Esxi 6 host + PFS Guest VM w/DMZ + VLAN & W8.1 Guest VM



  • Hi all

    Brand new to this forum, and have some basic exp with PF & Esxi, but no VLAN exp. I want to virtualise the following for in-house use in my small IT co, which has just taken on it’s 1st employee! He’s the new Snr Tech, which moves me into more of a management/director/CTO role & as such I’d like to implement the below in my environment. Iv created a simple diagram at the end.

    1. 1x Win 8.1 “backup server”
    2. 1x PFSense Fw on Exsi 6.x.  This will be the DHCP server, VPN server & possibly more roles as my business grow.
      2.1)Would it be wise to have a 2nd PFS Fw as a software fail-over? If so, can you advise me on the settings that must be changed to allow the fail over? 

    So far I have a :
    i7 2600k @ 4.6Ghz,
    6GB DDR3 1600 (1x 4GB ; 1 x 2GB, so no dual channel currently, any negative real-world implications of not running in dual channel?)
    1x 320GB HDD for Esxi, (will be replaced with a Samsung / Intel 256GB SSD with higher than average IOPS. Once I’m happy with everything, might even shift the i7 out for a Dell quad Zeon)
    2 x 3TB WD Red for the backup (simple copy and paste from HDD1 > HDD2 ) using Cobian so I can get the emailed report afterwards).
    1x onboard Intel Gbps NIC (can’t recall model, its on a Asus Maximus 5 Extreme) (PFSense WAN from Ubiquiti h/w, provided by WISP)
    1x PCIX RealTek (AFAIR & yes I read that Intel NIC’s are preferred. (PFS LAN>dumb 16port Gb Dlink switch>Ubiquiti UAP-LR-AC) whose model number I can’t recall now.

    Note: I have not been able to get Esxi to detect/install the RT NIC, although the PC’s BIOS does see it.

    CPU & RAM wise, the PC will be split down the middle – 2x 4.6Ghz physical cores each, 3GB RAM.
    AFAIR Esxi preforms better with Hyper Threading off, is this correct, or do I have off/on mixed up ? Would be nice to have a answer from a qualified source/link, like VMware.
    Network objectives – stability, speed, security, in that order. I will have physical workstations creating Windows System Images 1x per week on the local disk, before moving them to the 1st WD drive in the W8.1 Guest. These images can be anything form <100GB to ~600GB per workstation, hence the ‘need for speed’. :P

    1. Can I put the PFS VM in a DMZ created by the same instance of PFS ? How do I get W8.1 Guest VM to be part of the same DMZ?

    2. How can I get the W8 VM to be ‘protected’ by PFS, like any other PC in the LAN/DMZ? (Is this considered to be ‘behind’ the PFS?)

    3. What settings would I change on both PFS & Exsi if say, 1x NIC went down, and I don’t have / can’t go buy a replacement ? IE to allow all incoming & outgoing data to/from the WAN & LAN on 1x physical NIC, while keeping/adjusting all other settings like the DMZ to remain intact ?
      I’d like to keep copies of configs as time goes on, with the basic settings saved for 1x NIC and for 2x NIC.

    4. Does setting up VLANS’s using PFS increase network throughput at all? Was thinking of a separate VLAN for management of the VLAN, staff LAN + WLAN ,guest WIFI ,devices like printers, TV’s, workshop LAN+WLAN. Or would setting routes in PFS between each AP / device allow better throughput / lower ping?

    4.1) AP’s are all Ubiquiti Long Range AC units & are connected to the below switch via Tenda Gbps powerline adaptors.

    4.2) All (2x) switches are dumb switches. I have a smart switch (Dlink) on its way from a friend who upgraded, unfort I cant recall the model. All switches have a switching capacity of x ports X 2Gbps & are connected using  Gbps Cat5e.

    Made the below diagram quickly, sorry that I don’t have the correct symbols, but I think that illustrates what I’m after sufficiently, if not, please feel free to change it.

    Sorry if I’m somehow making this more complicated than it needs to be, I ‘always’ seem to over analyse life but I do enjoy having a detailed understanding / mental image of what is going on :P




Log in to reply