BassThatHz Theater Build - Page 34 - AVS Forum | Home Theater Discussions And Reviews
Forum Jump: 
 74Likes
Reply
Thread Tools
post #991 of 1025 Unread 01-15-2017, 04:52 AM - Thread Starter
AVS Forum Special Member
 
BassThatHz's Avatar
 
Join Date: Apr 2008
Location: Northern Okan range (NW Cascades region)
Posts: 7,202
Mentioned: 69 Post(s)
Tagged: 0 Thread(s)
Quoted: 2031 Post(s)
Liked: 1547
Got the pfsense proxy/firewall working now within the vmware system.

Fairly straight forward. You add two vnic's to the VM.
One as the WAN and the other being purely virtualized (or if you want to jump out of the host then you'd make it a physical mapping, possibly as a third vnic to further control and isolate internal VM servers vs other hosts, or to that of a less secure wifi network etc.)


Haven't really had a chance to play with it yet.
Attached Thumbnails
Click image for larger version

Name:	pf.jpg
Views:	676
Size:	134.2 KB
ID:	1896225  

Last edited by BassThatHz; 01-15-2017 at 08:28 PM.
BassThatHz is offline  
Sponsored Links
Advertisement
 
post #992 of 1025 Unread 01-15-2017, 08:16 PM - Thread Starter
AVS Forum Special Member
 
BassThatHz's Avatar
 
Join Date: Apr 2008
Location: Northern Okan range (NW Cascades region)
Posts: 7,202
Mentioned: 69 Post(s)
Tagged: 0 Thread(s)
Quoted: 2031 Post(s)
Liked: 1547
I've backed up my primary boot drive to my primary backup drive, and also my secondary active-hot backup drive and my off-grid backup drive.


I also bought this gigabit wireless router/firewall from the local thrift shop, as I don't have a
crossover cable and ESXi only works with on-board wired nics/lans.

It's a dedicated LAN just for accessing the VM stuff, it's not connected to the internet at all and I have disabled the wifi transceiver.
[My internet connection is on (and comes from) an entirely different physical nic / lan.]


Since ESXi 6.5 is only 5GB installed and requires a whole drive to itself, I bought a 16GB microSD... so this now becomes my new USB boot drive.

This then launches as many VM's as I want from the internal SSD's.

Using a microSD drive is fine because ESXi doesn't read/write to the disk often. Once booted it mostly lives in RAM, and talking to the SSD's. Only when you change configurations or create log events does it write anything to the card. It only reads a few megabytes during boot.

They now make 256GB microSD's, which is more than enough disk space to store many linux or even full Windows installs.
Your entire data center fitting between your fingertips. So long as you don't mind the slow boot and general I/O lag.

Technology keeps getting smaller and smaller. It is mind blowing... [ALIENS!!! LOL]
Laptops can now hold upwards of 32GB of RAM and 3000MB/s M.2 1TB SSD drives; this makes the idea of
a "portable data center" a possibility for the first time EVER (one that runs off a battery for a solid hour and fits in your carry-on).
[As long as you don't need huge CPU horsepower to go with all that disk speed and RAM I suppose...]

I would not be surprised if someone somewhere has already tried it. (I'm sure there is a business-case for it somewhere...)

With the exception of my gaming rig, one of my end goals is to have an entirely fanless computer infrastructure. I don't know about you but I'm tired of having a bulky desktop box and hearing fans whizzing when I'm not gaming.

Step 1) Implement the power of Virtualization.
Step 2) Run everything on fanless gear.
Step 3) Enjoy as many OS's as I want, however I want it, whenever I want it, wherever I want it.

Without noise, with maximum IT security and maintainability.
No potential for data loss, OS corruption or viruses.
Pause/backup/restore/rollback, scale up/scale out etc etc.
Attached Thumbnails
Click image for larger version

Name:	1hq991.jpg
Views:	629
Size:	43.7 KB
ID:	1897593   Click image for larger version

Name:	54367.jpg
Views:	631
Size:	135.8 KB
ID:	1897609   Click image for larger version

Name:	543.jpg
Views:	628
Size:	143.2 KB
ID:	1897713  
BassThatHz is offline  
post #993 of 1025 Unread 01-16-2017, 01:14 AM - Thread Starter
AVS Forum Special Member
 
BassThatHz's Avatar
 
Join Date: Apr 2008
Location: Northern Okan range (NW Cascades region)
Posts: 7,202
Mentioned: 69 Post(s)
Tagged: 0 Thread(s)
Quoted: 2031 Post(s)
Liked: 1547
Here is the admin interface. You can monitor and configure the VM's from a web browser.


As you can see, Windows 2012 R2 64Bit Data Center doesn't consume a lot of resources. So you can host many different OS's all at once without much issue.
About 10gb disk space initial install, and 0-100mhz of CPU at idle, and 0.5 to 2.5GB of ram.
With the 64GB of ram that I have, I could host about ~32 of these OS's at once.
I can't imagine running more than 10 at once for a home system.

You can dive into a specific VM.


You can remotely view and control the OS from the web browser.


You can modify its settings:
Attached Thumbnails
Click image for larger version

Name:	4.png
Views:	597
Size:	65.2 KB
ID:	1898153   Click image for larger version

Name:	3.png
Views:	596
Size:	82.7 KB
ID:	1898161   Click image for larger version

Name:	2.png
Views:	595
Size:	183.8 KB
ID:	1898169   Click image for larger version

Name:	1.png
Views:	598
Size:	187.3 KB
ID:	1898177  
BassThatHz is offline  
 
post #994 of 1025 Unread 01-16-2017, 03:08 AM
Advanced Member
 
Join Date: Jan 2015
Posts: 796
Mentioned: 7 Post(s)
Tagged: 0 Thread(s)
Quoted: 454 Post(s)
Liked: 47
BTH, what is the purpose of all of this high tech IT stuff that you are running?
Tip24/96 is offline  
post #995 of 1025 Unread 01-16-2017, 11:33 PM - Thread Starter
AVS Forum Special Member
 
BassThatHz's Avatar
 
Join Date: Apr 2008
Location: Northern Okan range (NW Cascades region)
Posts: 7,202
Mentioned: 69 Post(s)
Tagged: 0 Thread(s)
Quoted: 2031 Post(s)
Liked: 1547
Quote:
Originally Posted by Tip24/96 View Post
BTH, what is the purpose of all of this high tech IT stuff that you are running?
Have you not read my last 10 posts?

They already made clear last year what they are going to be doing to us:


and this is not just one country, but every country doing it to each other as well, both state-level and civilian-level wide surveillance.

-The number of viruses is at an all time high (and growing)
-Windows security is at an all time low (i.e. Windows 10)
-Anonymous is hacking people left, right and center.
-Hilary lost 50,000 emails to hackers
-Yahoo just lost 1 billion passwords. That's not a small number, that is pretty much the whole earth's password.

The list goes on.
and that is just the security list...
there are other list types, of equal size and of equal importance.

I'm beefying up my home to a data-center level of security.

My system will have 7 firewalls. 5 Linux-based and 2 Windows based.

2 levels of BIOS passwords, 2 levels of Secure Boot Encryption, VM Boot Sector CRC + VM Encryption. Possibly BitLocker OS Encryption and TrueCrypt disk encryption and TrueCrypt file encryption.

In a real data center they typically have data-base table or field level encryption too, as well as 2 or 3 layers of network encryption.

That's what we used when I was working for the government. TS/SAP/SCIF stuff etc

In some cases the computers wouldn't even be connected to the internet, or any network.
They only exist as a single physical box. You had to be physically in front of it, inside a locked vault, in side of several locked rooms, inside of a locked building, down a underground locked elevator, inside of locked parking, inside of a locked gate, with guards and cameras everywhere etc etc etc.
Very Area51-esque you could say.

Try breaking into that one, bet you won't even make it in, let alone out.

So I suppose it all depends on "how far" you want to take your security. The above is certainty an extreme example, albeit very real.
Is anything ever really secure? Who knows... maybe, maybe not...
Attached Thumbnails
Click image for larger version

Name:	1hsrjz.jpg
Views:	557
Size:	33.2 KB
ID:	1900305  
jason171717 likes this.

Last edited by BassThatHz; 01-16-2017 at 11:41 PM.
BassThatHz is offline  
post #996 of 1025 Unread 01-17-2017, 12:33 AM
AVS Forum Special Member
 
notnyt's Avatar
 
Join Date: Dec 2008
Location: Long Island, NY
Posts: 7,839
Mentioned: 176 Post(s)
Tagged: 0 Thread(s)
Quoted: 2152 Post(s)
Liked: 1980
notnyt is offline  
post #997 of 1025 Unread 01-17-2017, 03:19 AM
Senior Member
 
Raylon's Avatar
 
Join Date: Dec 2015
Location: Chicagoland
Posts: 310
Mentioned: 9 Post(s)
Tagged: 0 Thread(s)
Quoted: 192 Post(s)
Liked: 147
And all this security to protect what, your home videos? Facebook passwords? I guess I just don't understand the crazy security. If someone wants to go ahead and steal my Facebook password and make posts then whatever.
Raylon is online now  
post #998 of 1025 Unread 01-17-2017, 11:50 AM
Member
 
bossdog304's Avatar
 
Join Date: Aug 2013
Location: MN
Posts: 106
Mentioned: 4 Post(s)
Tagged: 0 Thread(s)
Quoted: 55 Post(s)
Liked: 57
Might be a little overboard, but I watched the Jon Oliver segment on security. Pretty eye opening stuff, people can hack your phone and listen to who you are talking to without being aware, take pictures, all domestic emails, texts, picture messages are purposely sent out of the country and back so they can be filed, catalogued, and read.
bossdog304 is online now  
post #999 of 1025 Unread 01-17-2017, 02:19 PM
Senior Member
 
jason171717's Avatar
 
Join Date: May 2015
Location: Ontario,Canada
Posts: 328
Mentioned: 0 Post(s)
Tagged: 0 Thread(s)
Quoted: 115 Post(s)
Liked: 49
Actually a completely fan-less system is not very hard to do now, take the modern Skylake or if you wanted to go slightly newer the Kabylake CPUs and they are able to run on passive air cooling without a problem, which means that you could use the UEFI on most of the new motherboards and set it so that the fans only run in around the 50C area which is pretty good, or you could go completely passive at the detriment to gaming performance, then most of the newer GPUs have the ability to run fans off for hours of non load situations, the only problem here is that there is always the VRM set on the motherboard that usually get the benefit of the CPU coolers fans, but if you keep a fan in there and use it when things start to heat up it would be more than fine. Take for example the older (in computer parts age) GTX 970 that I am currently running. It has two fans that are near silent when on, but they do not run even when the computer is doing anything but serious rendering, gaming, and other GPU based workloads. You could also go with a complete CWC system, that takes advantage of the lower RPM larger fans that you would be able to use for a warm system, skunkworks is one of the systems that come to mind for SPL ( this link is an older video of his but the system is still there
)
jason171717 is offline  
post #1000 of 1025 Unread 01-17-2017, 08:05 PM - Thread Starter
AVS Forum Special Member
 
BassThatHz's Avatar
 
Join Date: Apr 2008
Location: Northern Okan range (NW Cascades region)
Posts: 7,202
Mentioned: 69 Post(s)
Tagged: 0 Thread(s)
Quoted: 2031 Post(s)
Liked: 1547
I'm not being paranoid, I know what some of these spy systems can do because I helped the government build one of them!
Does that make me a self-cutting/loathing hypocrite? ABSOLUTELY...

Quote:
Originally Posted by Raylon View Post
And all this security to protect what, your home videos? Facebook passwords? I guess I just don't understand the crazy security.
There are different levels of security based on the type of data.

For most people it would be:
Bank account access, Banking info, Tax forms, Passwords, Resumes, Letters of Reference, Digital Signatures, and anything else that can be used to steal and impersonate your identity. Things like Facebook may fall into that category. Or if you are cheating on your wife then perhaps the dating sites and chat logs. Like the Ashley Madison leak of recent. LOL (of course you can't do anything about third-party sites like that because it is beyond your ability to control!)

For the government, the list is absolutely huge:
Nuclear launch codes, satellite logins, all the technical specs of gear and systems, war plans/deployments, and operative locations, Medical records, Tax records, Radar signatures, the list goes on...

Obviously they have things that are far more important to protect than you and I do.

That's why in order to get a security clearance, you need:
-No criminal records (in the FBI/DHS and CSIS/RCMP databases, and any other local or international ones that apply.)
-No fraud, small claims, or major driving records
-Credit in good standing
-Can't live in the same house as anyone who does
-Can't have friends who do either
-No lies on your application form (employment history, education, resident history, birth records, travel records.)
-In some cases you have to list your friends, neighbors and family members on the application form. Both current and past. You and them are all subject to interviews.
-Polygraph tests
-Renewed every 5 years (or in some cases: every year)

They say that 25% of applicants are rejected before even starting a deep dive, because of: lies and offences and various un-good records.

As a result, only 0.1% of the population hold a clearance level of any kind.

Sorry Weird Al, but: Application Denied
...LOL!
jason171717 likes this.
BassThatHz is offline  
post #1001 of 1025 Unread 01-18-2017, 09:47 AM
Senior Member
 
jason171717's Avatar
 
Join Date: May 2015
Location: Ontario,Canada
Posts: 328
Mentioned: 0 Post(s)
Tagged: 0 Thread(s)
Quoted: 115 Post(s)
Liked: 49
Quote:
Originally Posted by BassThatHz View Post
I'm not being paranoid, I know what some of these spy systems can do because I helped the government build one of them!
Does that make me a self-cutting/loathing hypocrite? ABSOLUTELY...



There are different levels of security based on the type of data.

For most people it would be:
Bank account access, Banking info, Tax forms, Passwords, Resumes, Letters of Reference, Digital Signatures, and anything else that can be used to steal and impersonate your identity. Things like Facebook may fall into that category. Or if you are cheating on your wife then perhaps the dating sites and chat logs. Like the Ashley Madison leak of recent. LOL (of course you can't do anything about third-party sites like that because it is beyond your ability to control!)

For the government, the list is absolutely huge:
Nuclear launch codes, satellite logins, all the technical specs of gear and systems, war plans/deployments, and operative locations, Medical records, Tax records, Radar signatures, the list goes on...

Obviously they have things that are far more important to protect than you and I do.

That's why in order to get a security clearance, you need:
-No criminal records (in the FBI/DHS and CSIS/RCMP databases, and any other local or international ones that apply.)
-No fraud, small claims, or major driving records
-Credit in good standing
-Can't live in the same house as anyone who does
-Can't have friends who do either
-No lies on your application form (employment history, education, resident history, birth records, travel records.)
-In some cases you have to list your friends, neighbors and family members on the application form. Both current and past. You and them are all subject to interviews.
-Polygraph tests
-Renewed every 5 years (or in some cases: every year)

They say that 25% of applicants are rejected before even starting a deep dive, because of: lies and offences and various un-good records.

As a result, only 0.1% of the population hold a clearance level of any kind.

Sorry Weird Al, but: Application Denied
...LOL!

BTW that was the 1000th post in this thread...
jason171717 is offline  
post #1002 of 1025 Unread 01-18-2017, 04:12 PM
Member
 
BP1Fanatic's Avatar
 
Join Date: Jan 2010
Location: Columbus, Oh
Posts: 79
Mentioned: 0 Post(s)
Tagged: 0 Thread(s)
Quoted: 9 Post(s)
Liked: 18
Wow!
BP1Fanatic is offline  
post #1003 of 1025 Unread 01-18-2017, 07:04 PM - Thread Starter
AVS Forum Special Member
 
BassThatHz's Avatar
 
Join Date: Apr 2008
Location: Northern Okan range (NW Cascades region)
Posts: 7,202
Mentioned: 69 Post(s)
Tagged: 0 Thread(s)
Quoted: 2031 Post(s)
Liked: 1547
I had a problem with ESXi, it can't read NTFS volumes.
But it can mount raw drives as vdisks.

To do that you have to enable SSH on the ESXi console.

Then putty into it as root and run these two commands:
ls -l /vmfs/devices/disks
vmkfstools -z /vmfs/devices/disks/diskname /vmfs/volumes/datastorename/vmfolder/vmname.vmdk

Then disable SSH, and attach the vdisk to a Windows VM via a vSCSI adapter, then in Disk Management bring the drive online.
From there you can open the vCenter in that Windows VM and upload any large NTFS or existing VM's to VMFS6 file system
, or perform actions on any NTFS files via normal Windows processes.
(I suppose an external USB drive would have worked too, but hella slow.)

Kind of a pain, I've never had this problem before as I've never had my large NTFS files on the same host that's running ESXi.

Last edited by BassThatHz; 01-18-2017 at 07:45 PM.
BassThatHz is offline  
post #1004 of 1025 Unread 01-19-2017, 11:00 PM - Thread Starter
AVS Forum Special Member
 
BassThatHz's Avatar
 
Join Date: Apr 2008
Location: Northern Okan range (NW Cascades region)
Posts: 7,202
Mentioned: 69 Post(s)
Tagged: 0 Thread(s)
Quoted: 2031 Post(s)
Liked: 1547
Work is keeping me busy. Nice to get out of the lab, although briefly...

Working on some new pressure sensor and laser sensor related stuff ATM. That's about all I can say about that...
BassThatHz is offline  
post #1005 of 1025 Unread 01-19-2017, 11:31 PM
Senior Member
 
Join Date: Dec 2011
Location: Spokane, Wa
Posts: 262
Mentioned: 4 Post(s)
Tagged: 0 Thread(s)
Quoted: 93 Post(s)
Liked: 30
HZBASS said this
"But it can mount raw drives as vdisks.

To do that you have to enable SSH on the ESXi console.

Then putty into it as root and run these two commands:
ls -l /vmfs/devices/disks
vmkfstools -z /vmfs/devices/disks/diskname /vmfs/volumes/datastorename/vmfolder/vmname.vmdk".

This is what can happen when u are removed from deep bass for too long.
Not really funny
cellarnoise is online now  
post #1006 of 1025 Unread 01-20-2017, 04:21 PM
Senior Member
 
dkersten's Avatar
 
Join Date: Oct 2013
Posts: 217
Mentioned: 4 Post(s)
Tagged: 0 Thread(s)
Quoted: 80 Post(s)
Liked: 129
I'm not one to judge overkill, and frankly I have a lot of appreciation for what you are setting up. But even as an IT manager who deals with security issues every day, I am having a hard time seeing the point of it all.

Hackers go for low hanging fruit or a big payoff. Anyone with the most basic of best security practices are not low hanging fruit, so it begs the question of what you have that is worth all that effort to protect? A business has a huge amount of liability, not because their data is important, but because their data contains YOUR data, and if it gets out you and all the others have good grounds for a big lawsuit. One person's personal info is not worth much, a million people's info is.

If you are worried about securing files, just drop them on an encrypted thumb drive and stick the drive in your safe. Only access them on a computer that is not connected to a network. Problem solved. As for anything else, such as online banking or passwords for other sites, well, you can have your end as secure as possible, but at some point you are putting your data packets out there on public internet and relying on the other end to do their part in keeping your data secure. If they aren't doing their job (and they aren't doing it very well) then perhaps you are barking up the wrong tree...

Just my 2 cents..
baniels and nlpearman like this.
dkersten is offline  
post #1007 of 1025 Unread 01-21-2017, 12:50 PM - Thread Starter
AVS Forum Special Member
 
BassThatHz's Avatar
 
Join Date: Apr 2008
Location: Northern Okan range (NW Cascades region)
Posts: 7,202
Mentioned: 69 Post(s)
Tagged: 0 Thread(s)
Quoted: 2031 Post(s)
Liked: 1547
I just exceeded 1TB the other week.

These drives are fairly old but not often used. I had bought 3 2TB drives back in 2010 for ~$500, so they are about 7 years old.
So I'm just above 50% capacity now.

If I keep making 4K videos and keeping local copies of them then I will need to increase my capacity, for that activity at least...
I've been holding off until the day that 3TB SSD's become affordable, another 1-2 years and we might be there.
I don't archive blurays or games, so no need for 100's of TB's or anything crazy.

Doing a full-disk triple-backup right now. These aren't SSD's so it is Turtle speed.
Attached Thumbnails
Click image for larger version

Name:	123.png
Views:	394
Size:	200.9 KB
ID:	1910361  
BassThatHz is offline  
post #1008 of 1025 Unread 01-21-2017, 01:08 PM - Thread Starter
AVS Forum Special Member
 
BassThatHz's Avatar
 
Join Date: Apr 2008
Location: Northern Okan range (NW Cascades region)
Posts: 7,202
Mentioned: 69 Post(s)
Tagged: 0 Thread(s)
Quoted: 2031 Post(s)
Liked: 1547
Quote:
Originally Posted by dkersten View Post
I'm not one to judge overkill, and frankly I have a lot of appreciation for what you are setting up. But even as an IT manager who deals with security issues every day, I am having a hard time seeing the point of it all.

Hackers go for low hanging fruit or a big payoff. Anyone with the most basic of best security practices are not low hanging fruit, so it begs the question of what you have that is worth all that effort to protect? A business has a huge amount of liability, not because their data is important, but because their data contains YOUR data, and if it gets out you and all the others have good grounds for a big lawsuit. One person's personal info is not worth much, a million people's info is.

If you are worried about securing files, just drop them on an encrypted thumb drive and stick the drive in your safe. Only access them on a computer that is not connected to a network. Problem solved. As for anything else, such as online banking or passwords for other sites, well, you can have your end as secure as possible, but at some point you are putting your data packets out there on public internet and relying on the other end to do their part in keeping your data secure. If they aren't doing their job (and they aren't doing it very well) then perhaps you are barking up the wrong tree...

Just my 2 cents..
I generally agree.
There is only so much a person can do, especially when you have to keep the system connected to the internet.
But doing nothing or too little is usually far worse than doing a step too much.

Right now my system is fairly insecure. I've been using what I would call a "power-user" level of security, which is just one notch above Grandma's level of security.

By adding a home-based AD domain, a pfsense proxy/firewall, all on an ESXi ring-0 host, that greatly increases the internal and internet security of my whole house; and makes things very easy to maintain.
Bringing me closer to a Data-Center level of security.
ESXi is free, pfsense is free, and I'm sure you can find ISO's of whatever Microsoft OS you want to run (for "free" )

Those that run Windows with Updates and anti-virus software (as I proved a few posts back), WILL eventually still get a nasty virus and/or hacked, and depending on how malicious... they could lose up-to: everything. Surfing the internet with Chrome, IE or Firefox is just a disaster waiting to happen. Office Outlook email attachments, and surfing game/app download sites and pron sites, is also a disaster waiting to happen. They will likely be "forced" to reformat and lose it all (after having it potentially stolen too).

Because: they got lazy and didn't make any backups at all, and they also didn't know that Windows Updates with any AV and a non-enterprise-grade firewall don't protect as much as they thought it does!

If Windows ever has a hissy fit, I just roll back the VM to a known-good snapshot, and it "just works" again all within like ~2 minutes.

If I want to add 3 8TB drives and a 3TB SSD, I can do that, without having to reinstall any of my OS's, ever...
In the future as they come out with bigger and faster SSD's I just put them in, and with a few mouse clicks in ESXi it: "just works!"

Say for example a 64TB SSD, in the time it takes to transfer the VM files from the old SSD to the new. Which at +550mb/s wouldn't take very long...

Last edited by BassThatHz; 01-21-2017 at 01:38 PM.
BassThatHz is offline  
post #1009 of 1025 Unread 01-21-2017, 02:13 PM - Thread Starter
AVS Forum Special Member
 
BassThatHz's Avatar
 
Join Date: Apr 2008
Location: Northern Okan range (NW Cascades region)
Posts: 7,202
Mentioned: 69 Post(s)
Tagged: 0 Thread(s)
Quoted: 2031 Post(s)
Liked: 1547
Back in 2009, do you know how the virus got me?

I was surfing the net with a browser, I think it might have been AVS actually, and an Advert image was infected with god knows what, and it nuked the browser.

Just opening the website and clicking nothing was all it took.

The virus infected about 700GB's of my files, it hit everything. I lost all music, apps, and YT vids, all partitions, just EVERYTHING. It hit all DLL's, EXE's, JPG/PNG/MP3/MP4/DOC etc etc.

I was running AVG with all the newest Updates for everything, the Windows firewall was on, I was behind my ISP's firewall and my gateway firewall and router firewall, and all unnecessary services were turned off, and it still got me, because of: the browser.

So now I only surf the internet in a virtual machine with Ad-block extension on.
I test all software in the VM before being promoted to a dedicated APP's VM or a temporary VM or the host.
This has worked for me from 2009 until today.
The VM Workstation has blocked quite a few pieces of spyware and malware in those years from getting me.

For the firewall:
No in-bounds ports are open. The only out-bound ports I open are for DNS and 80/443; and only for Chrome.exe; all other apps are out-bound blocked (unless I say otherwise!)
It is pretty Nazi-ish firewall rules, but it seems to work well, at least as a first line of defence.

ESXi + a pfsense proxy/firewall is a natural evolution from here... the key is changing 80/443 to something else and then blocking those standard ports.

Last edited by BassThatHz; 01-21-2017 at 02:21 PM.
BassThatHz is offline  
post #1010 of 1025 Unread 01-21-2017, 02:51 PM
Bass Enabler
 
Scott Simonian's Avatar
 
Join Date: Oct 2001
Location: Clovis, CA
Posts: 21,051
Mentioned: 153 Post(s)
Tagged: 0 Thread(s)
Quoted: 5282 Post(s)
Liked: 4165
Damn dude. You're hardcore.
Scott Simonian is online now  
post #1011 of 1025 Unread 01-22-2017, 01:09 AM
AVS Forum Special Member
 
bgtighe23's Avatar
 
Join Date: Sep 2014
Location: Houston, Texas
Posts: 2,923
Mentioned: 12 Post(s)
Tagged: 0 Thread(s)
Quoted: 1504 Post(s)
Liked: 837
Quote:
Originally Posted by Scott Simonian View Post
Damn dude. You're hardcore.
Attached Thumbnails
Click image for larger version

Name:	IMG_0836.PNG
Views:	39
Size:	44.9 KB
ID:	1911537  

_____ _____ _____ _____ _____ _____ _____ _____ _____ _____ _____
Receiver : Denon x5200
Front Stage : Martin Logan Motion 60XTs/Elac Debut F5 Center
Surround Speakers : HTD Level 3 Towers/RBH R5Bi Front and Rear Heights
Subwooferage : Dual UM-18s/6 SI HT18s
Born in 1995 and still continuing my HT journey
bgtighe23 is offline  
post #1012 of 1025 Unread 01-22-2017, 01:16 AM - Thread Starter
AVS Forum Special Member
 
BassThatHz's Avatar
 
Join Date: Apr 2008
Location: Northern Okan range (NW Cascades region)
Posts: 7,202
Mentioned: 69 Post(s)
Tagged: 0 Thread(s)
Quoted: 2031 Post(s)
Liked: 1547
I think I have pretty much maxed out the capacity of this old SSD already. Even though I under-provisioned all of the OS's like crazy. LOL!

75GB for 6 VM's ain't bad though. I think I could drop that down even further by turning off Hib, Restore and vmem files. (Which I usually do.)
When running VM's, Windows Restore is completely unneeded, and usually a VERY bad thing... compared to VM Snapshots or full VM-file backups.


Looks like I'll have to get another 512GB or 1TB SSD, because as soon as I start loading apps onto these APPS-VM's it will easily climb to 100GB for each of those.
I don't want to touch my existing 512GB SSD as that is my old "physical" boot, even though it is triple backed up, I don't want to take any risk of nuking it (not at this time at least.)

The other VM's only consume about 10GB each because they don't have apps on them, just configurations-only.
The Browser VM having Chrome as the only third-party app (which doesn't consume a lot of disk space obviously.)

Looks like Win7 is the biggest memory hog, I assigned the APP VM's 12GB each, and it used 3.2GB just booting the base install.

The RAM usage may climb as high as 20GB under load.

VM tools are installed on all Windows OS's here, which drops the CPU usage to a few MHz, leaving lots of GHz for the two main APPS VM's.
So there you have it, even more reason to never use physical boxes (except for gaming and audio that is...)
Attached Thumbnails
Click image for larger version

Name:	1.png
Views:	362
Size:	78.6 KB
ID:	1911529  

Last edited by BassThatHz; 01-22-2017 at 01:23 AM.
BassThatHz is offline  
post #1013 of 1025 Unread 01-22-2017, 05:05 PM
Senior Member
 
dkersten's Avatar
 
Join Date: Oct 2013
Posts: 217
Mentioned: 4 Post(s)
Tagged: 0 Thread(s)
Quoted: 80 Post(s)
Liked: 129
Definitely some benefits to what you are doing..

Are you running this all from one box, or are you running thin clients around the house, NAS or SAN units for storage, etc. ?

I have a gen4 HP server lying around, because it was too old for newer versions of Linux at work so I retired it.. I considered bringing it home and dropping it in my rack, and run an unused copy of 2008R2.. I could run hyperv's for an NVR, for htpc, and for NAS, and still have the processor and memory for some VMWare or Citrix for client machines. It's got 5 hotswap bays (SAS only I think, unfortunately), and room for I think 256gb of ram. I just don't like the size of the box (4u and I think 26" deep) or the noise.. When all those fans ramp up, it's ungodly how loud it is. My rack right now is fairly quiet and I can't hear it through the wall, but I am hesitant to throw a server in it and end up hearing it in the theater..
dkersten is offline  
post #1014 of 1025 Unread 01-22-2017, 05:43 PM
Advanced Member
 
rlhaudio's Avatar
 
Join Date: Jun 2010
Location: Michigan
Posts: 905
Mentioned: 3 Post(s)
Tagged: 0 Thread(s)
Quoted: 295 Post(s)
Liked: 83
The hackers and gov't can gain access through other means. Your P.C. is only one way, they can use "Smart" devices. Ie, TV, Blu Ray Player, PS4, Xbox One and list goes on and on. Some of those devices have cameras and ALL with Voice Activation have Microphones that can be activate remotely. Hell, most people have no clue their Mic on ON when playing Xbox Online (with Kinect) I was listening to the wife complain on the phone about her diarrhea then talking to her husband. I told them I can hear everything and of course the husband was perplexed. Of course the wife is in panic mode, finally I told them it was their Kinect device which they unplugged. You can also turn it off in the settings. That's just one example, Smart devices are not always the safest items to buy if your worried about privacy.
With our dependence on technology its almost impossible to block someone from your info. unless you cut your power line. lol

Marantz 7702mk2, Panasonic 8000 w/ 130" AT Screen HTPC w/30 tb
DIY QSC SC-2150 L,C,R (10) QSC SR-8101 sides, rears & atmos/dst-x
DIY (4) Fusion Tempest
DIY (2) UM 15 "Sub's (4) SI 18's (2) PA460 mbm
Dayton Titanic MK4 & B&W ASW 855 both subs for sale
rlhaudio is offline  
post #1015 of 1025 Unread 01-23-2017, 01:42 PM
Member
 
BP1Fanatic's Avatar
 
Join Date: Jan 2010
Location: Columbus, Oh
Posts: 79
Mentioned: 0 Post(s)
Tagged: 0 Thread(s)
Quoted: 9 Post(s)
Liked: 18
Agreed!
BP1Fanatic is offline  
post #1016 of 1025 Unread 01-23-2017, 08:25 PM - Thread Starter
AVS Forum Special Member
 
BassThatHz's Avatar
 
Join Date: Apr 2008
Location: Northern Okan range (NW Cascades region)
Posts: 7,202
Mentioned: 69 Post(s)
Tagged: 0 Thread(s)
Quoted: 2031 Post(s)
Liked: 1547
Quote:
Originally Posted by dkersten View Post
Are you running this all from one box?
Yes.
Dual nics, sitting between primary router and Internet modem.
pfsense VM sitting between them as the first line of defence for the whole house.
Which is running inside nested vLANs, and bridged with vNics just to add another layer of obscurity.

The management LAN on an entirely different physical-nic, also nested inside yet another (dedicated) vLAN.

The only way to control the root of my server is to be IN my house physically at the keyboard, and with the password(s).

With the exception of perhaps breaching ESXi 6.5 ring-0 itself from within a given VM past all those firewalls and natted LANs, bridges and proxies. (Seems highly-unlikely for anyone except maybe the NSA or CIA.)

Easier for them to just pick the front door lock and take what they want while I'm out buying food or at work than to perform a bunch of computery attack stuff. LOL!
If they really really want you, you are pretty much TOAST. There is pretty much NOTHING you can DO about it.

Just like with aliens: If they wanted to, they would just teleport the earth into the sun at faster than the speed of light, and that would be the end of that topic. There would be no forewarning or discussion about it. A Type-0 vs Type-3 civilization. We are 1000% powerless. Sorry but, no amount foil will save you... LOL!

It would make for an awfully short and boring Independence Day movie when we all die between the ticks of a clock. At 60FPS the movie would be about ~1 frame long. If that... LOL!

Quote:
Originally Posted by dkersten View Post
I am hesitant to throw a server in it and end up hearing it in the theater..
Would it still boot if you removed all but one fan?
and then wired some resistors to the fan to reduce the RPM and thus noise, possibly replacing it with a lower noise fan as well.

Last edited by BassThatHz; 01-23-2017 at 08:43 PM.
BassThatHz is offline  
post #1017 of 1025 Unread 01-23-2017, 08:51 PM
Senior Member
 
dkersten's Avatar
 
Join Date: Oct 2013
Posts: 217
Mentioned: 4 Post(s)
Tagged: 0 Thread(s)
Quoted: 80 Post(s)
Liked: 129
Quote:
Originally Posted by BassThatHz View Post
Yes.
Would it still boot if you removed all but one fan?
and then wired some resistors to the fan to reduce the RPM and thus noise, possibly replacing it with a lower noise fan as well.
They are all smaller fans, hard to quiet down. Not as bad as the 1u server chassis, those sound like a jet engine winding up... but still a pain to quiet down.
And I'm pretty sure the HP iLo would throw an error on boot if fans weren't present or if I tried to interject some external throttling. I took at look at SAS hdd's and they have come way down in price, almost as low as SATA, so throwing 6 4tb drives in wouldn't be out of the question.. It currently has 6 15k rpm 128gbb drives in it, 2 in raid 1 for the OS, 3 in raid 5 for storage, and 1 hot spare. Fast as hell but not nearly enough space.

I just ordered a 16tb nas tonight, I ran out of space on my 6tb nas after a blu ray shopping spree, lol. So as nice as it would be to get this going, it is not a priority.

Frankly I am not that worried about security (on my personal stuff). I know for fact that a lot of my personal data has been compromised. I got some 5 notifications from major companies in the last year alone, all after they were breached. My newegg account got hacked as a result, and they tried to order some stuff on my credit card. The only thing of real value in any files is my manuscripts for my books, but more people read my books for free from pirate sites than buy it anyway, so I am not all that concerned. Common practices on my devices will prevent 99% of the hackers from ever getting close to anything of value, and the other 1% have much bigger targets to pursue. The virtualization has had me thinking for a while though...
dkersten is offline  
post #1018 of 1025 Unread 02-02-2017, 07:46 AM - Thread Starter
AVS Forum Special Member
 
BassThatHz's Avatar
 
Join Date: Apr 2008
Location: Northern Okan range (NW Cascades region)
Posts: 7,202
Mentioned: 69 Post(s)
Tagged: 0 Thread(s)
Quoted: 2031 Post(s)
Liked: 1547
I learned something important today.
Don't assign all of the sata ports to ESXi.

Not unless you use RAID with drive mirroring to larger capacities at the BIOS level.

Always leave 1 sata port unused, even if it is your optical bay;
because if you use all of them to full capacity you'll be unable to upgrade to larger drives, as it only allows for expansion to new/unmounted drives, and if your fully full then you are out of luck with that host, even if the host BIOS supports bigger capacity drives. In that case, you'd need a second host or a temporary external storage which will be slow and annoying. Why they built it this way I don't know; but there you are!

If you have 1 extra, then you typically can migrate to higher amounts.
Alternatively you can assign 1 datastore per VM which also eases the pain of that problem, sometimes!

Last edited by BassThatHz; 02-02-2017 at 07:49 AM.
BassThatHz is offline  
post #1019 of 1025 Unread 02-02-2017, 07:24 PM
Advanced Member
 
Aaron Smith's Avatar
 
Join Date: Mar 2002
Location: Four Oh Six
Posts: 852
Mentioned: 2 Post(s)
Tagged: 0 Thread(s)
Quoted: 139 Post(s)
Liked: 58
BassThatHz,

What the hell is your theater build doing sitting in the 'DIY Speakers and Subs' section of AVS instead of the 'Dedicated Theater Design & Construction' section where it belongs???

Sorry, had to ask...

Dkersten,

It's not often you get to see somebody on here that you lived 2 houses away from for many years as a kid! My last name is different now than it was then if you're perplexed...

I will use this space to formally apologize for the rock fight I started that one fateful day in 1983 or so where your brother Jon was hit in the back by a near softball-sized orb flung by yours truly...I didn't mean to hit him...just meant to 'send one in from afar' and get close. If you didn't ever know, you did end up skimming a sharp one across the top of my head in the hasty retreat that ensued; culminating in a trip to the ER to receive 12 stitches to close up the wound...didn't even feel it until I got home and was soaked in blood on the whole right side of my head! Karma, huh? Good times...

I lived in Billings my whole life until about 18 months ago (still have a house there); moved over to Bozeman. Looks like the family business was quite successful...congrats! Love the DIYSG stuff you did too...Erich H and I used to trade messages and had a few deals before DIYSG blew up.
Aaron Smith is online now  
post #1020 of 1025 Unread 02-02-2017, 11:29 PM - Thread Starter
AVS Forum Special Member
 
BassThatHz's Avatar
 
Join Date: Apr 2008
Location: Northern Okan range (NW Cascades region)
Posts: 7,202
Mentioned: 69 Post(s)
Tagged: 0 Thread(s)
Quoted: 2031 Post(s)
Liked: 1547
There is another section of AVS? ...when did this happen?
Is that where people go to ask for help and stuff??? What a weird concept!!!
Could you imagine if the sheeple saw my thread? There is this thread where this guy keeps adding subwoofers continuously for 100 years...
I think their heads would explode! I really don't think they could cope with the idea of 64 subwoofers (or whatever number I have when I'm 50). They have a hard time understanding 4 18's after they ask for help about their single 8.

But if it helps any: the room is DIY, the speakers are DIY, the subs are DIY, the automation is slowly becoming DIY, and soon my DSP engine will also be DIY.

The only thing that isn't DIY is the drivers, amps and upstream components. I've thought about DIY drivers, but there are too many unpredictables ...and the price is still fairly high for such things. I like tested drivers, like ones pre-proven by data-bass; at least then I have an idea of what I might be getting into (or avoiding).
BassThatHz is offline  
Sponsored Links
Advertisement
 
Reply DIY Speakers and Subs



Forum Jump: 

Posting Rules  
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off