hardware suggestions (again i know)
-
I understand your point perfectly but having options to choose from is always a good thing, I think
-
@thething If it's for a business, I would recommend Netgate appliances just because it comes with support...maybe the SG4860 for the future requirements. I can share my DIY, which is in my signature. I am an Apple person and already had hardware setup with the future in mind. So I used a 2011 Apple mini server with thunderbolt2 enclosure that I can easily add a 10Gbe later.
-
Well pretty much anything will work with pfsense.. Just get good nics, and you should be fine.. Problem is boxes like that like to suck a lot of juice.. So while you might save a bit of $ up front - you will loose it all just creating heat while the thing sits idle.
Electricity in Portugal is pretty expensive is not... So something that uses minimal would be best. Not some best of a PC sucking 100watts idle ;)
Isn't your electric like 3rd highest cost in all of the EU?
-
If something goes wrong with Netgate hardware how will I solve it?
Since Netgate does not have any representation in Portugal my downtime would be just huge, no?
Isn't it possible to get a diy appliance done without it sucking too much juice?
ok good NICs (the best 4 port), like?
sorry about all this questions but I'm no an IT guy and questions arise. ohh and the "client" is my wife's accounting office, so you see my problem ;) :) -
@thething said in hardware suggestions (again i know):
I'm no an IT guy
That's the problem recommending DIY although being one is unnecessary as long as you're at least computer literate. For the peace of mind, I would go with Netgate...you could always get SG-4860 and SG-3100 as a backup...that way, you're not too far from the nearest Netgate Europe support center should one goes down. The two appliances would be about the same cost as the XG-7100IU or pretty close.
-
Why would an accounting office need 10ge? Just curious.. Must be some really large spreadsheets ;)
How many people in this office?
-
@NollipfSense I'm literate enough to understand I'll be probably be in trouble with 3 simultaneous remote OpenVPN (AES256 encrypted) connections (and I need 6), pfBlockerNG, Suricata, Squid, SquidGuard and so on with the SG-3100 even when the IT guy is telling me it will be ok. I do not "buy" it. and they want me to pay 470 plus VAT for the 3100.
I even doubt the 4860 can do it at full speed without a glitch. They both lack processing power specially if we put pfBlockerNG running. Internet reports about this issue are abundant. Besides I hate underpowered hardware causing me trouble oe slowing things down.
@johnpoz it probably doesn't.
-
@thething said in hardware suggestions (again i know):
Besides I hate underpowered hardware causing me trouble oe slowing things down.
And what are you using now? ;)
-
@thething said in hardware suggestions (again i know):
I'm literate enough to understand I'll be probably be in trouble with 3 simultaneous remote OpenVPN (AES256 encrypted) connections (and I need 6)
Good...honestly, I believe the Netgate XG-7100IU in this case would be the best five-year business investment in terms of a robust hardware that comes with support. You can modify what you currently have, like upgrade processor and memory, to use as a backup. A DIY, I am a little bias on using Apple Mac Mini because of the lovely form factor...a used 2012 Mac Mini quad core i7 16GB RAM about $550/eBay in the U.S. Coupled with a used thunderbolt two PCI enclosure and a quad port i350 NIC for around $200. Power consumption with the Mac Mini is not much...I run two Mac Mini servers 24/7/365. Adding the 10gbe NIC would be easy as removing the i350 later.
-
@thething said in hardware suggestions (again i know):
They both lack processing power specially if we put pfBlockerNG running.
Not sure why you think that is going to be process intensive - other than parsing through the lists, which is done every now and then when they update - it doesn't do anything after that..
You can do lots of openvpn vpns connections - its just not going to be at wire speed.
-
What exactly do you mean by 'full speed' here?
The SG-3100 will pass at or close to 1Gbps if it's just clients behind it downloading.
But if you want, say, 1Gbps OpenVPN that's a whole new level of processing required. More than even the XG-7100 will provide.
The total number of VPN remote users is not that important it's the total encrypted bandwidth that counts.
Steve
-
@stephenw10 I mean as close as possible to 1Gbps OpenVPN
-
@NollipfSense thank you so much for your suggestions
-
Then you need as much CPU power as possible. OpenVPN is single threaded, you likely won't get 1Gbps with any single connection unless you have a very fast device but you probably will with several connections at ~200Mbps each.
The 3100 will pass ~125Mbps OpenVPN total so not even close for what you're trying.You might consider using mobile IPSec instead if you really need that encrypted throughput.
Steve
-
Doubt they "need" it ;) this is an accounting company - how freaking big could the spreadsheets be ;)
Good luck getting wire speed with ipsec even.. You do understand all vpn's add overhead, so its not actually possible to get wirespeed. Even if you take the extra compute out of the equation, you are inside a tunnel - so there will be some downgrade..
If your connection is server bandwidth is X, and your slower client speed is Y.. Then your vpn speed will be Y - Z, where Z is the overhead in compute and tunnel hit.
Do all your remote users have gig? Its pointless to worry about vpn throughput when your user is coming in on some slow connection.. The client is amost always going to be the slower connection.
-
@johnpoz accounting in Portugal is not done in spreadsheets. It uses dedicated certified software. You have a lot of them to choose from but when you choose some of the best you’ll need speed, trust me.
Every remote user has at least, 500Mbps connections. some have 1G. The upgrade is on the run since everybody had 200Mbps it it was tedious to work and complicated to meet a mountain of deadlines that this country‘s ridiculous legislation imposes.
You are right about one thing: we don’t need 1Gbps today but we want to be able to plan ahead, be ready to upgrade and come close when we might need it. And when it will be needed, it it will no so far away, i don’t want to be stuck with underpowered, overpriced, no upgradable hardware.If someone can help and drop some suggestions, links, etc, it would be great.
If not, thank you anyway :)
-
@stephenw10 thank you for your input. I’m learning with it
-
Access to a dedicated software that moves numbers - would be less overhead then moving spreadsheets... I think you misunderstanding how things work over the internet.. And how much bandwidth required to manipulate numbers..
Unless you were moving large FILES... bandwidth is not your issue.. Manipulation of numbers is not bandwidth intensive.. Remote desktop to some machine in the office that manipulates the numbers, again not bandwidth heavy... What is heavy need is when you are moving large files.. Say a graphic company, or video editing company..
I am having a hard time understanding why an accounting company would need large speed vpn..
Users saying they are not getting X while they move a file from their machine to the file server at work, and their internet speed is X is not a work related problem... They will never see X, no matter how big of a BOX you put in for your vpn..
The recommendation for any WORK setup would be an appliance from a company you can get support from... I would also suggest a support contract... The sg3100 would prob be your best bet.. If you need to go to 10ge at some future date down the road and not say in the next year then you upgrade then!
Throwing together some DIY PC to run as your firewall/vpn is not how you do business... Might be fine for home - but this is company that needs shit to work... Then buy something that works, and has support and the ability for 24x7 call someone on the phone.. And not have to wait in a 10 hour on hold, waiting for bob to figure out how to delete a file.. and needs help.
-
@thething said in hardware suggestions (again i know):
@NollipfSense thank you so much for your suggestions
A cheaper alternative to the Mac Mini is the Intel NUC...small form factor that has thunderbolt interface to use the thunderbolt PCI enclosure for your future upgrade. You can find new ones with i7 processor and DDR4 RAM (max 32GB) on Amazon for under $500 in the U.S...anticipate you might fine it in Amazon-Europe $700-800.
-
@johnpoz I get the feeling that the accounting firm is doing outsourcing work with companies in Europe and connecting via VPN...that way the ledger and books stay at the companies...that's why VPN speed is critical despite the overhead.