On Fri, 2011-09-16 at 10:46 -0700, Eric Shubert wrote: > ... > Now, take all of your ideal logical servers (and the networking which > ties them all together), and make them VMs on your host. I've done this, > and these are the VMs I presently have (the list is still evolving): > .) net (IPCop distro, provides network services, WAN/DMZ/LAN) > .) web (DMZ/STOR) > .) ftp (DMZ/STOR) > .) mail (DMZ/STOR) > .) domain control (LAN/STOR) > .) storage (LAN/STOR) > > One aspect that we haven't touched on is network topology. I have 2 nics > in the host, one for WAN and one for LAN. These are both bridged to the > appropriate subnet. I also have host-only subnets for DMZ and STORage. > The DMZ is used with IPCop port forwarding giving access to services > from the internet. The STOR subnet is sort of a backplane, used by > servers to access the storage VM, which provides access to user data via > SMB, NFS, AFP, and SQL. All user data is accessed via this storage VM, > which has access to raw (non-virtual) storage. > ... If I'm understanding you, if you split this out to multiple physical hosts, you would need to convert DMZ and STOR from virtual to physical segments; increasing the number of required network interfaces in each host to 4. Are you concerned that your hosts are connected to WAN without a firewall? I assume you bridge the interface without assigning IP address? What software do you use for storage. I'd think having the host handle integrated storage would be simpler, but, of course, that doesn't scale to multiple hosts...