Please review - XCP-ng Reference Architecture
-
@TS79 I dont think it really matters, we run ours in one of our pools and we've been doing that since 2016 without any issues.
-
It's doable to dedicate an XCP-ng host for XOA. But XO doesn't use that much resources, so before it will be a "performance best-practice", I would argue it's a good thing for people with sensitive infrastructure where they want to split their mgmt environment to their prod environment. However, due to the level of isolation with Xen, it's doesn't matter in 90% of use case.
-
@olivierlambert Thank you - all makes sense
-
@nikade Thanks again for your input, much appreciated.
-
@TS79 said in Please review - XCP-ng Reference Architecture:
@nikade Thanks again for your input, much appreciated.
If your running TrueNAS Scale or TrueNAS Enterprise 24.04.2 as part of your deployment, with XCP-ng to replace VMware. Make sure you install TrueSecure app, as otherwise you'll be missing important security features on your TrueNAS.
-
@john-c said in Please review - XCP-ng Reference Architecture:
TrueSecure
Whats that? Never heard of TrueSecure on TrueNAS.
-
@john-c @nikade - I had to Google Search for TrueSecure, as hadn't heard of it before.
Seems good in that it's first-party solution, and security it typically always a good idea, but it's not really something for my use-case as a homelabber.
It mentions storage encryption: which to me immediately complicates things like deduplication, compression, and delta backups / replication.
TrueSecure seems to be positioned as a tool to achieve security compliance for strict standards like NIST / FIPS / government security regulations.
Still, good to know it exists and will be reading more about it for potential future advice! -
@TS79 said in Please review - XCP-ng Reference Architecture:
@john-c @nikade - I had to Google Search for TrueSecure, as hadn't heard of it before.
Seems good in that it's first-party solution, and security it typically always a good idea, but it's not really something for my use-case as a homelabber.
It mentions storage encryption: which to me immediately complicates things like deduplication, compression, and delta backups / replication.
TrueSecure seems to be positioned as a tool to achieve security compliance for strict standards like NIST / FIPS / government security regulations.
Still, good to know it exists and will be reading more about it for potential future advice!It's also where you can configure settings like minimum SMB protocol to use, SMB connection encryption and SMB connection signing.
-
@nikade said in Please review - XCP-ng Reference Architecture:
@john-c said in Please review - XCP-ng Reference Architecture:
TrueSecure
Whats that? Never heard of TrueSecure on TrueNAS.
It's an application or feature for TrueNAS Scale, TrueNAS Core and/or TrueNAS Enterprise. Which enables the enabling and configuration of security features of TrueNAS instances (software and/or hardware).
-
If you run backups outside of business hours, any impact on pool hosts cpu/memory performance is likely irrelevant (and limited by how many resources the XO is provisioned with anyway). The bigger potential impact is likely on your production storage, which again could be irrelevant outside of business hours.
However, if you want to perform backups more frequently and/or during business hours, in my experience the storage performance is the more likely to suffer noticeable impact. Unless your hosts are very highly utilized the additional cpu/memory load on a single VM shouldn't tip the scales. And at 500MB/sec your network shouldn't struggle either (I am assuming 10+Gbps links to get that speed).
And regardless of backing up during or outside business hours, or how long your backup window is, always consider the restore times! Performance of backup storage is always low priority until something needs to be restored
If your backup takes 8 hours your restore will take 8 hours. Or longer. Don't cut any corners on backup storage, it is very important! -
@john-c said in Please review - XCP-ng Reference Architecture:
@nikade said in Please review - XCP-ng Reference Architecture:
@john-c said in Please review - XCP-ng Reference Architecture:
TrueSecure
Whats that? Never heard of TrueSecure on TrueNAS.
It's an application or feature for TrueNAS Scale, TrueNAS Core and/or TrueNAS Enterprise. Which enables the enabling and configuration of security features of TrueNAS instances (software and/or hardware).
Alright - I didnt know that, thanks for the info.
