J.D. Hodges

I have a couple Supermicro X7SPA-HF-O Atom boards that I’m planning on putting IPCop on. #1 is an Atom motherboard as the primary firewall (for Weblogs.us) #2 is another identical Atom board as a secondary backup firewall. Here’s the motherboard in question:

X7SPA-HF-O Supermicro X7SPA-HF-O Atom Dual-Core D510/ Intel 945GC/ RAID/ V&2GbE/ Mini-ITX Motherboard, Retail – Motherboards SuperBiiz.comhttp://www.superbiiz.com/detail.php?name=MB-X7SPAHF&title=Supermicro-X7SPA-HF-O-Atom-Dual-Core-D510-Intel-945GC-RAID-V-2GbE-Mini-ITX-Motherboard-RetailSpecifications Mfr Part Number: X7SPA-HF-O CPU: Intel Dual-Core Atom D510 processor (1.66GHz, 1MB L2 Cache) Chipset: Intel 945GC & Intel ICH9R Memory: 2x 200pin DDR2-667 SO-DIMM,…

However, that secondary backup machine should never really see much actual use as a firewall  (baring hardware failure on the 1st board). So I’m considering making the 2nd board a multipurpose server. It would be an especially nice NAS device for backups etc. because it has SIX sata ports onboard, nice dual gigabit ethernet, and even an internal USB port for potentially booting from (freeing up the SATA port that would normally be used for the boot hard drive/SSD).

IPCop: a great firewall, doesn’t really do anything else..

Unfortunately, IPCop is pretty limited when it comes to use beyond routing/firewall-esque activites. Plus I wouldn’t really want a lot of Add-ons/plugins/hacks installed on the firewall, it’s just too many things to go wrong in the event that I ever would need to use it in a failover scenario. Besides I want the 2nd IPCop instance to be a near identical mirror of the 1st.

VMWare to the multipurpose rescue?  But on an Intel Atom processor, no way!? 😉

SO, that leaves me investigating VMWare on the Atom boards. Regarding sys-requirements, the CPU is a D510 (with two real cores and hyperthreading to make it appear like four cores). Of course it’s a slow dual core, but that’s not the end of the world for these types apps as I’ve run a pretty high-use firewall on an ancient P3 700MHz Dell “GX100”. Also, memory is okay as it should have 2GB or 4GB RAM. Sufficient for very simple file serving on one VM and IPCop in another virtual machine.

Potential benefits of virtualization:

+getting more use out of a secondary server that would normally be sitting idle or turned off (just waiting for the primary server to fail)
+potentially improving the NIC compatibility of IPCop, b/c my first go at installing IPCop failed to recognize the onboard NICs of the supermicro boards… perhaps ESX will allow a virtual IPCop install to easily utilize the two NICs? I know similar things have worked on VMWare Workstation/Server for me in the past.

Potential drawbacks:

-Network latency and NIC problems could rear their head… a bit of performance testing should let me know if this is a real problem or not
-Slow CPU speed/performance… I’m not too worried about this since it is should be seeing minimal stressful usage

This is just a first draft of this post… I post photos of the build process and the installation later. Until then, here are some resources that I’m utilizing on this project:

More Resources:

Dell Mini-9 ESX Server « DrDan’s Bloghttp://danhomolka.wordpress.com/2009/02/07/dell-mini-9-esx-server/No, really. Discovered entirely unintentionally. But this can be added to the list of why the Mini9 is a great piece of kit.

Anyone running VMware Server on Atom CPU – Linux/BSD – Server managementhttp://forums.whirlpool.net.au/archive/1156138Toying with the idea of build an Atom based Ubuntu server for 24/7 operation… running VMware so that I can have virtual machines, as I currently host two separate VMs with web…