Another hardware question - please advise
-
<snip>The planned setup :
- Raid 1, partition a small size, say, 25-30GB, to run ESXi 6.5 and use the remaining ~100GB Raid 1 disk to run two VMs
- VM1 PfSense / VPN
- VM2 Suricata / Packet Inspection needs.
- I will set up a separate machine to meet other requirements.
<snip>(2) I plan to set port mirroring in my Cisco managed switch and use the second VM as a small box for packet inspection / Suricata needs.
Can PI / Suricata be installed / run separately than on the PfSense. I am concerned running packet inspection as a part of PfSense will unnecessarily route all internal traffic through this and reduce the Lan traffic performance.
Thanks,
SSri</snip></snip>Seeing that there are only 2 vm, personally I would just put both vm in a promiscuous port group and not bother with port mirror.
-
- Raid 1, partition a small size, say, 25-30GB, to run ESXi 6.5 and use the remaining ~100GB Raid 1 disk to run two VMs
In this day and age ESXi can boot from the same partition you use to store VMs. Gone are the days where the hypervisor needs a separate partition just to boot from. No need to split it up.
-
I seriously doubt that esxi can boot from just one partition without writing a new installer. When I run
esxcli storage core device partition list
There are 6 system partitions and a vmfs5 partition for local storage on one drive.
-
Sorry for not replying. I have been away on business.
Thanks every one for valuable advise, which are very helpful.
After a long thought, I have decided to run PfSense FW-Router-VPN on its own. The rest of the requirements starting with Suricata/Packet Inspection to Home Lab clusters will be run on a beefy server via multiple VMs. I will use the port mirror on my switch to inspect packets on the separate server running Suricata/PI as one of the VMs.
I have finalised the following specs for the PfSense-VPN.
PCPartPicker part list / Price breakdown by merchant
CPU: Intel - Core i3-7350K 4.2GHz Dual-Core Processor (£147.80 @ Alza)
CPU Cooler: CRYORIG - M9i 48.4 CFM CPU Cooler (£22.99 @ Overclockers.co.uk)
Motherboard: ASRock - Z270M Pro4 Micro ATX LGA1151 Motherboard (£105.91 @ BT Shop)
Memory: Corsair - Vengeance LPX 8GB (2 x 4GB) DDR4-3000 Memory (£67.35 @ CCL Computers)
Storage: Sandisk - SSD PLUS 120GB 2.5" Solid State Drive (£48.80 @ Amazon UK)
Case: Thermaltake - Core V21 MicroATX Mini Tower Case (£53.99 @ Amazon UK)
Power Supply: Silverstone - Strider Gold 450W 80+ Gold Certified Fully-Modular SFX Power Supply (£79.47 @ Scan.co.uk)
Total: £526.31
Prices include shipping, taxes, and discounts when available
Generated by PCPartPicker 2017-06-03 18:11 BST+0100- Intel i350 t-2 or t-4.
I will be ordering the parts next week.
Thanks all.
Cheers -
I seriously doubt that esxi can boot from just one partition without writing a new installer. When I run
esxcli storage core device partition list
There are 6 system partitions and a vmfs5 partition for local storage on one drive.
You're right. What I meant to say is that the days of the user having to manually set aside storage for the OS are gone; the installer handles everything now. No need for a separate array just for the install, etc.
-
There was never a requirement for a separate array just a lun. I run esxi 6.5 from a sdcard.
-
https://plugloadsolutions.com/80PlusPowerSuppliesDetail.aspx?id=26&type=2
Consider a used eBay Dell 80+ gold psu. My psu is the L265EM-00 ATX12V form circa 2011. I got it for $15 USD including shipping. A 10% load for a 500W is 50 watts and may not be realistic for a pfSense firewall that predominantly rests at idle. I chose a 265W psu which is closer to my real world idle state. I also tested it on an old mobo for an hour before plugging it into my kaby lake pfSense mobo.
Currently I idle at 18.4W with a G4650T CPU, nc364t, liteon msata ssd and packages: openvpn,suricata, pfblockerng, squid and squid guard.
-
-
No need to buy an over wattage psu. You may need to buy 24 pin & 12V extension cable since Dell cables are usually too short and designed for their mobos.
-
Thanks for the heads up.
Regards
-
I just lowered my idle consumption wattage by adjusting the bios settings for the CPU and system fan from standard cooling to silent cooling. Wattage is now 18.1W
-
Thanks for all help. Cheers