Single Server Implementation?

G

gschiltz

Active Member
Aug 31, 2014
13
1
43
I've only started with Proxmox (and Wasim's book), and I'd like an opinion. The book recommends as a minimum (if I correctly understand the diagram and discussion on page 27 of the PDF), two physical Proxmox nodes, a file server node, and a physical firewall (I suppose the file server and firewall could both be appliances and not full servers). That sounds to me like a lot of hardware if the goal is to virtualize stuff :)


I am in the planning stages for the IT needs of a very small medical clinic (I'm a retired software engineer, and only doing IT stuff as a favor since they can't afford to hire someone). My main reason for wanting to use Proxmox is for flexibility, i.e. try out various configurations without having to wipe out a physical server. We currently have an underutilized physical server (donated by HP). It has a quad core xeon processor, 32 GB of RAM, 2TB of RAID6 storage, and 2 NICs. What I would like to do is to use Zentyal in a VM mostly for Samba and OpenChange (groupware), PfSense or similar in a VM as a software firewall, maybe a separate VM for storage management, another VM to run the DB server... am I crazy to want to run all this on one physical server? I'm confident that the server is powerful enough to run it all, but just want to understand if Proxmox can be configured to facilitate it.


Whatever I do, I'm going to first model it on a VMware Fusion VM running Proxmox, with the individual components running as VMs nested within it (I've experimented with that before, and performance isn't as bad as I had expected).
 
Hi,
you can run all the stuff on one node of course. But you have multible SPOF (single point of failures) and aren't able to start an VM on another host if the host fail.
For the beginning it's ok, but the fun begin with an cluster and shared storage (live migrating and so on).

An virtualized firefall is not recommended (if there are bugs in the hypervisor) but better than no firewall (I used this also for less critical things).

Udo
 
Last edited:
You can do that. you will miss most advantages of a proxmox cluster, though: you will rely on a single hw node, with all storage on it.
And your single node will have all the burden, too (compute, storage, network, ...).
And you will need a good backup plan for sure (ie: do not store backups on the same hw node...)

Proxmox target is a (mostly) server enterprise virtualization setup, so it's all optimized to allow flexibility, reliability, continuity, through external storages, clustering, live migration, HA, ceph, gluster & C.

Marco
 
Honestly, you can do 100% of what you are wanting to do on fully virtualized environment, including firewall, file storage and all.
As Udo and Marco already pointed out, there are somethings you definitely have to keep in mind. Take it as disclaimer :)
1. You "MUST" use a dedicated NIC for the virtualized firewall. You could get away with vLAN but less secured and will need a vLAN capable switch.
2. No redundancy of anything of course. Single point of failure in multiple areas.
3. Do not create "cluster" after setting up Proxmox.
4. This is not the average secured way to do things. Since Firewall should not be on the same machine where VMs are.

pfSense can be used as wonderful Firewall option and it can be installed on just about any PC laying around. I have several pfSense setups running for non-profit organizations on 14 years old Pentium 4 PCs with 2GB RAM and Dual NIC.
I do not know how many VMs you are planning to run, but with 32GB of RAM you can do many things. Just have to watch the load.

AI highly recommend putting the firewall on its own Hardware separated from everything, specially in an environment with sensitive data such as medical clinics.
 
symmcom said:
Honestly, you can do 100% of what you are wanting to do on fully virtualized environment, including firewall, file storage and all.
As Udo and Marco already pointed out, there are somethings you definitely have to keep in mind. Take it as disclaimer :)
1. You "MUST" use a dedicated NIC for the virtualized firewall. You could get away with vLAN but less secured and will need a vLAN capable switch.
2. No redundancy of anything of course. Single point of failure in multiple areas.
3. Do not create "cluster" after setting up Proxmox.
4. This is not the average secured way to do things. Since Firewall should not be on the same machine where VMs are.

pfSense can be used as wonderful Firewall option and it can be installed on just about any PC laying around. I have several pfSense setups running for non-profit organizations on 14 years old Pentium 4 PCs with 2GB RAM and Dual NIC.
I do not know how many VMs you are planning to run, but with 32GB of RAM you can do many things. Just have to watch the load.

AI highly recommend putting the firewall on its own Hardware separated from everything, specially in an environment with sensitive data such as medical clinics.
Click to expand...

Thanks to all who provided advice and warnings. In case anyone is curious, here are a few more details. This is a small medical clinic in rural Ecuador, and if not for the gift from HP, we probably would be running the whole thing from a couple of donated PCs. I'm already running Zentyal and the electronic medical records system (OpenEMR, an open source LAMP app) on this server. My main reason for wanting to virtualize is to be able to do some experimentation, i.e. quickly swap out one VM or set of VMs for another, without having to wipe and reinstall the whole base system. I've already had to do that twice because of getting my apt repository corrupted and not being able to fix it (as I said, I'm not a professional IT person).

Based on advice from you folks, I'll try to at least get a separate old junker PC to install some flavor of linux on in order to run the firewall on separate hardware, as well as a separate backup server.
 
gschiltz said:
...
Based on advice from you folks, I'll try to at least get a separate old junker PC to install some flavor of linux on in order to run the firewall on separate hardware, as well as a separate backup server.
Click to expand...
Hi,
if you look to something else than pfsense I can recomment devil-linux for firewalls - your firewall don't need an hdd. Config and distro can run from usb-stick (or config on usb and distro as CD).

Work very well for me since many years.

Udo
 
+1 pfSense
And instead of RAID-6 you might really want to use RAID-10 instead, I suppose the HP server will have a RAID card that can do RAID-10 if you already have RAID-6.
It's much faster performance-wise especially as you want to run a all those different things (db, medical app, storage) on the same server.
 
Hi,
if you have any other hardware available, probably you should use one of those old pcs as firewall and install proxmox on your hp server.

I don't know how much load your applications produce but if the hardware performs sufficient, there should be no reason why not to install proxmox on a single server (better than installing all software on the server directly).
 
You must log in or register to reply here.

About

The Proxmox community has been around for many years and offers help and support for Proxmox VE, Proxmox Backup Server, and Proxmox Mail Gateway.
We think our community is one of the best thanks to people like you!

Quick Navigation

Home Get Subscription Wiki Downloads Proxmox Customer Portal About

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get yours easily in our online shop.

Buy now!
Community platform by XenForo® © 2010-2024 XenForo Ltd.
Top Bottom
Back