What a better gift one can do to himself than freedom ?
Indeed, it all started with replacing my usual desktop/workstation former closed source OS in favor of Linux. Since I've done so, honestly everything appears much clearer, every packets egressing/ingressing does so for the sole reason that you've either requested it or following an action you took. Quite an upgrade if you ask me.
Hence, it has now been for a good amount of time that as said, my main workstation is rolling a proper Kernel and that a sudo apt update && sudo apt upgrade doesn't require me to reboot my host every 3 minutes. A very happy end user indeed.
Naturally, the mindset shift occurring, the next questionable technologies were running at the core of my labs. Here as well, closed source technologies on which I've had somewhat of a control. Couple that with a stream of rather poor updates, the humongous amount of precious resources required for Management VMs and to me, a lack of flexibility.
Hence, you've got it probably by now: I've replaced the Hypervisor spread within my Labs with an Open Source solution coming from Proxmox Server Solutions.
The whole migration went pretty smoothly. Windows boxes have been exported from the previous environment and imported back within PVE without much issues (aside for some of them mainly around boot disks, SATA controllers etc..). Linux based boxes were absolutely easy to move as well.
The one thing that kept me insane for a while was "coil whine" observed on one of the Nodes (wasn't the case before). Nasty coil whine on the nVME & SSD modules mind you. This turned out to be related to Intel's EIST & SpeedShift BIOS settings.. Took time to find out though and well, yes I like my fanless systems to be, hum, silent.
On the Fortinet end, I've simply re-installed every used appliances on PVE and restored their latest previously saved configurations (with slight adaptations/modifications needed to suite KVM). For the ones running in HA and for my learning appetite, I've setup temporary HA across the old environment and the PVE setup while the migration occurred. This worked like a charm and I wouldn't had believed it so easy before I started it really.
Below are a few things I absolutely love about Proxmox PVE:
- A Debian based Linux Distribution
- Robust yet simple Cluster Management amongst processing Nodes
- No needs in my case for a Management VM
- Absolute control and visually so of exactly what is going on
- Automated & integrated VMs vzdumps backups/restore to storage repo of your choice, orchestrated at the Datacenter level
- Out of the Box VMs clone & node to node VMs migration
- Stunning Storage features (anything, literally will do)
- Native USB Ethernet NICs support (SPAN ports etc..)
- Constantly up-to-date on a Security Patches perspective
- All the Freedom in the World; you like iftop, bmon etc. just apt install them
- PVE Nodes backup & re-install are a matter of saving a few files and off you go
- Browser based noVNC consoles are just stunning really
- Blasting fast Nodes boot cycles
- Forums & Communities with all the answers making all the sense in the world to any of my open questions (what a change...)
And yes, I've tested the backup/restore features, they do absolutely work. Of course as usual, when bad things happen they don't really do so on relatively important systems nope. Problems always hit THE most important system right, but hey I literally deleted the running VM and restored a previously taken backup directly from the PVE GUI after having messed up with the system and bingo, up again.
A few links helping your quest for freedom:
https://forum.proxmox.com/
https://www.proxmox.com/en/proxmox-ve
https://www.historiantech.com/adding-fortigate-vm-into-proxmox/
In the upcoming day or weeks I'll post some insider around Fortinet Portfolio implementations based upon KVM/PVE.
I hope you've found this useful and that it gave you envy to check it on your own.
Don't bow!
Obuno