Hardware for ESXi with Pfsense, Windows, freeNAS and Debian running Motion

Hi!

I’ve been asked to build a server for a small company by a friend. Today they use a old D-link router and two laptops in total. However they are slowly expanding and need a better IT-infrastructure and better workflow. Hence i’ve been tasked to setup a ESXi server. It is unfortunately not possible to do a “real” setup or hire a professional.

The server needs to run the following:

1: A firewall, planing on setting up a Pfsense VM with SNORT. Currently the WAN connection is limited to 10/10 but will get upgraded to 1Gbit/s. However throughput over 100Mbit/s isn’t really needed.

2: NAS, the company is developing new speakers for HiFi and car-audio and is measuring drivers and simulating enclosure designs. In order too refine the workflow a central storage for measurements and simulations is needed. The NAS will be backup nightly to a offsite FTP-server.

3: The server should ideally get utilized as a workstation as well. however the workload would be light with only a USB attached measurement tool and a lightweight simulating program for frequency response of the speaker.

  1. Surveillance station, the office will be equipped with two cameras at the entrance. So inspired by Qains guide i was thinking of using Debian with Motion installed too handle the cameras. If possible it would be great if the software could detect movement during specific hours and send a mail/sms with a picture of the intruder. If still frames are sent when a intruder is detected there is no need to save the feed onsite, so storage isn’t a problem.

So my question is, how powerful must the server be to run all the VMs? I’ve been looking at used servers on Ebay, the HP Proliant DL180 G6 seams like good value with twin hex core Xeons running at 2.66 Ghz with 24GB RAM. Would that be good enough or even overkill? As the server will be used in a workshop/office space a rack server would require a mod to replace the fans to something like Noctua fans so people can work in close vicinity.
The second option is buying new hardware, however the budget would only allow consumer grade stuff like the AMD 8 core system or equivalent.

I live in Sweden so help me pick the parts, linking deals in American stores won’t help me :frowning:

Thanks for reading my wall of text and i hope there isn’t to many grammatical erors, i’m not a native speaker.

There are a bunch of things that should not be virtualized and there are issues with the server you have outlined for the task (related to the jobs you want).

PfSense is an interesting beast to virtualize, mainly because if it has problems they can be REALLY odd to trouble shoot. To get around this you can hardware passthrough a NIC with multiple ports on to dedicate it to PfSense.
EDIT: (realised I should elaborate on this a bit more) The problem is due to I/O wait within the hypervisor itself that can lead to packet dropping, I found that hardware passthrough of a NIC seems to mitigate this issue, however then comes the argument of do you want your sensitive data (on the NAS) sitting on a machine that is both on WAN and LAN.

As for virtualizing a NAS, you run into the issue of that your storage is in VM style disks (unless you use a RAW VM disk format) which will be a pain up the arse to fix if something goes wrong.
If you wish to use FreeNAS virtualised you WILL have to hardware passthrough a HBA. However I WOULD NOT VIRTUALIZE FreeNAS. There are a bunch of reasons mainly listed HERE:


AND HERE:

As for using it as a workstation, you will need an external GPU, so you can output display to a physical device rather than relying on another machine to view the VM. As for passing USB devices, you can just assign that under the VM settings (no issues there).

As you can see, what you are wanting to do you are going to require a lot of devices to be passed into the system. So the 1u HP server is not going to work. The problem with the AMD platform (and especially a FreeNAS VM) is that if you require a large multi-TeraByte disk pool, you may not be able to equip the board with enough RAM (which will 9/10 time will destroy your data).

1 Like

I've read up a bit and i will skip freeNAS, a SMB share in Debian suffice. The space requirements are minimal, 200GB at the most in the foreseeable future. Considering the nightly offsite backup would a VM style disk tor the SMB share be a problem? Or is it just not worth the hassle to visualize the storage?

Forgot to mention it but planing on buying a Intel dual or quad port card so PCI-passthrough will not be a problem.

As for the GPU the DL180 G6 comes in a 2U version as well, enabling up to 2x fullhight PCI 8x slots.

A third option would be a EdgeRouter Lite for the firewall and then use ESXi for the workstation, storage and surveillance. Should not be a problem to passthrough the devices needed considering the expansion slots.

Derp a herp getting mixed up with the DL160.

If you are backing up from within the VM itself, no problem. If you are doing it via the hypervisor, bear in mind that if you need to use the backup you will have essentially recreate the VM to get the data (which maybe an issue if a hardware failure occurs on the host). Either way isn't an issue,just bear that small caveat to getting at the data.
Within the storage VM you shouldn't need to worry about setting up multiple virtual disks as long as the hypervisor host has some for of data security (mirror disks or RAID (plus you have the backup))

One thing to note with the DL180 is that some of them (especially if you are buying used) may have the 2 additional drive sleds instead of the double expansion slots at the rear. As for the 8x, a cheap PCI-e 1x card (they do exist) will fit nicely or you could cut the back out of the slot to allow you to stick a 16x in.

The EdgeRouter is an option, although you could still build the PfSense router with something like the AMD AM1 platform (just throwing that in as an option).

The backup would most likely be done by SFTP from within the VM, so that should work. And the host will simply run of a few HDDs in RAID 5. Of course all the important data would be backup offsite.

Do you know if it is possible to mod the fans in the server so the noise levels gets bearable?

Most of the servers out there (bar the older stuff) ramp down the fans quite elegantly. However the PSU's fans are the exception and seem to scream regardless.

You could mod the fans, however, the connectors are proprietary and the server's fan monitoring will trip up and think fans are failing if they are made to go too slow.

PS. Sorry for late reply.