needed. If dedicated, do I go with Hard Drives/SSD drives? USB? We need packages… can I run it off of USB stick then or do I still need HDD/SSD? If setting up new hardware so can run pfSense as Virtual Machines… I would need two VM Hosts running pfSense as VM’s so would have the failover... What should we consider for the hardware in this case… should I go with RAID w/HDD/SSD on ESXI? If pfSense is setup for failover, do I really need RAID? But I assume I would need something reliable if I’m going to run other non-pfsense VMs on the same hardware… so I would need RAID w/HDD/SSD and it would need to be larger… what are other people running in datacenter setups along side the pfSense? I don’t want to put it onto our existing vCenter infrastructure, licensing/costs and isolation needed. Do I setup one hardware as basic, no RAID running ESXI and pfSense
Re: [pfSense] Firewall Hardware/Setup for Datacenter...
I've used pfSense in a VM on my ESXi application server. This is mostly to firewall the Windows VMs from the Internet. If you want fail-over, I'd suggest getting one of the new Netgate ( http://store.netgate.com/NetgateAPU2.aspx or http://store.netgate.com/1U-Rack-Mount-Systems-C84.aspx) or pfSense ( https://www.pfsense.org/hardware/#pfsense-store) embedded systems with an SSD. Then you can run a full install that supports package installs with a power budget of ~10-15 Watts for the APU units. Then you have a choice of getting a second HW unit for an additional $400 to $1000, or setting up pfSense in a VM (not on a separate VMware server, on an existing VM server). The higher end HW systems on those pages are 8 core Atom systems built for run pfSense (of course, the power requirements will be in the 100W range). With an SSD, these systems should last for a long time with no issues. How much firewall horsepower do you need? What are your constrains (time, money, space)? P.S. You can run packages on embedded in 2.2, you just want to be careful not to run packages that would trash the SD card with too many writes. Walter On Thu, Feb 5, 2015 at 9:40 AM, Chuck Mariotti cmario...@xunity.com wrote: Have been using pfSense for years at our datacenter, very happy with it running on old dedicate hardware with failover. The hardware is overdue to be retired and I’m wondering what people are doing/recommending for a datacenter setup. We want to use OpenVPN Server, IDS, dBandwidth, etc… so need to keep out option open for the ability to run packages... behind it we are running multiple servers and vCenter/ESXI servers. What’s the go-to setup for a datacenter these days? Do we stick with two dedicated boxes? Since we pay for power, nice to have lower power… So do we go as low as using embedded hardware? It used to not be recommended for packages… still the case I assume? So I’m leaning towards some of the newer SuperMicro Atom boxes (quad core, or 8 core!!??! etc…). But then I see so many people running pfSense in VMWare and I wonder if we should consider this. Then I think about the hardware needs and VMWare Licensing (would like to avoid)… and what else can I run on the hardware along side without hurting pfSense from running properly, etc… If pfSense is setup to failover, that means the hardware can be cheap…. No RAID needed. If dedicated, do I go with Hard Drives/SSD drives? USB? We need packages… can I run it off of USB stick then or do I still need HDD/SSD? If setting up new hardware so can run pfSense as Virtual Machines… I would need two VM Hosts running pfSense as VM’s so would have the failover... What should we consider for the hardware in this case… should I go with RAID w/HDD/SSD on ESXI? If pfSense is setup for failover, do I really need RAID? But I assume I would need something reliable if I’m going to run other non-pfsense VMs on the same hardware… so I would need RAID w/HDD/SSD and it would need to be larger… what are other people running in datacenter setups along side the pfSense? I don’t want to put it onto our existing vCenter infrastructure, licensing/costs and isolation needed. Do I setup one hardware as basic, no RAID running ESXI and pfSense, and the other more robust setup (RAID, more memory). I’m really interested in what people are using in production environments/datacenters. Regards, Chuck ___ pfSense mailing list https://lists.pfsense.org/mailman/listinfo/list Support the project with Gold! https://pfsense.org/gold -- The greatest dangers to liberty lurk in insidious encroachment by men of zeal, well-meaning but without understanding. -- Justice Louis D. Brandeis ___ pfSense mailing list https://lists.pfsense.org/mailman/listinfo/list Support the project with Gold! https://pfsense.org/gold
Re: [pfSense] Firewall Hardware/Setup for Datacenter...
Jason is correct. Those Supermicro boxes are awesome. Be careful when ordering though... they want ECC memory. The APUs from Netgate are nice too-the year of bundled support has already saved my bacon a number of times. Well worth the cost. On Thu, Feb 5, 2015 at 9:19 AM, Jason Whitt jason.wh...@gmail.com wrote: Ive ran as vm's using vmxnet3's as well as physical on these http://m.newegg.com/Product/index?itemnumber=16-101-837 Both are viable options. Jason Sent from my iPhone On Feb 5, 2015, at 11:11 AM, Walter Parker walt...@gmail.com wrote: I've used pfSense in a VM on my ESXi application server. This is mostly to firewall the Windows VMs from the Internet. If you want fail-over, I'd suggest getting one of the new Netgate ( http://store.netgate.com/NetgateAPU2.aspx or http://store.netgate.com/1U-Rack-Mount-Systems-C84.aspx) or pfSense ( https://www.pfsense.org/hardware/#pfsense-store) embedded systems with an SSD. Then you can run a full install that supports package installs with a power budget of ~10-15 Watts for the APU units. Then you have a choice of getting a second HW unit for an additional $400 to $1000, or setting up pfSense in a VM (not on a separate VMware server, on an existing VM server). The higher end HW systems on those pages are 8 core Atom systems built for run pfSense (of course, the power requirements will be in the 100W range). With an SSD, these systems should last for a long time with no issues. How much firewall horsepower do you need? What are your constrains (time, money, space)? P.S. You can run packages on embedded in 2.2, you just want to be careful not to run packages that would trash the SD card with too many writes. Walter On Thu, Feb 5, 2015 at 9:40 AM, Chuck Mariotti cmario...@xunity.com wrote: Have been using pfSense for years at our datacenter, very happy with it running on old dedicate hardware with failover. The hardware is overdue to be retired and I'm wondering what people are doing/recommending for a datacenter setup. We want to use OpenVPN Server, IDS, dBandwidth, etc... so need to keep out option open for the ability to run packages... behind it we are running multiple servers and vCenter/ESXI servers. What's the go-to setup for a datacenter these days? Do we stick with two dedicated boxes? Since we pay for power, nice to have lower power... So do we go as low as using embedded hardware? It used to not be recommended for packages... still the case I assume? So I'm leaning towards some of the newer SuperMicro Atom boxes (quad core, or 8 core!!??! etc...). But then I see so many people running pfSense in VMWare and I wonder if we should consider this. Then I think about the hardware needs and VMWare Licensing (would like to avoid)... and what else can I run on the hardware along side without hurting pfSense from running properly, etc... If pfSense is setup to failover, that means the hardware can be cheap No RAID needed. If dedicated, do I go with Hard Drives/SSD drives? USB? We need packages... can I run it off of USB stick then or do I still need HDD/SSD? If setting up new hardware so can run pfSense as Virtual Machines... I would need two VM Hosts running pfSense as VM's so would have the failover... What should we consider for the hardware in this case... should I go with RAID w/HDD/SSD on ESXI? If pfSense is setup for failover, do I really need RAID? But I assume I would need something reliable if I'm going to run other non-pfsense VMs on the same hardware... so I would need RAID w/HDD/SSD and it would need to be larger... what are other people running in datacenter setups along side the pfSense? I don't want to put it onto our existing vCenter infrastructure, licensing/costs and isolation needed. Do I setup one hardware as basic, no RAID running ESXI and pfSense, and the other more robust setup (RAID, more memory). I'm really interested in what people are using in production environments/datacenters. Regards, Chuck ___ pfSense mailing list https://lists.pfsense.org/mailman/listinfo/list Support the project with Gold! https://pfsense.org/gold -- The greatest dangers to liberty lurk in insidious encroachment by men of zeal, well-meaning but without understanding. -- Justice Louis D. Brandeis ___ pfSense mailing list https://lists.pfsense.org/mailman/listinfo/list Support the project with Gold! https://pfsense.org/gold ___ pfSense mailing list https://lists.pfsense.org/mailman/listinfo/list Support the project with Gold! https://pfsense.org/gold ___ pfSense mailing list https://lists.pfsense.org/mailman/listinfo/list Support the project with Gold! https://pfsense.org/gold
Re: [pfSense] Firewall Hardware/Setup for Datacenter...
I would add that for data center workloads the apu's may not be the best choice ... Those 8 core atoms are plenty for multi 1gig feeds and the nic's are solid. Sent from my iPhone On Feb 5, 2015, at 12:38 PM, Jeremy Bennett jbenn...@hikitechnology.com wrote: Jason is correct. Those Supermicro boxes are awesome. Be careful when ordering though... they want ECC memory. The APUs from Netgate are nice too–the year of bundled support has already saved my bacon a number of times. Well worth the cost. On Thu, Feb 5, 2015 at 9:19 AM, Jason Whitt jason.wh...@gmail.com wrote: Ive ran as vm's using vmxnet3's as well as physical on these http://m.newegg.com/Product/index?itemnumber=16-101-837 Both are viable options. Jason Sent from my iPhone On Feb 5, 2015, at 11:11 AM, Walter Parker walt...@gmail.com wrote: I've used pfSense in a VM on my ESXi application server. This is mostly to firewall the Windows VMs from the Internet. If you want fail-over, I'd suggest getting one of the new Netgate (http://store.netgate.com/NetgateAPU2.aspx or http://store.netgate.com/1U-Rack-Mount-Systems-C84.aspx) or pfSense (https://www.pfsense.org/hardware/#pfsense-store) embedded systems with an SSD. Then you can run a full install that supports package installs with a power budget of ~10-15 Watts for the APU units. Then you have a choice of getting a second HW unit for an additional $400 to $1000, or setting up pfSense in a VM (not on a separate VMware server, on an existing VM server). The higher end HW systems on those pages are 8 core Atom systems built for run pfSense (of course, the power requirements will be in the 100W range). With an SSD, these systems should last for a long time with no issues. How much firewall horsepower do you need? What are your constrains (time, money, space)? P.S. You can run packages on embedded in 2.2, you just want to be careful not to run packages that would trash the SD card with too many writes. Walter On Thu, Feb 5, 2015 at 9:40 AM, Chuck Mariotti cmario...@xunity.com wrote: Have been using pfSense for years at our datacenter, very happy with it running on old dedicate hardware with failover. The hardware is overdue to be retired and I’m wondering what people are doing/recommending for a datacenter setup. We want to use OpenVPN Server, IDS, dBandwidth, etc… so need to keep out option open for the ability to run packages... behind it we are running multiple servers and vCenter/ESXI servers. What’s the go-to setup for a datacenter these days? Do we stick with two dedicated boxes? Since we pay for power, nice to have lower power… So do we go as low as using embedded hardware? It used to not be recommended for packages… still the case I assume? So I’m leaning towards some of the newer SuperMicro Atom boxes (quad core, or 8 core!!??! etc…). But then I see so many people running pfSense in VMWare and I wonder if we should consider this. Then I think about the hardware needs and VMWare Licensing (would like to avoid)… and what else can I run on the hardware along side without hurting pfSense from running properly, etc… If pfSense is setup to failover, that means the hardware can be cheap…. No RAID needed. If dedicated, do I go with Hard Drives/SSD drives? USB? We need packages… can I run it off of USB stick then or do I still need HDD/SSD? If setting up new hardware so can run pfSense as Virtual Machines… I would need two VM Hosts running pfSense as VM’s so would have the failover... What should we consider for the hardware in this case… should I go with RAID w/HDD/SSD on ESXI? If pfSense is setup for failover, do I really need RAID? But I assume I would need something reliable if I’m going to run other non-pfsense VMs on the same hardware… so I would need RAID w/HDD/SSD and it would need to be larger… what are other people running in datacenter setups along side the pfSense? I don’t want to put it onto our existing vCenter infrastructure, licensing/costs and isolation needed. Do I setup one hardware as basic, no RAID running ESXI and pfSense, and the other more robust setup (RAID, more memory). I’m really interested in what people are using in production environments/datacenters. Regards, Chuck ___ pfSense mailing list https://lists.pfsense.org/mailman/listinfo/list Support the project with Gold! https://pfsense.org/gold -- The greatest dangers to liberty lurk in insidious encroachment by men of zeal, well-meaning but without understanding. -- Justice Louis D. Brandeis ___ pfSense mailing list https://lists.pfsense.org/mailman/listinfo/list Support the project with Gold! https://pfsense.org/gold
