I believe in virtualizing everything possible! and that includes my pfSense router. In this article, I will go in-depth into my pfSense 1u server build. I will list all of the components that went into this server build. I will also discuss the virtualization method of my choice.
What is My Reason for Virtualizing pfSense in a 1U Rackmount Server?
I have always virtualized pfSense in my “production” servers at home but shutting down the box to work on it meant the whole house lost its internet connection. As you can see, I needed to dedicate a server to pfSense. At the same time, I didn’t want to install pfSense on bare metal because I felt it would have been a waste of hardware resources.
Some say that you should always run router firewalls on dedicated hardware; however, I beg to differ. A virtualized pfSense machine does not need a lot of processing power to run efficiently. Virtualizing pfSense meant that I could also use this server for a few lab virtual machines.
Below is the current resource usage of my ESXI server with pfSense, pi-hole, and a Windows 10 virtual machine running.
Another benefit to virtualizing pfSense is that it is easy to backup the entire virtual machine without ever shutting it down. Live backups will, of course, depend on the virtualization solutions that you are using.
The most important benefit of this pfSense 1U Server Build is future upgradability. When I finally decide to step up to the 1Gbps or higher internet speeds, I can take advantage of it by adding an SFP/10G copper nic card to my pfSense server.
The pfSense 1U Server build is an ideal solution for those of you who would like to include it in a rackmount with the rest of your network devices. It is a great idea to keep your firewall close to your managed switches and other devices in the rack for easier accessibility.
What Virtualization Solution do I Recommend?
The virtualization solution that I am using for this project is VMware ESXi with an active license. However, VMware is free to use with some limitations. One of those limitations on the free ESXi version is a locked backup API. Using the free license, you won’t be able to backup your ESXI machine using software such as Veeam. You can, of course, shut down the virtual machine and export the OVA file within ESXi.
Since we will be running pfSense, backup is not an issue as we can export the config within the pfSense control panel.
Hardware Used in this PfSense Build
Now let us get to the meaty part of this build. I’ve sourced some of the hardware used in this pfSense 1U server from eBay and Amazon.
I have always found excellent build quality in even used enterprise gear, and reliability is what I sought after in this pfSense 1U Server Build.
I purchased a used 1U barebone server from eBay for just $250, which shipped with a motherboard, CPU, 16GB of ECC ram, and power supply.
Here are the specifics of each component:
Server Chassis: Supermicro CSE-512
Power Supply: PWS-203-1H
Riser Card: Supermicro RSC RR1U-E8 Rev 3.10
Network Card: DELL 424RR INTEL I350-T2
Dual SSD Mount: Dual SSD Bracket Adapter
Blower Fan: Blower Fan for Passive Cooling
If you are interested in a similar server already pre-built, please check here for CSE 512 Barebone availability.
The following additional components were purchased from Amazon:
Power Usage of My pfSense 1U Server Build
The power draw is very low on this server unless you run multiple virtual machines and, even then, no more than 70 watts. All of the hard drives in this build are SSD or NVMe, making it an efficient server build.
SSD’s pull around 2 watts of power even during regular usage, and most of the time, they are sitting idle. I currently have 16GB of ECC ram in this server, and I will be picking up another 16GB of RAM to max it out. Once I’ve installed all of the RAM, this server may add a few extra watts to the power draw.
Realistically speaking, with a pfSense VM running on this server, CPU utilization is minimal, and the power draw varies between 30-40 watts.
1U Server Noise Control
As you already know, noise is the number one factor that keeps people far away from 1U server builds. Surprisingly, the barebone CSE 512 build was not very noisy. I am using the blower fan that it came with as well as the Silver Stone heatsink.
I could run with just the Silver Stone heatsink, but I have the blower fan also plugged in for redundancy. Since the Silver Stone heatsink keeps the CPU temps down, the blower fan runs at low RPMs, reducing noise.
My 1U server sits in a cool basement, so your results may vary. The CPU temperature sensor indicates LOW on this Supermicro motherboard and doesn’t give out the specifics.
Before installing VMware ESXI, I’ve installed Windows 10 and used HWMonitor to pick up the processor temperature values, as shown below.
I hope if the Silver Stone heatsink dies, the blower fan will ramp up to the max and give me enough time to replace the heatsink. I am confident that the blower fan will be fully capable of keeping the CPU cool even in that case, at full speeds, these things can push a lot of air through the metal fins of the heatsink.
I wish there were better solutions to silence a 1U server, but unfortunately, the market has limited products in this category. There isn’t enough clearance in a 1U chassis for better quality fans like Noctua NH-L9i.
These 1U servers are meant to be in temperature-controlled server farms, so noise isn’t an issue. Maybe in the future, we will see a market for better coolers as these 1U servers make their way into the homes of computer enthusiasts.
Other Considerations & Tips
Most Xeons, including the E3-1270v2 used in this pfSense 1U Server Build, are AES-NI supported, which means you get the benefits of additional cryptographic support with pfSense.
I have 2 Kingston 240 GB SSD’s in this build attached to the HD bracket adapter, and they are both running at SATA 2 speeds. Unfortunately, the X9SCL-F+ motherboard does not support SATA 3. However, I am quite happy with these results as the 240GB drives will be used for lab virtual machines.
I also have a Kingston NVMe drive added to the NVMe PCI-Express adapter. The Kingston A2000 NVMe SSD is running at optimal performance utilizing PCI-E 3.0. Below are the benchmark results for the Kingston A2000 NVMe SSD in this system. I am quite happy with these speeds, not too shabby for an older Supermicro motherboard.
I am using the A2000 for the pfSense virtual machine to minimize any possibility of drive bottlenecks since I only have SATA 2 availability on the X9SCL-F+.
I could have gotten a PCI-Express Riser Cable for 1U servers, but I like the Supermicro riser card’s durability. The Supermicro riser card aligned correctly in the CSE512 Chassis without any issues.
PfSense plays nice with Intel hardware, so that is why I have the INTEL I350-T2 network interface card. I only need the two ports on this card, dedicated for pfSense LAN and WAN interfaces. All of my lab VM’s on this machine will use one of the built-in NICs on the X9SCL-F+ motherboard.
The X9SCL-F+ motherboard supports IPMI, which is fantastic because that means I can troubleshoot any issues on my 1U server without ever plugging in a keyboard, mouse, or monitor to it. You can download the Supermicro IPMI utility here.
I hope this article inspired you to take on your pfSense 1U server build. If it did, please leave a comment below. I would love to learn about your project. If you’ve enjoyed this content, please don’t forget to share it on social media. Also, you are welcome to join our community on Facebook @ Tech Really.