Hi,
I was given the task to explore the possibilities for a brand new IT-Infrastructure for a customer of ours. Its industry with ~150 employees. The company's infrastructure belongs to the former parent company so we´ll start on a green field.
My current take on the subject would be to run everything virtualized on a Proxmox/Ceph Cluster. That is:
Domaincontroller
Exchange stub for m365 management
Firewall
DNS
DHCP
NAS
Radius
ERP System (not specified yet)
Print-Server
Mail gateway
MobileDeviceManagement
WSUS
several industry-specific tools, machine to machine communication, licence server
24/7 is not required, so we´re able to take services down for Updates/Maintenance at night/during weekends. It needs to be rock-solid during working hours though!
The network will be heavily (vlan) segregated. We´ll run a out of band Management-Network with separate internet access.
So here are the Questions:
Thanks in Advance
I was given the task to explore the possibilities for a brand new IT-Infrastructure for a customer of ours. Its industry with ~150 employees. The company's infrastructure belongs to the former parent company so we´ll start on a green field.
My current take on the subject would be to run everything virtualized on a Proxmox/Ceph Cluster. That is:
Domaincontroller
Exchange stub for m365 management
Firewall
DNS
DHCP
NAS
Radius
ERP System (not specified yet)
Print-Server
Mail gateway
MobileDeviceManagement
WSUS
several industry-specific tools, machine to machine communication, licence server
24/7 is not required, so we´re able to take services down for Updates/Maintenance at night/during weekends. It needs to be rock-solid during working hours though!
The network will be heavily (vlan) segregated. We´ll run a out of band Management-Network with separate internet access.
So here are the Questions:
- Networking
- Ceph and Proxmox Documentations suggests up to 4 Networks. Proposed Servers spec dual SFP28 and dual 10GBase-T (each in MLAG/Lag to stacked switch).
- Ceph Private (Heartbeat and Replication)
- Ceph Frontend (mainly to Proxmox VMs)
- Proxmox Private (Heartbeat and Replication)
- Guest Frontend
- Which of those should be bound on which NIC?
- Which should/could be separated by VLan?
- Does the above order reflect the importance? Are QoS rules on those VLans the way to go?
- Ceph and Proxmox Documentations suggests up to 4 Networks. Proposed Servers spec dual SFP28 and dual 10GBase-T (each in MLAG/Lag to stacked switch).
- Firewall(s) should be used for WAN Access and inter-VLan/Subnet Routing/NATing. Less than 10 concurrent VPN-Users.
- One or multiple FWs?
- Hardware or Virtualized?
- pfSense/OPNsense or Proxmox IPTables? Something completely different?
- What Software to use?
- what NAS/Cloud Software does pair well with Proxmox/Ceph? We need:
- SMB-Share with easy, GUI/Web-based User and Permissions Management (AD/LDAP integration)
- User-Manageable sync tool like Dropbox, Google-Drive, Synology Drive... you name it
- Versioning of synced files
- Easy sharing of files and folders with external users (I don´t like it but Management)
- Are TurnKey CTs "Production Ready" or only for Lab-Environments?
- what NAS/Cloud Software does pair well with Proxmox/Ceph? We need:
- Is a secondary Ceph pool with erasure coding for NAS- and cold-Storage appropriate?
Thanks in Advance
