Question about running over VMWare?



  • Hey everyone,

    Here's my situation, my office of 8 people has 2 DSL connections and our server is Windows Server 2003 which basically just hosts our Microsoft Dynamics CRM.

    I'm looking for a load balancing system where I can have both my DSL connections used by all users, so it will automatically put some users on one connection some on the other and so on and I came across pfSense.

    Here's my question.  I was thinking of getting another server just to run pfSense or Linux with a different solution but then I thought about VMWare.  On my Windows Server 2003 box that just hosts Microsoft CRM, could I install VMWare and set it up with 3 physical NIC cards and then use that?  Or should it be on it's own server?  There's VMWare info on the site here so I assume that's what it's for but just not sure if that's too demanding for a virtual server or not?  Thanks!



  • I always prefer to run boarder systems on physical hardware because it’s easy to logically keep the entities separate and because of performance.
    With your 8 users it might be best to run pfsense virtually. Cost wise it’s a good idea since you only support 8 people and your connection to the outside is dsl.
    I would look at your budget and determine if you can afford ~$200 for an extra box. If you can’t find the money then run it virtually.



  • Thanks for your help!  I can definitely afford a physical box, that's no issue.  The reason I was looking at this is just, why do people use vmware then?  Just for more light tasks or something?  When I found pfsense it was in another forum and people there were against using another box since it's just another server making heat and using power.  Then I saw the vmware image on the downloads page and thought maybe that was the point of vmware.


  • Banned

    I used the Lice CD installer ISO and it works flawlessly in VmWare on IBM Xseries hardware and VMWare ESX3.5….

    Runs on the same hardware as my askozia PBX, and there are no issues either.

    Run a VMWare server on the 2003 hardware and the Pfsense works fine!



  • Awesome thanks for the help that would be great.  Again all the server is used for is Dynamics CRM 3.0.  Users have that open and access it all day over the local network, would that impact internet performance at all?  I can't see CRM being that intensive, it's really just like a big sql database and web server?


  • Banned

    It should not have issues, but it comes down to hardware muscles.

    Make sure the nic's are seperated by vlan's and handles the traffic on seperate adapters. That creates the least amount of problems…



  • How about if I just use it as a router and 1 nic with no load balancing, think it would be better then?  I think traffic shaping is really more my goal here.



  • What I would recommend if you decide to keep the 2 WAN links is to set 2 dedicated NICs and, in windows, remove all protocols except for vmware bonding. this would make sure that you are not going to accidentally route straight from the windows host OS to the internet.

    make sure to setup network bonding for the NICs you want to use (i.e. VMNET3 and VMNET4 for WAN connections, VMNET6 for LAN)

    setup a virtual machine with 3 NICs (2 set for the protocol blocked NICs and 1 for LAN).  install pfSense as normal and assign WAN and OPT1 to VMNET3 and VMNET4 and LAN to VMNET6.

    after that follow directions to set up WAN load balancing. I would also recommend you look into changing the NIC driver types in the virtual image to e1000 to be able to handle QoS properly inside.

    depending on your existing server config and/or budget, you could get some NICs with TCP/IP offloading to absorb some of the hit.

    I personally use Netgear GA311 gigabit cards which go for about 35 bucks, have TCP/IP offloading and run like tanks.

    final reminder. MAKE SURE to change startup priority to start the firewall on system startup so if the host is rebooted, the firewall will come back up also. AND make sure to install Open-vm-tools package.


Log in to reply