Would this Unraid configuration work?


Recommended Posts

Hello,

 

I've been struggling with how to configure Unraid to work how I need it to.  Thanks to members answering my questions in the past.  I've never come up with a solution that looked like it would work, but I think I might have now and am looking for feedback and advice on how to make it a reality.

 

Problem:

 

I work on confidential IP and I don't trust OS-resident security solutions and can't use a more advanced external firewall for various reasons like needing to be mobile at times.  I think I need a self-contained (single workstation-based) solution based on virtualization where security (basically firewall) is handled on an external VM.

 

Currently I use (used for over a decade) Vmware Workstation where there's a 'clean' Windows host with quasi-advanced firewall monitoring & rules (WindowsFirewallControl is an app that helps a lot) and I access protected IP by running guest VM containers configured with a combination of limited or disabled internet access and encryption.  This has worked well enough but the issue with this is Workstation doesn't provide GPU-passthru and recent versions of the CAD apps I use pretty much require modern GPU capabilities and have prevented me from upgrading.  I'm stuck using dated 2014 CAD & design apps which has become too limiting.  At least this has allowed me to work within the corporate network rules often imposed on me, but I'm looking for something better.  I've experimented with Unraid, but the RDP-based approaches to high-speed graphics haven't seemed to work well for me in the past.  I'm currently running an 8700K w/64GB RAM + GTX1080, with only one monitor as my workstation.  Intel graphics & VT-d are available, and I've gotten my monitor's KVM switch working to access the iGPU & GTX, but it's too unreliable to use (apparently BIOS primary monitor selection issues).  The core problem I'm having with Unraid seems to be that there doesn't seem to be any workable KVM-switch hardware equivalent in software.

 

Proposed solution:  (disclaimer, I'm not an unraid or Linux expert, just a Windows guy.  Sorry.)

 

Set up Unraid to auto-boot a primary VM which is assigned to the GTX1080 GPU & monitor, and another headless background VM (Linux or Windows based, shouldn't matter) that acts as a support layer and provides routing/firewall and other services to the primary VM.  So I should get near-metal performance and functionality on the primary VM and could access the host & support-VM, where high-performance graphics isn't as important, via RDP or web interfaces. (right?)

 

Would this work?  I'm a bit stuck on how I'd configure the thing, including routing the network from a virtual NIC on VM1 thru to VM2, etc.  Since I'm not an advanced user, this has been my sticking point.  I can't afford to invest a lot of hours in dead-ends like in the past so I'm hoping that by reaching out to the Unraid community I might be able to leverage you guy's expertise and get feedback on whether this idea is wack and if not, perhaps some pointers on how to set it up.  A potential issue is I'd like my Windows Server 2012R2 'Server Essentials' on my external server solution to backup the whole workstation if possible.

 

Thanks for reading.  Feedback & suggestions welcome...

@SpaceInvaderOne?

Edited by Dav3
Link to comment

Your use case is extremely niche and specific for anyone to give you a concrete yay or nay really.

What I can tell you is:

  • It is possible to daisy-chain (for a lack of better terms) VMs internet connection i.e. using 1 VM as the gateway for the other VM.
  • It is possible to use 1 VM as a proxy for another VM (e.g. using privoxy).
  • It is possible to pass through 1 NIC to each VM and physically plug 1 VM NIC to the other VM NIC to "share" Internet with a physical connection - similar to how a router works (of course, assuming IOMMU and pass-through support).

I have done all 3 in the past so I'm pretty sure they work with the right setup.

 

What I can NOT tell you is whether your firewall management will work because I have never done it. It looks like you might need some advanced networking config know-how.

Link to comment

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.