virtualize all the things... ?
-
@scottalanmiller said in virtualize all the things... ?:
@emad-r said in virtualize all the things... ?:
Imagine you want to patch ESXi, and you are connected via VPN VM running in that same ESXi host. And we dont have like 300 servers, more like 1-2 server per site. so you understand how difficult it can become.
No, I still don't understand. You are talking about adding another server to accommodate the VPN. So you are talking purely about consolidation as a concern, which it is, and not at all about virtualization as a concern (which it is not.)
Agree. Makes no sense. Move the VPN VM to another host before updating the original.
-
@emad-r said in virtualize all the things... ?:
Imagine you want to patch ESXi, and you are connected via VPN VM running in that same ESXi host. And we dont have like 300 servers, more like 1-2 server per site. so you understand how difficult it can become.
Um... this is where things like cluster aware updating come in handy.
-
@jimmy9008 said in virtualize all the things... ?:
@scottalanmiller said in virtualize all the things... ?:
@emad-r said in virtualize all the things... ?:
Imagine you want to patch ESXi, and you are connected via VPN VM running in that same ESXi host. And we dont have like 300 servers, more like 1-2 server per site. so you understand how difficult it can become.
No, I still don't understand. You are talking about adding another server to accommodate the VPN. So you are talking purely about consolidation as a concern, which it is, and not at all about virtualization as a concern (which it is not.)
Agree. Makes no sense. Move the VPN VM to another host before updating the original.
What if you only have 1 enterprise grade server in one site ? and you can just purchase another 3000$ server cause you ran out of budget, but you can get the AM1 AMD platform for 300$ and make it VPN server
-
@emad-r said in virtualize all the things... ?:
@jimmy9008 said in virtualize all the things... ?:
@scottalanmiller said in virtualize all the things... ?:
@emad-r said in virtualize all the things... ?:
Imagine you want to patch ESXi, and you are connected via VPN VM running in that same ESXi host. And we dont have like 300 servers, more like 1-2 server per site. so you understand how difficult it can become.
No, I still don't understand. You are talking about adding another server to accommodate the VPN. So you are talking purely about consolidation as a concern, which it is, and not at all about virtualization as a concern (which it is not.)
Agree. Makes no sense. Move the VPN VM to another host before updating the original.
What if you only have 1 enterprise grade server in one site ? and you can just purchase another 3000$ server cause you ran out of budget, but you can get the AM1 AMD platform for 300$ and make it VPN server
Why does having one server matter?
-
@emad-r said in virtualize all the things... ?:
@scottalanmiller said in virtualize all the things... ?:
@emad-r said in virtualize all the things... ?:
... it is bit tricky to diagnose and running when you cant connect especially if your working from home.
That just exposes the fragility of LAN-based security.
Hehe, true but what to say it is simple.
Is it? Seems complex to me
-
@emad-r said in virtualize all the things... ?:
@jimmy9008 said in virtualize all the things... ?:
@scottalanmiller said in virtualize all the things... ?:
@emad-r said in virtualize all the things... ?:
Imagine you want to patch ESXi, and you are connected via VPN VM running in that same ESXi host. And we dont have like 300 servers, more like 1-2 server per site. so you understand how difficult it can become.
No, I still don't understand. You are talking about adding another server to accommodate the VPN. So you are talking purely about consolidation as a concern, which it is, and not at all about virtualization as a concern (which it is not.)
Agree. Makes no sense. Move the VPN VM to another host before updating the original.
What if you only have 1 enterprise grade server in one site ? and you can just purchase another 3000$ server cause you ran out of budget, but you can get the AM1 AMD platform for 300$ and make it VPN server
I still don't see the logic. What's the connection between virtualization and all that cost? Why are you not virtualizing on the $300 AM1 board?
-
Does your edge device not support IPSEC or other VPN technologies? Seems like you could save yourself some money by putting in Ubiquiti equipment to facilitate this type of maintenance.
-
@emad-r said in virtualize all the things... ?:
@jimmy9008 said in virtualize all the things... ?:
@scottalanmiller said in virtualize all the things... ?:
@emad-r said in virtualize all the things... ?:
Imagine you want to patch ESXi, and you are connected via VPN VM running in that same ESXi host. And we dont have like 300 servers, more like 1-2 server per site. so you understand how difficult it can become.
No, I still don't understand. You are talking about adding another server to accommodate the VPN. So you are talking purely about consolidation as a concern, which it is, and not at all about virtualization as a concern (which it is not.)
Agree. Makes no sense. Move the VPN VM to another host before updating the original.
What if you only have 1 enterprise grade server in one site ? and you can just purchase another 3000$ server cause you ran out of budget, but you can get the AM1 AMD platform for 300$ and make it VPN server
Many ways to crack it. For example, VPN in. Set your firewall to allow remote connections from your current external IP address (not great, but possible).
Do the work. You have the VPN for when it's up, and rule through firewall if it doesn't come back up. After patch finished, remove the firewall rule... Of course, i'd not personally do that, I'd have a second host for multiple reasons anyway...
But you don't need the physical VPN server. Why have another kit at all for a rare chance it won't come back up... If it doesn't, you probably have other issues.
-
@scottalanmiller said in virtualize all the things... ?:
@emad-r said in virtualize all the things... ?:
@jimmy9008 said in virtualize all the things... ?:
@scottalanmiller said in virtualize all the things... ?:
@emad-r said in virtualize all the things... ?:
Imagine you want to patch ESXi, and you are connected via VPN VM running in that same ESXi host. And we dont have like 300 servers, more like 1-2 server per site. so you understand how difficult it can become.
No, I still don't understand. You are talking about adding another server to accommodate the VPN. So you are talking purely about consolidation as a concern, which it is, and not at all about virtualization as a concern (which it is not.)
Agree. Makes no sense. Move the VPN VM to another host before updating the original.
What if you only have 1 enterprise grade server in one site ? and you can just purchase another 3000$ server cause you ran out of budget, but you can get the AM1 AMD platform for 300$ and make it VPN server
I still don't see the logic. What's the connection between virtualization and all that cost? Why are you not virtualizing on the $300 AM1 board?
Ahh, now I see what you mean. Btw the board costs 50$ and the CPU that goes on top costs like another 50$ the whole AM1 AMD solution box with RAM + PSU + Drive will cost you = 300$
Umm, cause it will be only used for that role and that role only, no other thing. But I get your point now. If we want to think about virtualization as "hardware abstraction and driver containment" then it makes sense what you are saying.
-
@emad-r said in virtualize all the things... ?:
If we want to think about virtualization as "hardware abstraction and driver containment" then it makes sense what you are saying.
Right, when consolidation is not a factor, then removing the value of consolidation doesn't change the equation.
-
I'm trying to figure out why you are VPNing into something that isn't your firewall? and I'm not talking about HTTPS stuff here.
-
@dashrender said in virtualize all the things... ?:
I'm trying to figure out why you are VPNing into something that isn't your firewall? and I'm not talking about HTTPS stuff here.
What do you mean? Firewalls are handy, of course, but you just open the ports and connect to the VPN server. Only in the SMB can you get firewalls big enough to do VPN as well.
Windows Server, OpenVPN servers, DirectConnect, Pertino, ZeroTier, Hamachi... all meant to be VPNs that are behind the firewall.
-
@dashrender said in virtualize all the things... ?:
and I'm not talking about HTTPS stuff here.
But they are one and the same. Literally. How do you talk about one and not the other?
-
@scottalanmiller said in virtualize all the things... ?:
@dashrender said in virtualize all the things... ?:
I'm trying to figure out why you are VPNing into something that isn't your firewall? and I'm not talking about HTTPS stuff here.
What do you mean? Firewalls are handy, of course, but you just open the ports and connect to the VPN server. Only in the SMB can you get firewalls big enough to do VPN as well.
Windows Server, OpenVPN servers, DirectConnect, Pertino, ZeroTier, Hamachi... all meant to be VPNs that are behind the firewall.
Is the OP in need of a system like that?
-
@dashrender said in virtualize all the things... ?:
@scottalanmiller said in virtualize all the things... ?:
@dashrender said in virtualize all the things... ?:
I'm trying to figure out why you are VPNing into something that isn't your firewall? and I'm not talking about HTTPS stuff here.
What do you mean? Firewalls are handy, of course, but you just open the ports and connect to the VPN server. Only in the SMB can you get firewalls big enough to do VPN as well.
Windows Server, OpenVPN servers, DirectConnect, Pertino, ZeroTier, Hamachi... all meant to be VPNs that are behind the firewall.
Is the OP in need of a system like that?
The OP isn't talking about firewalls at all.
-
@scottalanmiller said in virtualize all the things... ?:
@dashrender said in virtualize all the things... ?:
@scottalanmiller said in virtualize all the things... ?:
@dashrender said in virtualize all the things... ?:
I'm trying to figure out why you are VPNing into something that isn't your firewall? and I'm not talking about HTTPS stuff here.
What do you mean? Firewalls are handy, of course, but you just open the ports and connect to the VPN server. Only in the SMB can you get firewalls big enough to do VPN as well.
Windows Server, OpenVPN servers, DirectConnect, Pertino, ZeroTier, Hamachi... all meant to be VPNs that are behind the firewall.
Is the OP in need of a system like that?
The OP isn't talking about firewalls at all.
No, he's talking about VPNs.
-
@dashrender said in virtualize all the things... ?:
@scottalanmiller said in virtualize all the things... ?:
@dashrender said in virtualize all the things... ?:
@scottalanmiller said in virtualize all the things... ?:
@dashrender said in virtualize all the things... ?:
I'm trying to figure out why you are VPNing into something that isn't your firewall? and I'm not talking about HTTPS stuff here.
What do you mean? Firewalls are handy, of course, but you just open the ports and connect to the VPN server. Only in the SMB can you get firewalls big enough to do VPN as well.
Windows Server, OpenVPN servers, DirectConnect, Pertino, ZeroTier, Hamachi... all meant to be VPNs that are behind the firewall.
Is the OP in need of a system like that?
The OP isn't talking about firewalls at all.
No, he's talking about VPNs.
Neither as far as I can see.
-
Yeah, this conversation on VPNs and Firewalls is a tangent, based on someone saying that they didn't like virtualizing their VPN server.
-
@scottalanmiller said in virtualize all the things... ?:
In reality, KVM is the better choice most of the time.
Any experience with QEMU? How does it compare?
-
@bj said in virtualize all the things... ?:
@scottalanmiller said in virtualize all the things... ?:
In reality, KVM is the better choice most of the time.
Any experience with QEMU? How does it compare?
He has an incredible amount of experience with it but you're likely to use
virt-managerat least at first
