Running pfSense in Hyper-V on my media server?
So, two questions here:
I have a media server that I use to run Emby. Since I do 4k transcoding, I built a very robust box that 99.9% of the time has plenty of headroom. The box is on 24/7 and I would like to get better use out of it.
Question 1: Is it crazy to contemplate running pfSense in a Hyper-V machine on the same box as my media server?
Question 2: If it isn't, and because the media server requires access to the LAN to fulfill its functions (it needs to see the network TV Tuner, for example), will I need three ethernet ports, one each for pfSense LAN and WAN, and 1 for the non Hyper-V side, or just 2, with one shared between the VM and the server?
Sorry if this is too rudimentary....throwing pasta at the wall to try and find something that sticks.
It's not completely crazy, there are other people that doe that. I would rather run some other hypervisor though and run everything in that.
You would want the WAN NIC passed through to pfSense directly but the LAN side could be shared depending on how you had it arranged.
Thanks for the thoughts...just to make sure I understand, are you suggesting that it might be smarter to use a different virtualization engine, or suggesting that I run both Emby and pfSense in the same hyper-v VM, or that I run one each in their own VM? Again, thanks
I'm suggesting you run a baremetal hypervisor like ESXi or Xen etc and run anything else you want as VMs in that.
I would have doubts about running Windows 24/7 as a hypervisor even with the NIC passed through. There are people doing that though.
I'm not really familiar with Emby or with what it's requirements might be in terms of direct hardware access and if that can be achieved in a VM. It looks like it's available for just about anything though.
Not familiar with Emby, but run pfSense in a Hyper-V VM myself. Sounds like you have enough resources. You'd only need 2 NICs; one for the WAN v-switch and one for the LAN v-switch. But if you have the ports, you can always assign one to the host itself. You can see my specs in my sig, pretty lightweight, and this is on a 10 year-old quad core. You would create a VM for pfSense itself. I don't think you can actually pass a NIC through directly though, you must use a v-switch, unless something has changed in Hyper-V. Yeah, direct access to hardware for Emby would be an issue, I think. I'd keep your server as is and install the Hyper-V Server Role and install the pfSense VM.
Emby looks interesting, I'd love to dump cable.
@provels Thanks for the help. Yes, I love Emby...have the lifetime subscription. I used to run Plex but its DVR was problematic. Since switching to Emby I haven't had a single serious issue (though playback while simultaneously recording is a bit slower than I would like). The developers are responsive and take satisfaction seriously. For live television/DVR, I have EMBY paired with a bullet proof Silicon Dust multi-tuner.
I tried running pfsense in several different hyperv installations and it would always eventually end up with a corrupt file system.
@brians was your instance stable for a period of time before becoming corrupted and if so, generally how long was it stable?
@brians Good point. I found same if I let Hyper-V try to either save or shutdown pfSense on host reboot. Now when I do reboot, like after Windows Updates (done manually), I manually shut pfSense down first and have it set to start automatically. Been running as VM for several years now w/o issue. I also found pfSense seemed to ignore both dynamic disks and memory, so I set both fixed. And the host is UPS'd now, too.
@ianmud It seemed to be stable for weeks/months but not sure when it became corrupt because I would not notice a problem until it rebooted. In most cases I was able to re-install from ISO and do a recovery which simplified it.
@provels I don't think I used dynamic disks or memory. Sometimes cannot shut down pfsense gracefully always.
I was using pfSense in a VM mainly to run OpenVPN appliance behind an existing firewall. Good to experiment on but dedicated hardware is better.
After evaluating it, I have decided long time ago that pfSense is better solution for our customers (we are small IT company), and have since purchased and installed about a dozen Netgate pfSense appliances. For home I use a home built standalone i7 PC.
I use NUT (in remote APCUPSD mode) in pfSense as slave to monitor the host's UPS status (which is using the APCUPSD Windows port), and my XigmasNAS in turn monitors PFsense's UPS status using NUT. Kind of hokey, but seems to work.
I see no problem here.
One nic connected to a v switch of type external (for example called INET). Connect the wan if of the pfsense vm to that. Make sure the host os cannot us it.
create a new v switch of type external (called Internal) and connect one physical nic to it.
last, connect the host os, lan nic of pfsense and any other internal vm to that v switch