Virtualize Every Server
-
@Carnival-Boy said:
@scottalanmiller said:
Okay, gotcha. So that's a major vote pro-virtualization then
Maybe. I'd have to consider any licencing implications of separation.
Even if you don't decide to do it, having additional options is a positive on its own. If needed, it is there in case.
-
The only other server I still have physical is Hamachi. I virtualised it originally but it was very flaky so went physical, which is a pain.
-
Oh, and our PBX is physical.
-
@Carnival-Boy said:
The only other server I still have physical is Hamachi. I virtualised it originally but it was very flaky so went physical, which is a pain.
Is that a Hamachi Gateway? Like a hub and spoke VPN design?
-
Yes
-
Cool, haven't used Hamachi in many years. They kept dropping support for things and we gave up on it.
-
-
I'm starting to wonder if virtualising my firewall was such a good idea.
-
@Carnival-Boy said:
I'm starting to wonder if virtualising my firewall was such a good idea.
What makes you say that?
-
@Carnival-Boy said:
I'm starting to wonder if virtualising my firewall was such a good idea.
Only reason to be concerned with a virtual firewall is if you have are putting, normal internal VMs, your Firewall and your DMZ External VMs all on one host, even then the risk is small.
-
@Carnival-Boy said:
I'm starting to wonder if virtualising my firewall was such a good idea.
Why? Every cloud provider does a VFW. Cisco's vASA is very kewl, especially in high density environments that I work in. Thousands of firewalls, all humming along.
Your little one off isn't that big of a deal. Just isolate and go for it.
-
@dafyre said:
@Carnival-Boy said:
I'm starting to wonder if virtualising my firewall was such a good idea.
What makes you say that?
Because I need to power off my ESXi hosts this weekend remotely and I have no way of doing it as the firewall is running on one of the hosts. So I need to move the firewall onto a separate box, and if I'm going to do that, I'm not sure it's worth virtualising. I'd have to use a free ESXi licence, so I don't think Veeam would back it up, and it's fairly trivial to a fresh, bare metal install if disaster struck anyway.
-
@Carnival-Boy said:
Because I need to power off my ESXi hosts this weekend remotely and I have no way of doing it as the firewall is running on one of the hosts. So I need to move the firewall onto a separate box, and if I'm going to do that, I'm not sure it's worth virtualising. I'd have to use a free ESXi licence, so I don't think Veeam would back it up, and it's fairly trivial to a fresh, bare metal install if disaster struck anyway.
How can you not power them off remotely just because it's running as a VM, shutdown your other VMs, power off the Host the Firewall is on and let the VM gracefully shutdown during the host shutdown. Easy.
-
Oh ok, cool. For some reason I thought you had to put the host into maintenance mode before you can shut it down. I'm not quite sure what you mean by gracefully, though?
-
@Carnival-Boy said:
Oh ok, cool. For some reason I thought you had to put the host into maintenance mode before you can shut it down. I'm not quite sure what you mean by gracefully, though?
It will ask you too but you do not have to do that, Maitenance mode is really for when you are just going to shut down one host and want the VMs to move over to another host first.
-
@Carnival-Boy said:
@dafyre said:
@Carnival-Boy said:
I'm starting to wonder if virtualising my firewall was such a good idea.
What makes you say that?
Because I need to power off my ESXi hosts this weekend remotely and I have no way of doing it as the firewall is running on one of the hosts. So I need to move the firewall onto a separate box, and if I'm going to do that, I'm not sure it's worth virtualising. I'd have to use a free ESXi licence, so I don't think Veeam would back it up, and it's fairly trivial to a fresh, bare metal install if disaster struck anyway.
One of the main points of the article is that consolidation is not part of the "always virtualize" discussion. Consolidation has many, many cases where it does not make sense. But the reasons to virtualize aren't dependent on consolidation - that's a separate concern.
Also, if ESXi doesn't meet your needs, skip it. Just because ESXi has become rarely a good choice for virtualization doesn't mean that virtualization isn't a clear win, only that VMware is rarely a clear win. In fact, see my other post, VMware is now the virtualization that I would least likely recommend as it has basically no real advantages but many caveats. HyperV and XenServer would be 99% of the recommendations that I would make.
One to one and HyperV or XenServer should solve all your issues.
-
Without some sort of Remote Access he won't be able to power the VM host back on. Even if he had iDRAC, it wouldn't matter since his firewall will be down also, he's have no way to reach the iDRAC.
-
@Dashrender said:
Without some sort of Remote Access he won't be able to power the VM host back on. Even if he had iDRAC, it wouldn't matter since his firewall will be down also, he's have no way to reach the iDRAC.
Depends. In most datacenters they will have remote hands to do this or remote start out of band equipment that is another layer of OOB beyond what IPMI (ILO, DRAC, etc.) does so that even if your entire network is down you can still power on.
-
@scottalanmiller said:
@Dashrender said:
Without some sort of Remote Access he won't be able to power the VM host back on. Even if he had iDRAC, it wouldn't matter since his firewall will be down also, he's have no way to reach the iDRAC.
Depends. In most datacenters they will have remote hands to do this or remote start out of band equipment that is another layer of OOB beyond what IPMI (ILO, DRAC, etc.) does so that even if your entire network is down you can still power on.
Sure, and I realize my post is in the wrong thread.
-
@scottalanmiller said:
@Dashrender said:
Without some sort of Remote Access he won't be able to power the VM host back on. Even if he had iDRAC, it wouldn't matter since his firewall will be down also, he's have no way to reach the iDRAC.
Depends. In most datacenters they will have remote hands to do this or remote start out of band equipment that is another layer of OOB beyond what IPMI (ILO, DRAC, etc.) does so that even if your entire network is down you can still power on.
We have Dialup OOB Access that allows us to power cycle or access DRACs, Routers and switches.