November 21, 20196 yr New to Unraid and even newer to VMs I have a download server that connects thru a VPN to a different country and it connects directly to my router. VPN is setup at the router level. I keep traffic on this VPN isolated from my home network. The VPN server itself has dual 1GbE NICs. Currently if I have to move data off of the VPN server onto my storage server, I have use teamviewer or trek to the basement with a USB drive. I'm not a fan of teamviewer for this as the files are typically 30 - 50 Gb in size and my understanding is that the data leaves my intranet, goes over the TV servers and then back to my other TV computer. This takes a long time and half the time the file transfer fails. I did have both NICs setup where one was on the home network with intranet access only and the other to the VPN connection.(VPN NIC1 192.168.x.x range with subnet mask 255.255.0.0, and intranet NIC 2 on the 10.0.x.x range with subnet mask 255.255.0.0. and blank default gateway). However I am concerned that "someone" could gain access to my home network thru the VPN connection into the switch or server and learn my true IP location. Teamviewer has a intranet only mode so this was used to transfer files from the server by connecting to NIC 2 from my storage server. It was much faster. With my new unraid build I'm looking to utilize SFP+ (or QSFP+) peer to peer connection to move files using Krusader along with protecting the anonymity of my home network IP address. Storage server is being upgraded to unraid. Would it make sense to combine the two boxes? If I combined both boxes with a windows 10 VM, I could isolate a GbE ethernet connection just for the VM and this would connect to my VPN. I plan on having a p2000 for transcoding. I would have an unassigned 2 TB SSD drive as the data drive for the VM. I need to virus check and malware scan before physically moving onto my storage server unraid array. Plan would be 14 x 12 TB shucked drives, parity two 12 TB, Cache - one for now but hopefully two in RAID1 1TB SSD or Nve (understand there is an issue with multiple Cache drives at the moment https://forums.unraid.net/topic/58381-large-copywrite-on-btrfs-cache-pool-locking-up-server-temporarily/ , one unassigned 2 TB SSD for VM. Mellanox MCX312C-XCCT ConnectX-3 Pro (dual port) and Mellanox MCX311A-XCAT ConnectX-3 (single port). Two of LSI 9300-8i or dell 9207-8i already in IT mode. Questions: 1. Ethernet connection - is is better to pass the physical connection thru to the VM. I understand this would mean the VM will communicate with the host as if it was a separate physical machine, going out the one NIC, down to router/switching infrastructure, and then back in. Or do I do it virtually - "When VMs utilize VirtIO, their is another distinct advantage in that networking between the host and guest can take place without traversing the copper wire. This allows for much faster throughput than the physical NIC hardware even supports at the port level. As an example, in mounting an SMB share to SSD-based cache pool from inside Windows VM, able to see IO throughput to the share exceed 250MB/s (that's megabytes, not bits)". I need to maintain anonymity with respect to the VPN connection and can't risk the download police tracing to get my true IP address and location. If the virtual connection puts me at risk for this then physical it is. If it is physical then I would need to add 1 dual port and 1 single port mellanox SFP+ cards to my server - dual port for unraid (one to switch and one to DAC with the other card) and one for VM (other end of the DAC). The VM would also need a second port for the ethernet connection to do the router VPN port. Virtual seems better but this is why I ask you guys 2. VM hard disk - from reading forums and watching spaceinvader's videos, I think the VM is stored and run on the cache drive? Does that mean the windows install takes up cache drive space? Or is it installed on a separate drive that is kept unassigned. For speed purposes I'd like to dedicate an unassigned 2TB SSD to the VM which will be the drive any content is downloaded to. Once it passed malware and antivirus scanning then I will move it over to the raid array. 3. VM GPU - I plan on having a p2000 for the plex docker and hardware transcoding. I've read that if the unraid server is in the middle of transcoding and the VM requests the GPU, everything will crash. Do I need a second GPU or can I pass thru the on-board GPU (obviously depending on what processor/motherboard is used)? I have a monitor in the rack that I plan on attaching the server to. Would I use teamviewer (LAN mode) to log into the win 10 VM and use it (headless mode) from my workstation? I think I would need to connect the unraid p2000 display port and motherboard DP/HDMI to a second port on the monitor to use as non-headless and flip the input button when switching back and forth? Is there such thing as an Unraid connector app for windows that would allow me to connect to the GUI from my workstation or do I just connect thru IP address in a web browser? 4. VM USB - I would like to dedicate a USB 3.0 port to the VM in case I need to utilize it. In order to use a USB keyboard and mouse in non-headless mode, do I have to pass it thru as well to the VM? I'm sure these are basic questions (except for the SFP+ DAC connection) and I thank everyone in advance for your answers/advice. I will post a separate build topic once I figure out the above.
November 22, 20196 yr Author So I realize this is a long post. Sorry. Over at serve the home I was given the suggestion to connect VPN to ccr sfp+ port. Connect sg350 to the other ccr port. Connect sg500x to sg350 via sfp+ instead of to the ccr. Connect storage server to open sfp+ port on sg500x. use Remote Desktop and have a rule on CCR that only allows traffic from workstation to the RDP port on your VPN server for control of the VPN instead of using teamviewer. Also set up the firewall to allow the unraid access to the VPN via LAN without exposing it to the VPN internet traffic. If the firewall gets setup correctly then I should be able to use the unraid krusader docker to mount a share of the VPN data drive?? Maybe it's easy....this is all new to me.
November 23, 20196 yr Author Current network https://content.invisioncic.com/r242699/monthly_2019_11/1756544085_ChannanNetworkupdated.png.98e2de3f5aada5cdeed1fb00fb3ae66d.png
Archived
This topic is now archived and is closed to further replies.