Small Business & pfSense ?



  • Hello,

    I am very new to pfSense and ESXi but despite that I want to try and see if this combo is going to work for our company, so please bear with me :)

    We currently have 3 machines - a file, an MS SQL and an email server, all running on somewhat old and obsolete gear from Dell from the very beginning of this century or even older. The decision to upgrade the machines was made countless number of times and resulted in us amassing a whole lot of brand new hardware, none of which has been out of the packaging yet. When I say brand new, I mean since 2007 onwards. I know, we're that bad :)

    At our disposal we have 5 identical dual Xeon motherboards made by Intel, 128GB worth of memory modules by Micron, 5 pairs of Intel Xeon X5470 processors, a few dozens 15k RPM SAS drives (various makes and sizes but all in pairs) and some other bits and pieces, like RAID and gigabit network cards.

    When we started buying the replacement hardware, the original idea was to reuse our existing server boxes and power supplies, however I'm not sure it's a good idea anymore as they look very aged, sound like a bunch of airplanes during take off and probably not that efficient given their 24/7 work cycle.

    Understandably, since the hardware has been lying around for a few years untouched, our management didn't want to hear anything about the parts and components anymore. Yet thanks to them, we've managed to get a new case and power supply very recently. Just a few months ago :)

    That brings us to today when we're finally ready to try and put it all together and upgrade our infrastructure for the first time in almost 15 years. Phew! lol

    Again, I apologise profoundly for this long intro so here's my questions:

    Q1: Would a single, dual Quad Core Xeon machine from 2007 with maximum memory of 32 GB, be sufficient to run the following software for our team of 10 people, under ESXi:

    • FreeBSD Mail Server
    • FreeBSD zfs File Server
    • Windows 7 MS SQL Server
    • pfSense

    Q2: Machine capabilities aside, is it even recommended to have all these services on one machine as opposed to one-service-one-machine approach?

    Q3: If we indeed go with a single-server-for-all scenario, will we be okay with a dual port, onboard NIC or shall we add more network cards (we have 5 or 6 PCIe Gigabit dual-port around, all Intel made)?

    Sorry for my lengthy post and many thanks for your input!

    PS: Just to clarify, despite our poor hardware upgrade record, we have always maintained our servers with updates and fixes. The servers just worked flawlessly all these years, including the Windows 2000 SQL server, and we never really felt the need to butcher our network up or inflict a downtime. As they say, don't fix it if it ain't broke! :) The speed however is a whole other story and is the main reason for the upgrade.

    -fly

    EDIT: clarification, typos…



  • Technically speaking, it's certainly possible to put all 4 functions (mail-server, file-server, MS-SQL & pfSense)  in a single physical server under ESXi … however -depending primarily on the disk usage patterns- you might experience some noticable performance degradation.

    You could easily run both pfSense and a FreeBSD mail-server as VMs on the same hardware.



  • dhatz

    Many thanks for taking the time to reply. I hear you re performance degradation.

    To be perfectly honest, given our long preparation process, if we manage to deploy the new machine before the end of the year, it will be too soon :) Testing, testing and again, testing will be an integral part of the implementation process. After all, I doubt we will be touching the box for the next 10-15 years.

    Our software footprint is fairly small (<2TB in + backups). I was thinking of hooking a few pairs of hard drives and dedicating each OS a mirrored hard drive of its own. Some services, like MS SQL based Accounting package, are used infrequently, whereas pfSense and the mail server are used all the time.

    Splitting the tasks between two or three machines is not (yet) ruled out but it would be perfect if we could do away with a single machine. We're undergoing an office refurbishment and our "IT corner" will soon be converted in to a meeting corner. We use a 42U telecom rack - full to the brim - and it's an eye sore for the management that can't wait to see it reduced to a workbench "somewhere in the basement".

    How does the following scenario sound:

    • One NIC for the pfSense WAN intereface,
    • Another for pfSense LAN interface
    • One for ESXi management
    • A separate NIC for VMs/LAN traffic

    So 4 GbE ports in total - 2 onboard, 2 off an addon card.

    Is it not too complicated/difficult to implement/maintain?

    Thanks again!



  • Where are you based (US/UK?)

    In my experience with ESXI as long as you don't have too many hosts constantly reading and writing to the hard disk you can get away with quite a lot.
    For example I currently have:

    Server:
    1 x 6 core xeon cpu
    32GB of ram.
    6 NICs: 1 for management of ESXI, 1 for WAN PFsense, 2 for LAN (all hosts are on 1 Vswitch connected to these 2 connections which load balance) and 2 for iSCSI (again load balancing)

    3 host stores:
    1 x RAID 1 128GB SSD store directly on the server - this has the ESXI install on it and left over was enough space for PFsense and my Domain Controller to go on.

    1 x RAID 1 1TB 10k Velociraptor drives

    1 x RAID 5 1.5TB 7.5k drives

    1 data store for my backup server: this is made up of 3x3TB WD RED drives so about 6TB of redundant storage here.

    All these stores (apart from the SSD ones) are on a qnas 879pro via iSCSI. it works brilliantly and it has not missed a beat since I got it about 2 months ago.

    So that means that my hosts are stored on the 2 RAID 1 arrays and the 1 RAID 5 array.
    I have about 11 servers running different things like:
    Nagios (Centos 6)
    Syslog (Centos 6)
    Squid (Centos 6)
    Pfsense
    Exchange2013 (server 2012)
    Domain Controller (server 2012)
    Random Server 2008r2 build for testing
    Backtrack 5
    plus other random Centos and server 2008 hosts which are not always on.

    I have found that I never really get any performance issues despite the vast majority of these being thin provisioned and running on the same datastores.

    I'd say with a setup similar to mine you could run and support email and database servers for anything between 20-100 people.
    It does of course change if EVERYONE is CONSTANTLY reading and writing from the servers and databases..but that wouldn't be too realistic.



  • forgot to mention…

    I also am running a vcenter server on there so if I want to add a host for failover I can.



  • I would say considering what OP have today, the performance should improve not degrade :-)

    however, since this is a business setup. and since you seam to have some parts to spare,
    I would say try to get another case/psu and build 2 identical servers  out of your parts.
    since you are a noob (just like me BTW) check out Hyper-v or Xen for your setup.
    I , by no means  say that ESXi is bad  or anything, just that if you go for free setup, the ESXi free version have some limitations that other hypervisors don't.
    for example the free ESXi host have limit of 32GB of physical RAM.
    and it cost a lot to setup a redundant config where your mission critical VMs can be live migrated to a hot spare host as needed(that what my sugesting of building 2 servers was for).

    it seams form your post that you do have enough spare parts to build 2 servers, thus why not do it and setup a good and redundant setup considering how bad your upgrade cycle is.
    and if you do go this route, xen or hyper-v  might be cheaper. I know for sure that Xen/XCP have the live migrate  feature for free, not easy to setup but no cost.

    google is your friend :-)

    PS>> just want to add here that Xen  as opposed to ESXi  supports more hardware
    and also seams to be more tolerant to not 100% compatible hardware.
    unless you have some strange requirements( like hardware passthrogh on hardware that does not support IOMMU/VT-d ) you might have better luck using it on older setups.

    check out Citrix XenServer as well, it is also Free as of July(2013) and even if you need to buy support over all it is cheaper than ESXi.

    the XenServer is build on top of XEN  thus it comes with a lot of features equal to Xen
    but also have a very good management client (XenCenter) which is also free.


  • LAYER 8 Global Moderator

    "I also am running a vcenter server on there so if I want to add a host for failover I can."

    vcenter is not FREE, so your not running the free version of esxi?  But your working with crap from 2007 for your hardware?  Why don't you just buy something current from dell ready to go for your esxi host?


Log in to reply