I have a tn-core machine that is physically built, working and functional. It is a purpose built machine to be nfs and iscsi storage for esxi vms.
I'm looking for some high-level overview/advice as to what direction I want to go for authentication, identities, domains, credentials, encryption, etc.
I have a small homelab esxi 7.0 environment. After upgrading to 7.0 it seems to be broken however I did have a working AD over LDAP(s) environment with esxi 6.5 and 6.7, with nfs and local on-host storage. Before I upgraded to esxi 7 I had a blend of fully automated LE certs with internal windows CA for ESXi. I now have zero on-host storage and plan to keep all of my VMs on truenas core. Currently ESXi will connect to my TN machines --but as soon as I try to use the nfs stores, it fails due to cert issues. I am extremely concerned that I could lock myself out of my VMs so I'd like something easy, reliable --and with a back-door option to sort things if I end up using LE certs. I'm not opposed to AD and AD internal Certs with AD over LDAPS like before --but I can't help but think that half of my VMs exist to support green padlocks on browsers.
I have pfsense pulling LE ACME certs. PfSense then SCP's the certs out to wherever they need to go, and the individual hosts deal with the certs from there. I don't like it, it's messy, multiple points of failure, adds much complexity --But so does Active Directory and Windows CA. Saying this twice for emphasis: I feel like half of my VMs exist to support green padlocks in web-browsers.
Lots of things are either depreciated or going to be depreciated (ad, adfs, other bill-gates related). What do people do and/or what do I want to look at for authentication, identities, domains, certificates, etc. in a homelab? I pay for vmug and I would gladly pay for another service that would simplify security and credentials.
I see a lot of people with Scale or jails/VMs, plugins, etc. This TN-core machine is for vmware datastores for vms only. Nothing else.
Any thoughts and suggestions are much appreciated. I'm not looking for someone to hold my hand, I'm looking for suggestions that will be around for 3-5 years so I can tear my hair out once and be done with it. Thanks.
Hardware:
Fractal 804 case. e3v5, x11ssh-f, SM AOC 2x SFP+ NIC, 8x 7200rpm spinny (SED) in 4x mirror, mirror 100gb optane w/plp m.2 for slog/zil on a bifrucated pcie AOC. 64gb of stupid-expensive udimm ecc. Also have 6x 1tb ssd in rz2 (only because the sata ports were available). A bunch of custom 3d printed baffles and fan ducts to handle cooling and air flow.
I'm looking for some high-level overview/advice as to what direction I want to go for authentication, identities, domains, credentials, encryption, etc.
I have a small homelab esxi 7.0 environment. After upgrading to 7.0 it seems to be broken however I did have a working AD over LDAP(s) environment with esxi 6.5 and 6.7, with nfs and local on-host storage. Before I upgraded to esxi 7 I had a blend of fully automated LE certs with internal windows CA for ESXi. I now have zero on-host storage and plan to keep all of my VMs on truenas core. Currently ESXi will connect to my TN machines --but as soon as I try to use the nfs stores, it fails due to cert issues. I am extremely concerned that I could lock myself out of my VMs so I'd like something easy, reliable --and with a back-door option to sort things if I end up using LE certs. I'm not opposed to AD and AD internal Certs with AD over LDAPS like before --but I can't help but think that half of my VMs exist to support green padlocks on browsers.
I have pfsense pulling LE ACME certs. PfSense then SCP's the certs out to wherever they need to go, and the individual hosts deal with the certs from there. I don't like it, it's messy, multiple points of failure, adds much complexity --But so does Active Directory and Windows CA. Saying this twice for emphasis: I feel like half of my VMs exist to support green padlocks in web-browsers.
Lots of things are either depreciated or going to be depreciated (ad, adfs, other bill-gates related). What do people do and/or what do I want to look at for authentication, identities, domains, certificates, etc. in a homelab? I pay for vmug and I would gladly pay for another service that would simplify security and credentials.
I see a lot of people with Scale or jails/VMs, plugins, etc. This TN-core machine is for vmware datastores for vms only. Nothing else.
Any thoughts and suggestions are much appreciated. I'm not looking for someone to hold my hand, I'm looking for suggestions that will be around for 3-5 years so I can tear my hair out once and be done with it. Thanks.
Hardware:
Fractal 804 case. e3v5, x11ssh-f, SM AOC 2x SFP+ NIC, 8x 7200rpm spinny (SED) in 4x mirror, mirror 100gb optane w/plp m.2 for slog/zil on a bifrucated pcie AOC. 64gb of stupid-expensive udimm ecc. Also have 6x 1tb ssd in rz2 (only because the sata ports were available). A bunch of custom 3d printed baffles and fan ducts to handle cooling and air flow.
Last edited:
