To virtualize or not to virtualize

Hi, I need a help in deciding my server as we are pretty limited, 1 powerful computer, actually my desktop computer, and one my ex gateway computer, but I prefer not to use that old computer as it has been showing some problem lately.

Specification as follows:
AMD Phenom II X2-545 (RVI supported)
Gigabyte 785GT
4GB RAM
320GB + 160GB hard drive

Intel Celeron 400
128MB RAM
10GB hard drive
Intel e100 ethernet.

And these are applications we need:
1. Samba
2. LDAP
3. Gateway, firewall, NAT, etc
4. VPN (I think this will be integrated with the gateway)
5. LAMP (Apache, MySQL, PHP). There will be 3 application taking advantage of this. Accounting software, sales software, and one small application for manage DHCP leases.
6. DHCP, DNS (I think dnsmasq should be enough, but I want this integrated with LDAP)
7. RADIUS (to authenticate whoever coming from VPN)
8. Mail server

User will be about 100 people, with around 20 computer on site, and mostly from our sales people using VPN dialin.

The question is, should we virtualize? Or just cram everything in one dedicated server?
I also concerns about security if I put DHCP/DNS/LDAP/RADIUS along with MySQL/Apache/PHP, along in the same machine as our gateway. Will VM gateway improve that security?

Also if virtualize, which one is better, XenServer, Linux XEN, or VMware. And if VMware, which one, ESX or VMware Server. ESX 4 won't be able to recognize my realtek 8111, and I prefer not to buy e1000. The cheapest Intel E1000 here cost $50.

Thank you
LVL 3
prd00Asked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Paul MacDonaldDirector, Information SystemsCommented:
I wouldn't try putting all that on one server, let alone virtualizing it.  Not on that hardware anyway.  
How mission-critical is this stuff?  If you lost any component, would you be able to continue to function?
0
prd00Author Commented:
Not so mission critical. We can use phone if something happens, but I prefer the order comes directly at our computer, so that everyone off site can get the update of our status without calling home.

Accounting software is FrontAccounting. Sales Software is our home made POS system, plus 2 php script that read /etc/dhcp3/dhcpd.leases file and write those mac address that I've choosen to static IP to /etc/dhcp3/dhcpd.conf.

They are not that busy. The only one that I suspect will consume most CPU and RAM would be Apache/PHP/MySQL, and Samba that will consume some disk bandwidth. NAT will handle our internet usage, browsing, downloads, etc, but that won't take much.

DHCP/DNS will only act as masquerade, firewall I was using Mikrotik, but I can use iptables to replace it.
0
prd00Author Commented:
Oh, anyway, it is only a home business. The only thing I care over there are my files that will be on Samba. And I've plan to put a RAID 1 using AMD770 mixed raid function. Even then, that samba won't work too much. Mostly are spreadsheets.
0
Powerful Yet Easy-to-Use Network Monitoring

Identify excessive bandwidth utilization or unexpected application traffic with SolarWinds Bandwidth Analyzer Pack.

TolomirAdministratorCommented:
Regardless if you virtualize or not: consider a good backup solution.

Make sure that all your business data / personal data is backuped on an external medium. A simple USB drive could do the job. Also save your configuration files (at least one time)

Tolomir
0
TolomirAdministratorCommented:
0
oztrodamusCommented:
Hi prd00,

I think virtualization is a bad idea for you. First you can't use ESX because even if you could afford it your hardware isn't on the HCL. That means ESXi is also out of the question. I don't know much about XenServer, but I reckon it would be a similar case. Second by using VMWare Server it adds another layer of complexity and resource demand. Third I think you will find after you finished setting it all up, because of the resource contraints I think you may find it runs very slow and unstable. I think you would be better off running it all as a dedicated server.

Regarding security yes seperating out the RADIUS server in to seperate VM will improve security however, the increase in resources required to acheive that will outweigh the security benefits you receive. Your better off buying a cheap PC and installing the RADIUS server on its own box and then put the RADIUS server in a DMZ.

I hope this helps.

Cheers
0
martin_2110Commented:
Performance wise Disk I/O especially you will take a good hit if you virtualize. The only good argument for you to virtualize that can think of is separation of applications. Either way
IMHO You are asking for problems running all that one server. I would by one or 2 more servers and at the very least separate out your database app and maybe your samba server. If you do virtualize im a fan of citrix xen server. Its free and sets up easy.
0
oztrodamusCommented:
Martin_2110 I'm not so sure. DHCP, DNS, LDAP, and RADIUS require very little in the way I/O, CPU and RAM. RAM is also cheap. I agree there could be a problem if generating a lot of reports with the accounting and sales software, but basic data entry requires very little. If the I/O isn't up to scratch with the demand buy a few extra HDD's and put them in a seperate RAID for the database. If there isn't any room in the case get an external RAID enclosure.

I imagine money is a concern. To buy a proper server would be expensive once you add licensing costs. Plus there are ongoing maintenance costs, and increased power costs. No to mention wether there is any physical space to store the servers available.
0
gtkfreakCommented:
For virtualization, you could also try VirtualBox from http://www.virtualbox.org
Set up is really easy.
0
prd00Author Commented:
@martin: It won't take much disk I/O. The worst one I imagine would be Samba serving spreadsheets and documents.

@oztrodamus: I already plan on RAID 1 system to protect the data. AMD770 has mix RAID system ability, to make as 160GB mirror, and the rest 160GB on my 320GB as empty space. So I will get one mirrored 160GB drive and one 160GB normal drive.

Current setup is that this computer is running Windows XP Workstation with VMware player for sales on Ubuntu Server 9.10 with 256MB virtual RAM, single vCPU, while serving files using XP file sharing system. But we plan to add accounting software early next month.
The celeron box is currently running Mikrotik router, with built in NAT, firewall, DHCP, and DNS.

But we are are getting a lot of phone calls only asking for our stock, and unit prices. Thought I guess would be easier if I open an VPN gateway and let them connect and see for themselves.


Did you mean I should add another computer for Radius? There is one P3 here, with 128MB RAM, but with faulty hard drive. I could replace the hard drive though..

So I guess the set up would be,
Celeron 400:
Gateway (NAT, firewall)  -> should I put dhcp/dns masq outside this gateway?

Phenom:
dhcp
dns
Apache / MySql / PHP
Samba

P3:
RADIUS/LDAP

I've done a bit of research on XenServer, and Xen recognize a realtek 8111, along with my intel e100, and also the onboard realtek 8139. Besides, Xen (not XenServer, but the Open Source one) could easily switch the kernel of Ubuntu 9.10 to an hypervisor, which would surely support all our hardware.

And, yes.. budget is a constraint. Computer parts are very expensive here. Even Intel 1000MT I found as low as $20 on newegg costs us around $50 here.  BTW, a side question, can ESXi run on 1000MT dual port? Will it show as one interface or two interfaces? I happened to see a second hand 1000MT at $80. Will it do any good for my purpose?

@tolomir & gtkfreak: I know of that, and planned that. The question is, to virtualize or to cram everything into one OS, given our limited resources.

Thank you
0
prd00Author Commented:
Sorry, if I was unclear, but the same computer, this AMD phenom/gigabyte computer, is currently running a Windows XP with file sharing, and I've made a VMware player running one ubuntu 9.1 server with spared 256MB RAM and 1 vCPU for our sales software without problem until now.
This is the computer that I plan to convert to a dedicated server. And if we need to virtualize, this is the one that will be virtualized. So, to virtualize, or not to virtualize?
0
oztrodamusCommented:
Becareful not to confuse RAID1 with backup. It's purpose is to provide fault tolerance for drive failure not fault tolerance for data corruption or accidental delet. To say you will have data protection is a misunderstanding of what you will truly have.

I think maybe I misunderstood what you were using your RADIUS for. Is your RADIUS server not for VPN? If it is I don't see why you can't put it on your Celeron 400 Firewall PC.

Your DHCP and DNS servers need to be Internal facing so you can put them on your Celerton 400 (Firewall) if you want to just remember to make sure you secure them against external access.

Phenom:
Apache / MySql / PHP
Samba

Celeron 400:
Gateway (NAT, firewall)
RADIUS
DNS (Internal interface)
DHCP (Internal interface)

ESXi has the same hardware requirements as ESX because they are the same core product. To know where it will be supported you need to check it against the HCL.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
prd00Author Commented:
Oh.. ok.. I could burn them to a DVD. They are not that much, less than 1GB when zipped. Thank you for remind me.

Yes.. the RADIUS is for VPN authentication, and I plan to integrate with LDAP along with Samba, so that internal and external user will retain their identification.

So, it means, that Celeron would retain its function. and mine will be converted as full server.

Ok. So it set. Thank you for helping.

BTW, I can't find Intel 1000MT Dual port on ESX HCL, but again, I don't know its chipset. Well, I don't need it anymore anyway. Doesn't matter. Thank you.
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Virtualization

From novice to tech pro — start learning today.