Server Integration

Toggle sidebar Toggle sidebar

MrBill10

Member
Apr 28, 2016
44
0
6
From feedback received from the fine people of this forum I recently purchased a Dell 2950 Gen II server. To be honest, I was urged to buy something newer (is 2007 really that long ago..?) but couldn't pass up a good deal. Twin X5355 Quad processors and 32G memory will do me while I learn. I've also taken steps to upgrade what I can: all firmwares are the latest available, the CD-R is being replaced with a DVD-RW, an additional 2xGbE NIC card to make 4 ports total, and 6x1TB drives for a nice raid 5 setup. All total I still have less than $500 invested.

I've also met a few others who, like me, think the 2950 is a bargain; one of them has offered me a Gen III machine loaded with 5450's, SAS drives and 64G for a whopping $300...

I've loaded pfSense, XP and Win7 into VM's and have been learning my way around ESXi 5.5, which is an astounding program. Not having been exposed to virtualization before, this software impresses the hell out of me. I have so much to learn.

Up to now the server has been operated as a stand-alone device, with a pair of EnGenius AP's acting as WAN and LAN connections, but I'm close to deploying the box as the primary router and, eventually, adding in my security systems, FTP'd weather station and a few other functions. I've done some heavy thinking on how to integrate the server into the existing network and have generated some guidelines, keeping in mind I have a 'home' LAN 1, and a 'work' LAN 2 on separate subnets:

  • minimum disruption to LAN 1 services (the family thanks me)
  • quickly dump the server from LAN 2 should the need arise
  • remote access to network devices independent from the server
  • implement multiple VLANs and VM; monitor and control
Here's where I'm at and what I'm thinking of doing. Please tell me if I need to change my meds... And please excuse the hand-drawn diagrams; I find it much faster than opening acad.

Existing: This system works very well; 2xVLANs through the Netgear M4100 L2+ managed switch permit lan-to-lan traffic. I'm not a fan of using 3 routers but, at the time, needed some way to launch two subnets.


And the proposed: Placing the server after the gateway router and before the M4100 switch. By keeping the gateway router (for now) I can easily plug LAN 1 back in to the internet.
 

MrBill10

Member
Apr 28, 2016
44
0
6
I should add that whatever configuration I start with will change as VM's take over the functions presently dedicated to individual computers (ie) 2 machines split monitoring/managing the 8 cameras, and one machine is a dedicated FTP server hooked up to the weather station.

And, yes, the network could be managed comfortably on one subnet, but I have dreams of kicking NSA's ass one day and you gotta start somewhere...

Did I mention meds...?

Thanks all.
 
G

Genx87

Lifer
Apr 8, 2002
41,091
513
126
www.sophos.com

Get the home version of UTM 9. Run UTM 9 as a VM and allow it to access to internal VLAN ports. You can do all your routing on one device(sophos) with full security options. You can ditch the router before the 2950.
 

MrBill10

Member
Apr 28, 2016
44
0
6
Thank you both. So the proposed physical setup of the server, switch and workstation is ok? I'm hoping to avoid too many false starts...

Maybe these posts can get you started.

https://calvin.me/vlan-pfsense/

https://calvin.me/block-traffic-vlan-pfsense/
Click to expand...
mxnerd, thanks very much for the link to Calvin's blog; the walk-through on pfsense/vlans simplifies the process a lot. I read through it twice and came away with a few loose ends, but need to fire the server and spend some quality seat time with ESXi to fully comprehend.

www.sophos.com

Get the home version of UTM 9. Run UTM 9 as a VM and allow it to access to internal VLAN ports. You can do all your routing on one device(sophos) with full security options. You can ditch the router before the 2950.
Click to expand...
Genx87; I followed your advice a few weeks back and read up on then downloaded Sophos UTM. I fully intend to get it up and running in order to understand its character; I'm a big fan of understanding and using the correct tool for the task. How are you using VMs in your network? Your enthusiasm for Sophos is probably well founded...
 

mxnerd

Diamond Member
Jul 6, 2007
6,799
1,101
126
I'm no expert on pfSense, ESXi & VLAN, especially weak in VLAN since I don't have smart switch. I can only help to certain point.

The layout should be about right though.

But don't understand why you have 2 ethernet cables to mission control and then also 2 cables from mission control to M4100 switch. (trunking?)

Also doesn't know the meaning of 0/1 , 0/2, 0/7, 0/8 labels.


There are many other true experts in the forum who can help you.

You can also find many tutorials on youtube.
 
Last edited:
X

XavierMace

Diamond Member
Apr 20, 2013
4,307
450
126
MrBill10 said:
Genx87; I followed your advice a few weeks back and read up on then downloaded Sophos UTM. I fully intend to get it up and running in order to understand its character; I'm a big fan of understanding and using the correct tool for the task. How are you using VMs in your network? Your enthusiasm for Sophos is probably well founded...
Click to expand...

I'm a big Sophos fan as well. Replaced pfSense some time ago at my house with it and setup a Sophos box to replace my parents failing router as well. It's far more user friendly and IMO has far more features out of the box.

I've currently got the following VM's running on my network: Sophos, Domain Controller (DHCP and DNS as well), File/Media Server, Game server, vCenter server, APC Powerchute, and a pair of sandbox VM's (Ubuntu and Win 8.1).
 

MrBill10

Member
Apr 28, 2016
44
0
6
mxnerd; everyone is an expert compared to me... Any and all feedback is appreciated.

But don't understand why you have 2 ethernet cables to mission control and then also 2 cables from mission control to M4100 switch. (trunking?)
Click to expand...
Redundancy. I'm thinking it would be nice to have two paths to both the server and switch in order to simulate I/O. I don't know if this is needed or not, but the additional server dual-NIC was only $20, and setting up a quad-NIC workstation shouldn't be that difficult. (I'm talking myself into a new desktop computer...)

Also doesn't know the meaning of 0/1 , 0/2, 0/7, 0/8 labels.
Click to expand...
Before I bought the switch I didn't know either. It's shorthand for the I/O location: 0/1 = (switch 0/port 1). I imagine it's a very useful descriptor when you have several managed switches with lots of ports.

XavierMace; thank you for the feedback. Sophos is on my to-do list...

The 'gateway router' in my initial setup is just a temporary measure until the server is running with high confidence. It has 3 primary functions:

  • it allows me to quickly bypass the server and keep the internal network alive
  • the MAC address of the 'gateway device' is used by my ISP to provide service; without the router in front of the server I'd have to have the ISP tech support on speed dial.
  • it's wifi-enabled and has several troubleshooting features ie log in and ping from the WAN side of the server
The temporary gateway router will have DHCP disabled; addressing will be static with limited DHCP available though the appropriate AP (I bought a box of EnGenius 350 and 3500 multi-function devices for <$10 each).

The server virtual-router will have NAT disabled, although in my (limited) experience, double or even triple NATing doesn't slow things down any.

Footnote:

To the well-qualified ESXi users: Going forward, please understand I won't be asking tons of entry-level questions, if any at all. I enjoy the trial-and-error process of getting things to work, and with all the resources available via internet, there's no good reason to be spoon-fed knowledge.

That said, I do have the occasional brain cramp, usually due to too much information fighting for the front temporal lobe... Please humor the old guy if you can...

Thanks
 
G

Genx87

Lifer
Apr 8, 2002
41,091
513
126
MrBill10 said:
Thank you both. So the proposed physical setup of the server, switch and workstation is ok? I'm hoping to avoid too many false starts...

mxnerd, thanks very much for the link to Calvin's blog; the walk-through on pfsense/vlans simplifies the process a lot. I read through it twice and came away with a few loose ends, but need to fire the server and spend some quality seat time with ESXi to fully comprehend.

Genx87; I followed your advice a few weeks back and read up on then downloaded Sophos UTM. I fully intend to get it up and running in order to understand its character; I'm a big fan of understanding and using the correct tool for the task. How are you using VMs in your network? Your enthusiasm for Sophos is probably well founded...
Click to expand...

I dont use them in VMs. Mine are on their physical boxes models SG210 and SG115. And at home I run the home version on an old desktop(i5200,8GB ram, 60GB SSD, 2x1Gbps nics).

My enthusiasm for this product is due to trying to mess around with Pfsense a couple years ago before coming across this product. Wanted something more than what home routers had to offer(which isnt much). I found Pfsense clunky as it required add-on to get things like AV at the gateway or web filtering. I am not sure it even does application layer stuff yet. This does it all out of the box. It installs in minutes and can have basic functionality a short time after that. The GUI is also very user friendly and reporting top notch. afaik it can also be configured via SSH if you like CLI. I havent tested it but believe the home version will allow you to have a HA failover(active\Passive).

edit: btw if you are looking to bond your nic ports. Make sure either your switches support Link aggregation or the software that bonds them doesnt require switch support(if your switches dont support aggregation).
 
Last edited:

sdifox

No Lifer
Sep 30, 2005
96,964
16,214
126
MrBill10 said:
mxnerd; everyone is an expert compared to me... Any and all feedback is appreciated.

Redundancy. I'm thinking it would be nice to have two paths to both the server and switch in order to simulate I/O. I don't know if this is needed or not, but the additional server dual-NIC was only $20, and setting up a quad-NIC workstation shouldn't be that difficult. (I'm talking myself into a new desktop computer...)

Before I bought the switch I didn't know either. It's shorthand for the I/O location: 0/1 = (switch 0/port 1). I imagine it's a very useful descriptor when you have several managed switches with lots of ports.

XavierMace; thank you for the feedback. Sophos is on my to-do list...

The 'gateway router' in my initial setup is just a temporary measure until the server is running with high confidence. It has 3 primary functions:

  • it allows me to quickly bypass the server and keep the internal network alive
  • the MAC address of the 'gateway device' is used by my ISP to provide service; without the router in front of the server I'd have to have the ISP tech support on speed dial.
  • it's wifi-enabled and has several troubleshooting features ie log in and ping from the WAN side of the server
The temporary gateway router will have DHCP disabled; addressing will be static with limited DHCP available though the appropriate AP (I bought a box of EnGenius 350 and 3500 multi-function devices for <$10 each).

The server virtual-router will have NAT disabled, although in my (limited) experience, double or even triple NATing doesn't slow things down any.

Footnote:

To the well-qualified ESXi users: Going forward, please understand I won't be asking tons of entry-level questions, if any at all. I enjoy the trial-and-error process of getting things to work, and with all the resources available via internet, there's no good reason to be spoon-fed knowledge.

That said, I do have the occasional brain cramp, usually due to too much information fighting for the front temporal lobe... Please humor the old guy if you can...

Thanks
Click to expand...

pfSense can clone the MAC of your gateway. So you can remove the gateway when you are ready.

go with vlan if your hardware is up to it. let pfSense do the NAT and DHCP. reserve ip for as many pieces of hardware as you can outside of DHCP range. That way anything else is foreign and are shoved through captive portal and stay in the guest segment with only internet access. My DHCP range has 10 IPs

APs should just be APs and nothing else.

why do you have a server just for ftp? It's a very minor function. If you are concerned about security, set it up in an isolated vm and isolate it from your real network. then just ftp to it if you need the files

you can setup LAG (Link Aggregation Group) on the M4100. Just be aware all ports in a LAG has to be on the same VLAN.
 
Last edited:

MrBill10

Member
Apr 28, 2016
44
0
6
Genx87, mxnerd; thank you.

XavierMace; I am more the book type, the paper kind... Thanks for the prompt; I'll step into Chapters next time I'm in the city.

sdifox; the APs will need to serve as client routers until ESXi is sorted out with either Sophos or pfSense. The plan is to first get everything functional then start optimizing services one at a time. I'm in no hurry.

The weather station is USB'd into a HP computer running Virtual Weather Station as the data collection point and FTP server, with automatic uploads every 5 minutes to both my website and to Wunderground. The plan here is to relocate the station receiver to the Dell server and have it take over from the HP box.

Thanks for the comments on the M4100. I need to be more careful with my words: when I said redundancy I wasn't thinking of LAGs, as I doubt I'll ever be moving the amount of data that would require linked ports. I was thinking it would be nice to have a redundant, second I/O port for when I totally bork the one I'm playing on...
 

sdifox

No Lifer
Sep 30, 2005
96,964
16,214
126
MrBill10 said:
Genx87, mxnerd; thank you.

XavierMace; I am more the book type, the paper kind... Thanks for the prompt; I'll step into Chapters next time I'm in the city.

sdifox; the APs will need to serve as client routers until ESXi is sorted out with either Sophos or pfSense. The plan is to first get everything functional then start optimizing services one at a time. I'm in no hurry.

The weather station is USB'd into a HP computer running Virtual Weather Station as the data collection point and FTP server, with automatic uploads every 5 minutes to both my website and to Wunderground. The plan here is to relocate the station receiver to the Dell server and have it take over from the HP box.

Thanks for the comments on the M4100. I need to be more careful with my words: when I said redundancy I wasn't thinking of LAGs, as I doubt I'll ever be moving the amount of data that would require linked ports. I was thinking it would be nice to have a redundant, second I/O port for when I totally bork the one I'm playing on...
Click to expand...

why? the APs can just be APs even if you are just using the Router you have now. It can do the DHCP for everyone, unless you are already doing subnets.

ESXI USB passthrough maybe iffy for your weather stuff.
 
Last edited:

MrBill10

Member
Apr 28, 2016
44
0
6
sdifox said:
why? the APs can just be APs even if you are just using the Router you have now. It can do the DHCP for everyone, unless you are already doing subnets.

ESXI USB passthrough maybe iffy for your weather stuff.
Click to expand...

Yep; already on 2 subnets, VLAN'd through the M4100. The 'home' subnet is mainly wifi & internet and the 'work' subnet is mainly security cameras, the weather station and a Synology NAS. I've configured the network to allow both LANs access to the NAS + printer/scanner and nothing else (except for the current 'mission control' computer which can do anything, anywhere...)

Plan B on the weather stuff is to use a thin-client box I got free with a used monitor. They're neat little boxes; I'd like to have several to play with, just to see what kind of trouble I could get into...
 

MrBill10

Member
Apr 28, 2016
44
0
6
A quick update on how it's going...

My initial plan was to add the server into the network by connecting its WAN side to the gateway router and its LAN side to the managed switch, leaving everything else in place. That didn't go so well... The server (& pfSense) saw the WAN connection as coming from port 0/1 on the managed switch: Cisco Auto Detect was relaying the info through the LAN side of the gateway router. Port 0/1 is on a shared VLAN, and I didn't want to mess with the VLAN setups just yet, so after a re-think moved on to Plan B. (I understand it's not good practice for noobs to use 0/1 as it's also the management VLAN, so I'll be modifying the config accordingly.)

The server is now happily pulling a DHCP address from the LAN 2 router. PfSense is up and running and supplying addresses to 4 devices: XP-Pro in a VM, Ubuntu 16.04 in a VM and one AP with a netbook linked. All with internet access. Not to shabby for a novice

Genx87; I can see where some of your frustrations with pfSense come from... 3 configuration points: pfs-shell, pfs-web-client and ESXi. You can get into some stupid situations trying to learn; I had to reset to default setup x3. But it's happy for the moment.

Ubuntu is cool; I'm going to enjoy learning its nuances. ESXi/VMs are a great way to experiment with settings: screw up and hit the kill switch...

Next up is adding the managed switch into the equation; going to create a VLAN and bring pfSense to the party...

And suddenly I'm in a bit of a hurry; I scored a great deal on a R710, it'll be here in a week or so. 2x X5650 6-core @ 2.67GHz, 64GB DDR-3, (2x147)+(4x300)SAS, 4xGbE, 2xPSU and a DVD-R for $455Cdn ($365US). I haven't told my wife yet. I suppose I'd better get those rain barrels installed...
 

MrBill10

Member
Apr 28, 2016
44
0
6
The 90 day update...

vCenter is up and running, backup duties by VDP and monitoring by vCenOpsMgr and PRTG. Hardware in now a R710, R320, 2950 and a NOS Supermicro running nas4free on 3Tx4 in a SansDigital chassis. Other storage is 4Tx2 in a Synology box, 4Tx4 on the 320 and several 1T's in the other 2. Baystack 5520 and an Edgerouter lite, all in a 42u rack held down by a 5kVA apc.ups and an unused eaton 9px 30A transformer (cost me $10).
 

MrBill10

Member
Apr 28, 2016
44
0
6
I think I bought mine through an ebay deal listed here... and I got the firmware link here as well.

Y'all are a very bad influence... It's all your fault. On the other hand, my wife is happy I'm spending so much time in the house.
 
Last edited:

sdifox

No Lifer
Sep 30, 2005
96,964
16,214
126
MrBill10 said:
Funny you should say that... There's 2 brand new RPi's on the table waiting for me to get my poop in a group. Amazing little critters...
Click to expand...
Before you ask, no you cannot run pfSense nor Sophos UTM on the RPI3

IPFire apparently works with RPi but you will need to add another nic and then there is only one gig of ram. Not to mention the nic is running off the USB bus.
 

MrBill10

Member
Apr 28, 2016
44
0
6
Thanks, I think...

I'm more interested in the fancy new individually-addressable-RGB LED light strips hitting the market. Cheap entertainment.
 

sdifox

No Lifer
Sep 30, 2005
96,964
16,214
126
MrBill10 said:
Thanks, I think...

I'm more interested in the fancy new individually-addressable-RGB LED light strips hitting the market. Cheap entertainment.
Click to expand...

you mean each colour? Or each led is addressable?
 
You must log in or register to reply here.

TRENDING THREADS

COMPANY
RESOURCES
FOLLOW
Top Bottom
sale-70-410-exam    | Exam-200-125-pdf    | we-sale-70-410-exam    | hot-sale-70-410-exam    | Latest-exam-700-603-Dumps    | Dumps-98-363-exams-date    | Certs-200-125-date    | Dumps-300-075-exams-date    | hot-sale-book-C8010-726-book    | Hot-Sale-200-310-Exam    | Exam-Description-200-310-dumps?    | hot-sale-book-200-125-book    | Latest-Updated-300-209-Exam    | Dumps-210-260-exams-date    | Download-200-125-Exam-PDF    | Exam-Description-300-101-dumps    | Certs-300-101-date    | Hot-Sale-300-075-Exam    | Latest-exam-200-125-Dumps    | Exam-Description-200-125-dumps    | Latest-Updated-300-075-Exam    | hot-sale-book-210-260-book    | Dumps-200-901-exams-date    | Certs-200-901-date    | Latest-exam-1Z0-062-Dumps    | Hot-Sale-1Z0-062-Exam    | Certs-CSSLP-date    | 100%-Pass-70-383-Exams    | Latest-JN0-360-real-exam-questions    | 100%-Pass-4A0-100-Real-Exam-Questions    | Dumps-300-135-exams-date    | Passed-200-105-Tech-Exams    | Latest-Updated-200-310-Exam    | Download-300-070-Exam-PDF    | Hot-Sale-JN0-360-Exam    | 100%-Pass-JN0-360-Exams    | 100%-Pass-JN0-360-Real-Exam-Questions    | Dumps-JN0-360-exams-date    | Exam-Description-1Z0-876-dumps    | Latest-exam-1Z0-876-Dumps    | Dumps-HPE0-Y53-exams-date    | 2017-Latest-HPE0-Y53-Exam    | 100%-Pass-HPE0-Y53-Real-Exam-Questions    | Pass-4A0-100-Exam    | Latest-4A0-100-Questions    | Dumps-98-365-exams-date    | 2017-Latest-98-365-Exam    | 100%-Pass-VCS-254-Exams    | 2017-Latest-VCS-273-Exam    | Dumps-200-355-exams-date    | 2017-Latest-300-320-Exam    | Pass-300-101-Exam    | 100%-Pass-300-115-Exams    |
http://www.portvapes.co.uk/    | http://www.portvapes.co.uk/    |