2

I've already asked such a question, but this is another server with new requirements.

Situation:

  • I need to run following operation systems:
    • Debian
    • Windows Server 2008
  • I got 2 IPs

I need to run Debian (for website and irc) and Windows Server (for an application which needs a lot of ram, almost as much as the server has), that's why I need a virtualisation method which does not waste memory.

I only have experience with a headless virtualbox installation. But I think XEN performance is much better, but would require a 3rd ip (1 for dom0 and 2 for the machines). But maybe NAT would be an option, I could use iptables as a firewall for windows and only forward specific ports. I know that vbox offers NAT but i think that xen offers this, too.

Which program would save memory? As far as i know Xen has a better performance than virtualbox and vbox is made for a desktop installation, not for a server use. But with vbox I only need one virtual machine: windows - the linux stuff can be installed on the host.

Additional I need a VPN tunnel to both the debian and windows machine, PPTP or OpenVPN, don't know if this can be installed @dom0 (xen).

Eliasdx
  • 277
  • 3
  • 13
  • As far as i know the ISP can give me one more IP for some small setup fee. Is it better to have 3 ips than to use NAT? – Eliasdx Sep 06 '10 at 20:48
  • It's not necessarily better or worse. If two IPs + NAT will let you do what you need, then that should be just fine. – EEAA Sep 06 '10 at 20:55

3 Answers3

3

Have you considered VMware ESXi? That's another zero-cost option. I would agree that for a server platform, VBox probably isn't your best option. I'd go with either Xen or ESXi, depending on your comfort level and the hardware you have to work with. If your hardware is on the VMware HCL, then ESXi is very easy to get installed and VMs up and running.

No matter what virtualization system you go with, you're going to need at least one IP for the VM host and probably one for each of your VMs. If you really only have two IPs to work with, I'd recommend using one for the host, and one assigned to a "WAN" interface of a PFsense VM (there's a pre-built VMware image). The other VMs will live on an internal vSwitch (or Xen's equivalent), along with the LAN interface of the PFSense VM. Then PFSense can take care of VPN (would only need to VPN "once", to the internal network and then would have access to both linux and windows VMs), port forwarding, routing, etc.

EEAA
  • 109,363
  • 18
  • 175
  • 245
  • +1 for a pfSense WAN guest that port-forwards to the other servers. This would require 1 public IP for the VM host and 1 for the pfSense guest, and would forward to an internal IP address range where the other servers' interfaces live. We run something similar under KVM, so +1 for @aleroot's answer too. – nedm Sep 06 '10 at 19:53
  • why not have the host also behind the firewall?! – lepole Sep 06 '10 at 20:25
  • Good question -- we run something similar in the DMZ so the entire thing is behind the gateway FW. But if you've got only one box and 2 IPs to spare, you could put this on the WAN if you had to. Using KVM, you can disallow all inbound traffic on the host's IP in IPTables but allow forwarding to the pfSense guest IP in bridged mode. While it doesn't allow any inbound traffic to the VM host, it still needs an IP on the interface to bridge to the guest. – nedm Sep 06 '10 at 20:42
  • @lepole, well you could, but what happens when/if your firewall VM crashes or gets misconfigured, locking you out? If you have some sort of OOB management on the server, you may be able to recover from this, otherwise you'd be in a world of hurt. – EEAA Sep 07 '10 at 03:26
2

For a linux host KVM+libvirtd+virt-manager is the best solution.

aleroot
  • 3,180
  • 6
  • 29
  • 37
1

Hyper-v is also a 0 cost option, and would allow you to use a greater range of hardware than esxi. You mention in the question that you need to run a windows instance that uses up almost as much ram as the server has. If you are going to run 3 vm's as someone else suggested (debian, pfsense- or an equivalent, and server 2008) I would worry about ram issues.

What I would suggest:

Forget virtualizing. Run the whole thing on windows 2008. For your website you can either use IIS or apache (I'd personally stick with IIS), you can use an IRC daemon like weircd.

For a VPN you can simply configure an SSTP tunnel. (unless your website requires SSL)

Jim B
  • 24,081
  • 4
  • 36
  • 60