[-] kaiwulf@alien.top 1 points 11 months ago

Really kinda depends on your use case.

For instance, if I'm building an ESXi cluster, then yea HPE all the way. It's quite trivial to find the option parts I need to complete the build and scour eBay for them. With those components tested and certified to work together I shouldn't have to worry too much about weird issues popping up.

Now, on the other hand, when building a NAS / SAN, I don't want to be locked into buying HPE branded disks so I opt for a Supermicro system. It doesn't care what brand of disk you use so I'm free to buy what makes sense for the type of datastore I'm creating,

Supermicro is also one of the few who build their server platforms on standard ATX / EATX form factors, so it's pretty easy to get the chassis you like and build the insides out however you like. Also makes upgrading the server internals super easy. Just buy a later gen components and transplant them. They're very good about making documentation and compatibility matrices available online

[-] kaiwulf@alien.top 1 points 11 months ago

The way to do this with an L3 managed switch is to use inter-vlan routing and access control lists.

First part is simple enough, enable IP routing in the switch, then give your vlan interfaces an IP address.

To control which nets can talk to others you build ACLs and attach the policy to the vlan. For instance, you can permit your workstation on the main net to talk to anything on nets 2, 3, and 4, and conversely they can talk back to only your workstation if you wish. Then you can deny anything on nets 2 - 4 from talking to each other.

[-] kaiwulf@alien.top 1 points 11 months ago

I run a completely separate switch for OOB, a separate vRouter in the firewall, with rules to allow those devices access to their update servers and nothing else

[-] kaiwulf@alien.top 1 points 11 months ago

One company I used to work for, we had an MSP on contract to basically back me up and provide 24x7 support. They were a Watchguard dealer and had many properties with WG firewalls onsite

We had Palo Alto firewalls at my company. During my tenure I got to know a lot of the MSP tier 2 and 3 techs, and we'd talk shop occasionally.

It seemed like every day they were rebooting a Watchguard on one of their client properties because it had locked up and become unmanageable, so they were basically taking businesses offline in the middle of the day to get the firewall back

I don't know if it's the hardware, firmware, or software that is at the core of those issues, but I am unabashedly NOT a fan of WG gear armed with that knowledge and experience

[-] kaiwulf@alien.top 1 points 11 months ago

Comparable *SOLD* listings on eBay are averaging $500 - $600 unloaded, meaning CPUs, power, RAM, and controller included but no HDD

You may want to consider Supermicro servers too. Great enterprise platform. A 6028U X10DRU comparable to the R730XD with 2x E5-2690v3, 64GB RAM, 12 LFF Bays, 4x 10G-BaseT Ethernet is going for about half of what the Dell is selling for

[-] kaiwulf@alien.top 1 points 11 months ago

At 6TB, why not just build a NAS rather than keeping that much storage attached to a single machine over USB?

[-] kaiwulf@alien.top 1 points 11 months ago

Well, since you're going rackmount, bite the bullet and grab some enterprise gear for your VMs and containers. I run a HPE DL380 G10, and you can get them fairly inexpensively. The biggest cost driver in them on the grey market is RAM. Theyre surprisingly efficient for home use and will last forever. I have some G5's that I ran for about 7 years and even though they sit on a warehouse rack in storage these days, they still run perfectly fine.

For my NAS and SAN, I run a Supermicro 847 Chassis, which is 36 LFF bay, with an X11 mobo running TrueNAS Scale. This setup allows me to create multiple large arrays, for NAS I have an SMB share that stores all my media for Plex, another array thats an iSCSI SAN feeding the VMWare stack, and yet another for local backups, all from one box with plenty of room for expansion.

Even with cloud backup services, its good to keep a local copy of everything live, and a local backup, so you can always find a need for more storage, good to have plenty of room to grow from the beginning.

Many ways to go about setting up shop. Some design considerations are gonna be do you want just enough to run the home, or do you want significant space beyond that to truly lab and play with tech? Server platforms will run VMWare, Nutanix, ProxMox far better than a desktop platform will, and are worth the bit of power consumption increase. I prefer the two box approach, separating compute from storage, because as much as I like the HPE DL platform, for home use I dont wanna be locked into buying HP branded disks any time I want to add storage. With the TrueNAS box I can add whatever disk I want and either expose it directly to the network, or add it as another LUN to the hypervisor datastore.

Rack gear is designed to move a lot of air. Ideally they need to be in their own closet away from people as much as possible, not only for the noise, but for the fact that people create dust and servers will suck that dust in and coat everything inside with it. To keep your gear running well, keep it away from people

As for network and security, you said youre looking at Unifi - Ubiquiti has a decent ecosystem for the average prosumer. As long as youre not planning to expose services to the internet you should be fine with that gear. If youre wanting a more robust network security solution, youd want to look into Firewalla, pfSense, OPNsense, or perhaps SonicWall

[-] kaiwulf@alien.top 1 points 1 year ago

Windows Desktop OS is optimized for foreground applications, GUI's, etc, whereas Server OS is optimized for background services, multiple user connections, and minimized need for downtime.

Neither of them are NAS software. Sure you can set up an SMB share on desktop, or build a fileserver in Server OS, but as youre wanting to replace a Network Attached Storage device, there are better options out there.

You could get a Supermicro server off eBay for cheap, either 2, 3 or 4U, and motherboard generation around X10 or X11. If youd rather a tower, then something like a Dell T440. Load it up with the drives you want and throw TrueNAS on the OS drives. TrueNAS is free and does a really good job of what it was designed for.

[-] kaiwulf@alien.top 1 points 1 year ago

Visio has been pretty much standard in all my work roles for rack elevation and network diagram drawings, so I use it for home stuff too

[-] kaiwulf@alien.top 1 points 1 year ago

If self hosting, I'd virtualize the workstations and utilize GPUs designed for virtualized engineering workstations, like a Nvidia A100

As for access, you could go through the trouble and expense of exposing something like VMware Horizon VDI to the internet through a reverse proxy if using virtualized workstations.

A better option would be to go with Cloudflare Zero Trust. You run a small agent on your side, and people outside needing access sign in through Cloudflare, and you can grant very specific access to what they need. It's kind of like a VPN but with much greater control over where someone can go while connected

You'll want to segment the workstations off into their own VLAN, and you should be using a good firewall on its own hardware to lock down access between outside and the workstation VLAN (ie only allow connection from Cloudflare service endpoint urls to IP range of your workstations)

[-] kaiwulf@alien.top 1 points 1 year ago

APC Symmetra LX 16kVa wired to a secondary panel. That panel feeds both the rack and computer receptacles in my office.

For extended outages I have a natural gas powered permanently installed backup generator. Generator start and transfer switch is fully automatic

As far as the rack and my office machines are concerned the power never goes out, even though my area experiences frequent brownouts and winter has a pretty good chance of seeing an extended blackout

[-] kaiwulf@alien.top 1 points 1 year ago

You'll need to keep the pfSense, as that will remain your default router, as well as firewall and vpn if youre using it. You would then trunk your VLANs to a managed switch.

A Cisco WS-C3850-12X48U-L is a 48 port gigabit switch that includes 12 100Mbps/1/2.5/5/10 Gbps Base-T UPOE Ethernet ports, but you would need to bump your budget to about $600. It has a network module slot that can accommodate 10 and 40 gig SFP+ If you wanted to run a fiber uplink

If you dont wanna blow the budget on the switch, something like a WS-C3750X-48P would be perfectly usable, its a 48 port 1G Base-T PoE+ switch with modular and redundant PSUs, and it has the option for a 2 port 10g SFP+ network module and you can usually find switches with the C3KX-NM-10G module installed for $100 or less.

view more: next ›

kaiwulf

joined 1 year ago