You can run VirtualBox on Debian Buster, for instance, gaining the access to kernel 4.9
Nethserver will be on a physical machine, running alone. By servers I meant on the network but don’t expect that much traffic except internal traffic. The services run are basic.
- Firewall
- OpenVPN
- DNS Server
Which is why I am also considering using a 3700X which is a 8 cores.
Take into account that right now, Nethserver 7.8 runs on a embedded CPU J1900 which has a very very low rank and it is able to do what I need from it at this very moment which is a firewall, openvpn and dns server. I would be very surprised if CentOS 8.0 would not leverage the Ryzen Architecture given it is the CPU of the hour.
I would do this if I intended to run it on a server along with other VMs, but I want this to be on a separate box and it seems like a huge waste of resources to install something like Proxmox just to run Nethserver on it.
Neth works just fine using Ryzen virtualized in my case. I’d tend to be more worried about your NICs on the board to make sure you get the fullest throughput/supported drivers.
I see you virtualized Nethserver under Xen using a 3600. Is Nethserver the only thing running on that box?
When it comes to NIC cards and driver issues that could still be the case even under a virtualized environment. But now you make me think that if I use something like Proxmox to virtualize Nethserver as my firewall solution, it would be easier to backup and bring to another system without having to worry about the dedicated hardware.
2 Likes
It just occurred to me to ask you this question. On that XEN Hypervisor Server, you only have Nethserver correct? It sounded as if you didn’t passthrough your NICs to your Nethserver but you could do that if you wanted to. But I’m guessing you created your network interfaces that you needed in Xen correct?
I have multiple nic assignments both physical and virtual for my Nethserver installs and you can see how I deploy them here. For my Xen based hypervisors I run everything on them from Windows 10 machines, Pfsense, Nethserver, FreeNas (with very specific conditions) and so forth. As @Andy_Wismer (someone I consider as a local Proxmox guru) would note though, the XCP-NG does not offer any docker like setup.
Hi Royce & Patrick
I’ve been following your discussion on and off for a while.
Yes, a co worker of mine happens to have a nifty AMD Ryzen Notebook.
For the kicks we did a trial installation of Proxmox last week on that notebook. 16 GB RAM is nice too, more could surely be used, but whatever - it runs nicely as Proxmox!
To “improve” performance we used an external USB3 adapter hooked SSD. (Didn’t want to ruin the Win10 Setup for testing). Still, performance was good.
We used a couple of test VMs we had on the NAS, win10, a Neth and OPNsense. All worked performant enough…
My 2 cents
Andy
Hi Andy,
Thanks for your input. I have a Ryzen processor myself but it was more for a house application, using a 3100 processor which is 4 cores. Should be plenty of power I think. I may just upgrade my current workstation using a 3700X to a 5600X and just using the 3700X for my Nethserver which, FOR SURE would be overkill. But then Royce is having me consider installing Proxmox on that server and installing Nethserver under it which could be nice since I would benefit from being able to backup my nethserver and if ever I want to use it in another Proxmox environment I could (after making a few changes depending on hardware changes).
Now the question is, should I dedicate a NIC to it via passthrough or just create virtual NICs and have Nethserver use that? Which way would you go?
I’d let Proxmox worry about that. Passthru gets you a Gigabit NIC, wheras if Proxmox handles that for you, you get a 10 Gig NIC (Internally, but hey!).
All 30 of my clients are using Proxmox / NethServer that way, no one has performance issues!
A virtual Win10 gets a 100 Gig NIC - and can use that!
My 2 cents
Andy
1 Like
Unless this is a dedicated edge firewall/networking device (and even possibly then) I’d strongly encourage you to virtualize it irregardless of the hypervisor such as KVM, Proxmox, Xen, or ESXI.
2 Likes
Thanks to both of you, I both marked you as solutions for those interested in not just figuring out if a 3100 is enough but more for the virtualization part which I think makes a lot of sense to minimize migration efforts.
@Andy_Wismer Last but not least, a question for you Andy. Unless I’m using ZFS (which I don’t plan too since I will only be using 2 drives in there, one for proxmox and the other for Nethserver), I don’t really need to use ECC ram correct? I think ECC is more of a requirement if you use ZFS correct?
Even then (Using ZFS) It’s only a “strong” suggestion to use ECC RAM. If the price is OK, I endorse it too. But it’s not a must carved in rock!
It’s better is saftey for bit errors, yes.
My 2 cents
Andy
1 Like
Ok… Does Ryzen 3000 supports ECC RAM?
Better question is does the mother board in use properly implement and support ECC RAM. Most Ryzen processors (not the 2000/3000G on board video processors that I can remember) do support it but motherboard support has been questionable at best. Some vendors say they “support” ECC RAM but do not properly implement it for the error correcting function the ECC ram was built for.
All Ryzen 3 processors, in this case the 3100 is part of that group, support ECC Ram as far as I know. Also, all Asrock motherboards support ECC Ram which is what I am going for. Doesn’t matter if a gaming or server board, Asrock has you covered in terms of ECC RAM.
Not only the memory, but I also seem to remember that you end up with “unknown processor” in certain info displays. This beggs the question if it doesn’t leave performance on the table etc, due to the kernel not exactly “knowing” what ryzen is.
Hi
If using Virtualization, as in Proxmox above, you anyway use a “KVM CPU”. Not Intel, not AMD.
It’s the same as with RAID. Let the system underneath deal with Redundancy, not the system on top.
Here: The OS (Proxmox/Debian) knows about the CPU, it’s supported…
There’s also this consideration:
Most current Desktop OS, with Windows even and especially Server OS, come with extensive GPU support. However, most Server Graphics Cards or Interfaces are not equipped with GPU. Why?, They’re running headless in a server rack, next to dozens of other similiar servers…
Then again, most servers nowadays are only set up virtually…
And you know what? From a user point of view, it simply doesn’t really matter! Present day CPUs have more than enough power.
Virtualization: Why use a KVM CPU instead of the real, built in CPU?
The reason again is flexibility. Think Live Migration… You have several servers, none have the same CPU.
Again, using KVM CPU it doesn’t really matter! Your Windows will still see the “same” KVM CPU, even if migrating from Intel to AMD! So no relicensing issues or re-registration!
My 2 cents
Andy
1 Like
To drive home this point I have been testing Neth on a Rasphberry Pi 4 and it has done everything I normally virtualize Neth for (OpenVPN, Account Manager, Guacamole and Email/SOGo). I have been super impressed with what this cheap PoE capable board can do.
The only thing I can’t currently do on this unit is to get Guacamole to properly send out WoL packets that I know Nethserver can do via terminal.
1 Like