Personal Testimony - Edge Case #2 - Protectli hardware
-
So I woke up and saw this today:
https://xcp-ng.org/blog/2020/09/09/edge-case-2-protectli-hardware/
And a massive smile came across my face, because this is the solution I have cut my teeth on XCP-NG just over 2 years ago now, and is still reliably running my home and two person cybersecurity consultancy business with 9 VM's running 24/7, and another 3-4 VMs that we spin up whenever we need them.
Two years ago this month, I purchased a new Protectli model, the i5 7200u as a replacement system for my old and finally failed (blown caps) Firewall. While waiting for the shipment to arrive, I saw @olivierlambert give his presentation on forking Xen and the launch of XCP-NG. Already familiar with Xen through my previous employer (T-Mobile), I thought when my Protectli unit arrives, and before I launch it as a bare metal firewall on my network, I thought I'd try XCP-NG on it first. When I did, my mind was blown almost instantaneously for a few reasons.
First, there was a bit of a learning curve. I'd never actually installed / administrated a Xen server at my former employer - that wasn't our job. Specifying security requirements and performing pen-testing and audits of implementations was more our thing. Thanks in part to the members of the community that were here, and even Oliver himself (who graciously extended my XOA demo license & answered further technical questions I had) that learning curve was just weeks rather than months. And after some initial configuration experimentation and performance testing, I ended up launching our XCP-NG Protectli unit with a Firewall (pfSense) VM and our first completely virtualised DMZ. Fuller disclosure: I've run my own Email, Web and DNS servers from home since 1994. But this was the first time I've attempted to virtualise many of my servers running on bare metal. And I was so impressed, within a couple of months - I was virtualising nearly everything onto this box apart from my NAS units onto XCP-NG, including two RaspberryPi's. In fact, at the time, I made many jokes about how consolidating two very heavily loaded RaspberryPi 3B+ Units (sucking a total of 10+ watts) into XCP-NG on Protectli was resulting in electrical bill savings & huge performance gains on the apps that previously ran on those RPI's were now realised.
What was on those two RaspberryPi's? The master node of the first High Availability implementation of Home Assistant which I specifically built for monitoring, managing and automating my Nano Coral Reef and Marine Fish breeding farm, composed of 12 interconnected aquariums. It also controls our house too, but the aquarium aspect is really why I needed 99.7%+ uptime service availability. So I architected a high availability solution using RaspberryPi's that works in practice, not unlike the Space Shuttle or Dragon Crew Flight Systems computer. Each node is sanity checking the other nodes and ensuring it's still online and operating as expected. If any node drops off, freezes, locks up, or operates outside of designed parameters, one of the remaining 4 nodes on the network (each even on their own circuit breaker) will take over. Additionally each RaspberryPi functions as a GPIO / USB / I2C / Dallas 1-wire sensor input/output device - except the master Home Assistant node and a dedicated RPI for the SQL server, which was located in my office. And migrating this master node and related SQL to a VM on XCP-NG was easy-peezy, and required no changes to my High Availability design of Home Assistant. In fact, it brought new features even better assuring more resilient high availability features.
I'm not 100% sure of this, but via the Home Assistant forums, we are under the impression we have been operating one of the largest domestic installations of Home Assistant that exists out there. It controls over 80 electrical sockets, and another 68+ network controlled lights, over 20 different temp probes, two dozen+ electrical pumps (including 8 aquarium dosing pumps) , displays 10 residential security cameras, and streams another 10 public webcams at the local Dutch beaches (which my wife calls "Sunset Cams"), tracks overhead airplanes (as far as the coast of the UK) using ADS-B, tracks the International Space Station & crew members onboard (my wife works for the ISS), weather conditions, and much much more.
This solution also monitors my home-office network, once waking me up at 5am when one of my Cisco network switch's power supply failed. 15 minutes later, I'd had dropped in a cold-standby Cisco switch in it's place and was crawling back into bed. But the real life saver has been with the aquariums, whether it was reacting to overflow situations to Ground Fault Circuit failures (think ageing aquarium heaters that die / leak in the middle of the night) that result in unexpected power cuts (the aquariums have their own dedicated GFCI protected electrical circuits).
And of the 3 years we've had this Home Assistant solution (May 2017), 2 of those years the primary node has been running on XCP-NG on the Protectli hardware.
Originally, we started running XCP-NG on the Protectli with just 16GB of RAM and a 512GB SSD. Today, it's got 32GB of RAM and a 2TB SSD. The Protectli unit is wall mounted in my office and serves as a complete 100% replacement for all our former Cloud experiences, including Apple's iCloud / Office365 / GoogleDocs / WeTransfer / Dropbox / Maps and more. And we couldn't be more happy with this solution - so much so - my business partner and I are looking to launch a Edge based service using a similar combination of tools for the consumer / commercial market.
In March of this year, the Home Assistant Blog officially recognised my build and featured my implementation in the community spotlight.
https://www.home-assistant.io/blog/2020/03/15/community-highlights/
For those who are interested in my Home Assistant portion of the build, you can find full details on this epically long thread (TL;DR) here:
https://community.home-assistant.io/t/going-to-next-level-of-aquarium-automation-whos-with-me/18486
(There is a discrepancy in regards to the total number of aquariums - In Jan/Feb, we started shutting down several of my breeding and farming aquariums in the dedicated fish room because we are preparing for renovations in our house. Once those renovations are complete later this year, we'll be scaling back up to even more than 12 aquariums.)If anyone has any questions about the Protectli hardware, let me know and I'll answer as best as I can.
And here's a couple of images about what I describe above, including 2 of my several aquariums - the 2.5 meter long Reef tank and a smaller dedicated anemone tank.
Finally, and again, many, many, many thanks to Oliver, the Vates Team and everyone in the XCP-NG community who has contributed to a most excellent OpenSource project. None of what I did here, would have been possible without all you contributing to this most epic effort.
PS - Oliver - if you're ever looking for enthusiastic and skilled XCP-NG resources, please let me know. Both my business partner (@bill-gertz - who's already contributed to the XCP-NG project with acme.sh improvements for OPNSense / pfSense implementations) and myself are more than capable and willing.
-
Thanks for your extensive feedback, let me tweet that
-
Absolutely, please be my guest.
BTW, if you're ever in the Netherlands and want to drop by The Hague for beer and a personal visit to see the whole setup, you have an invitation.