Netork Domain Configuration advice please

[anodos]

Thank you very much for all the advice. I decided to put together an EXSi machine, and I'm ordering parts for it today. I think I can learn a lot by setting up a bunch of VMs on it and try to get the networking between the VMs to work the way I want it to, this would make a nice test environment and I would not have to wonder if a cable issue is causing a problem.

Learning how to use esxi and configure your VMs is a good idea. I'd consider buying a switch and do some testing with physical hardware as well. This won't necessarily be throwing away money because you can use it later to separate your network with old Win 3.11 and Win98 computers from your modern computers that are connected to the internet (by creating a second physical network).

 

[Zaaphod]

I consider it a good investment... I've been running 3 or sometimes 4 VMs on my desktop computer at a time and if I can unload all that processing onto EXSi that would not only free up my desktop processor, but also isolate them from that particular computer. I could also use the exsi system to host domain controllers and possibly other web servers as well.

 

[jgreco]

[*]Active directory domain controllers should be virtualized when possible. I'd have a dedicated VM server (esxi or xenserver) and create a samba4 DC following the steps in the samba wiki here: https://wiki.samba.org/index.php/Setup_a_Samba_Active_Directory_Domain_Controller. That said, I run Windows Server 2012R2 VMs for my DCs.
[/LIST]

The VM/Samba, by the way, works very well, if you follow the instructions. I was actually shocked how well it went...

I just can't bring myself to pay for Win Server 2012.

 

[Zaaphod]

I'm back on this project and have a question. First an update. I've added an ESXi server using SuperMicro A1SRM-LN7F-2758 Motherboard with 7 LAN ports to run my VMs. This is very nice, and I'm thankful to anodos for the suggestion! I managed to move the w98 machine to the ESXi server and dedicated one lan port to go out to the CNC machines.. the network response on the CNC machines is amazingly faster than it was running the W98 machine in virtual PC. now that Virtual PC is no longer needed, that means I can upgrade the win 7 machine I was using for that to Windows 10. Also all Windows 8 machines have been upgraded to Windows 10. I still have some XP machines, but they are heading out too soon. Things are starting to shape up, but now with these servers I have a new problem and I'm not sure of the best way to solve it.

I have been using my router as a DHCP server, and I have input all my MAC addresses and desired IP addresses into DHCP Address Reservation. This has been working great because I can manage all the IP addresses from one location, just let all the computers and devices automatically get their assignment from the DHCP server, It's been working great, but I just ran into a problem... My router only allows 32 address reservations, and I have at LEAST 9 more IP addresses to assign. So, whats the best way to solve this? Should I disable DHCP on my router and run my own DHCP server on either FreeNAS or my ESXi server? I have not got into a samba server yet or any kind of domain controller... if I did set that up, would that take care of fixing IP addresses with a DHCP server or is that a separate thing?

Any advice is greatly appreciated!

 

[jgreco]

It's definitely gimpy that these little NAT gateway devices limit DHCP reservations. DHCP isn't that hard to do. You can easily create a small FreeBSD VM to manage DHCP, or possibly see about utilizing something like a pfSense VM as a DHCP server since I believe it has a fairly decent DHCP management interface.

 

[Zaaphod]

pfSense looks like it could replace the entire router. Interesting idea. I have plenty of lan ports to make that work. I'm wondering if I did that would I have good enough performance both for pfSense acting as a router or my VMs with pfSense busy being the router. Looks like I could set it up and not have it act as the router, just have it do the DHCP part. I found this tutorial on how to run pfSense on EXSi https://calvin.me/part-1-install-pfsense-on-esxi-5-5/ Just wondering if anyone has any experience with using an ESXi VM running pfSense for a router.

 

[jgreco]

Yes, lots of people do it. What you're calling a "router" ... probably isn't, it's probably a NAT gateway. pfSense is a full-on software router, plus it can do NAT tasks. This means you can actually create multiple networks and have them all properly configured and properly communicating with each other. It's definitely still a software router, but so are virtually all NAT gateway devices, and the VM is likely to pound the **** out of a small office type NAT gateway.

The big thing is that you have to remember that the vSwitches on ESXi default to a little network paranoia so things like promiscuous mode are probably disabled, and enabling it means that VM's on that network will all potentially see each others traffic. This is probably okay for a home network but is potentially an argument against trying to use transparent bridging (which would need promisc) vs using it as a NAT gateway or general purpose router (which probably doesn't).

 

[anodos]

Netgate sells pfsense appliances if you want to go with something physical rather than a VM.

 

[Zaaphod]

Thanks for the information! I really like the idea of running it in a VM. I'm not worried about security of any data, it's not a big corporation, just a small home business with family members. One thing I'm trying to do is reduce my power consumption, hence the atom based servers running things that need to be available all the time, which will allow me to put ALL the other computers to sleep when not actually in use... so if I can run one more box in a VM it goes even further toward power savings. I wonder if I should attempt to use a fixed IP for FreeNAS and ESXi so I can boot FreeNAS first, then start the pfSense VM from a vmdk drive on the FreeNAS server? or should I just put some small storage on my ESXi Server?

 

[jgreco]

Infrastructure (i.e. anything your network absolutely needs in order to work) should always have a static IP address.

Yes, the ESXi host requires its own datastore. These days you should strongly consider just getting a nice high reliability SSD like the Intel 535. A 240GB unit should be ~~$100 and the 480's around $200. If you figure that the VMDK size for a FreeNAS box and the pfSense box are maybe 10-16GB, you might even be tempted to go with 120GB SSD, but my advice is to avoid that urge and get some additional space, because being able to spin up a new VM to play with and not needing to worry about where the space is coming from is VERY NICE.

 

[Zaaphod]

I agree with you 0n the space! I have a 500GB mechanical drive hooked up to my ESXi server at the moment.. just to play with it. I see the Intel SSDs are similarly priced to Samsung SSDs which is what I have been using for desktop PCs. Is there an advantage to Intel over Samsung?

 

[Mirfster]

I think that Samsung has the better warranty, if you are buying new. The 850 PRO Series has a 10 year warranty:

http://www.samsung.com/global/business/semiconductor/minisite/SSD/global/html/support/warranty.html

 

[jgreco]

With both Samsung and Intel you're talking top-of-the-food-chain devices.

Comparing the 535 to the 850 Pro isn't particularly fair since the 535 is a value oriented drive. The primary advantage there is that the 535 is *cheap*!!! I picked up a dozen for around $150/each back around Black Friday. The lowest price for the 850 Pro was around $210.

The problem is that the extra cost probably isn't justifiable. The way the warranty on these things work, the Samsung is 150 TBW (terabytes written). So if I take 150000 and divide by ten years and divide by 365 days, Samsung is warranting the drive for 41GB/day for ten years. The Intel 535 is 40GB/day for five years. I can make that work nicely for the Samsung by specifying an expected service lifetime of five years (or less) at which point the 535 is still only rated for 40GB/day but the Samy becomes 82GB/day.

So the thing is that in the last five years, we've gone from SSD's being around $2/GB for bottom-tier SSD, to today where it is 31c/GB for good-quality or 21c/GB for cheap stuff. And the real question is, would I be RMA'ing a dead SSD, or more likely just buying a replacement, at a lower cost/GB?

I was looking for a hypervisor solution too. But since they're going to sit in a data center 800 miles and 14 hours away, everything's paranoid-redundant. Both chassis have a nice LSI 3108 RAID controller in it. The RAID controller has 3 1TB WD Red drives, two in mirror with a spare, for high endurance operations like logging. There are then two mirror sets of Intel 535, with a spare, making a total of eight drives per chassis.

The problem is that I hate hypervisors because they give you all the information except the stuff you really want to know. For that you've got to dig into the CLI. But when I do so, it seems like I'm even managing to live within the 40GB/day budget. Yay!

But I do expect that the drives may not live out their lifetimes, at which point I probably don't really care if they're under warranty anymore, because by that time the Intel 555's will be out with a 1TB drive for $99 and 400GB/day endurance.

My vote? Probably get the cheap-but-reliable.

 

[Zaaphod]

I ordered some SSDs I decided to upgrade the capacity on 2 of my windows 10 computers to 500GB samsung SSDs.. so now I will have the old SSDs coming out to do something with. one is a 120GB samsung SSD, the other is a 256GB Samsung Pro SSD I have a 500GB samsung SSD going to my ESXi Server for VM Storage.. but could these other 2 drives be used to help either my FreeNas Server or the ESXi Server as cache drives perhaps, or maybe just fast storage on the FreeNAS box? I currently do not have any kind of caching drives on either of these. The FreeNas box has just a boot USB stick and a pair of 8TB mirrored drives. The ESXi server has just it's boot USB stick and a 500GB mechanical drive, I plan to add the 500GB SSD for working VMs and leave the mechanical drive for experimental VMs. Would either of these servers benefit from a caching drive? Both Servers have 32GB of RAM installed.

 

[Zaaphod]

I'm still having network issues... Perhaps someone knows what's happening. For some reason FreeNAS does not show up on any of my windows 10 machines, but it does show up under windows 7 machines. I have the same problem with my Konica Minolta MFP.. in fact the windows 10 computers can only see other windows 10 computers. but the windows 7 computers see everything on the network, including win 10 computers, the MFP and FreeNAS and other Linux PCs. Is there some trick to making windows 10 network function like everything else? I can access things like FreeNAS by putting in the IP address, but it's bugging me that all my win 7 PCs show EVERY rescource on the network instantly but the win 10 computers only show other win 10 computers and they are slow in showing up. I thought I would upgrade everything to win 10 being I can upgrade for free.. but I'm starting to think I should be putting win 7 on everything. I never turned on the windows 10 homegroup thing.. thinking that would make it less compatible.

Any ideas?

 

[Mirfster]

I thought I would upgrade everything to win 10 being I can upgrade for free

Not so "free" when you see under the covers at what they are gathering from you as well as using your system to update others... :p

 

[Zaaphod]

I think Microsoft purposefully makes newer versions of windows difficult to network with previous versions. There's no reason I can think of why my win 10 machines can only see each other but not anything else. In fact win 7 pro computers that could see every resource on the network including FreeNAS and my Linux computers, win 10 computers, and XP VMs, and even a win 98 VM can no longer see anything but windows 10 pcs after 'upgrading' them to win 10.

 

[gpsguy]

Obviously you need to ditch those XP and Win 98 VM's and use Windows 10 instead. :p

 

[Zaaphod]

I still haven't figured out how to get FreeNas to show up on my windows 10 computers, but now I have a new problem. I occasionally get an error 0x8007003b when copying files to FreeNas. It seems to happen more often on large files. There is a retry option and sometimes and normally retry will get it to work, sometimes with only 1 retry, other times I need several retries. Anyone know what could cause this error or how to troubleshoot it. It can be annoying when I think I'm transferring a lot of files only to come back after hours to find that it's been sitting there with that error and not doing anything.

 

[gpsguy]

If you do a Google search on that error code you'll find some hits and potential solutions.


Sent from my phone