Virtual Machine Question

[Mike Guilmette]

So here is my thought. I will have freenas running as a time machine backup, and storage/backup server (that will be independently backed up elseware). Lets say that I want to run my main computer as a VM or image as to help prevent intruders from wiping my computer or giving me a virus. I would also backup the VM or image as well. Does any of this make sense? or is my question too confusing?

Any help would be appreciated! Networking is not a strong suite but I am definitely willing to learn and experiment.

Specs:
Xeon 1230 v5
16gb ecc RAM
LSI 9207 4i4e
supermicro x11ssh ln4f
4x1tb wd red
currently 2x6tb HGST NAS Drives
32gb satadom for OS

 

[Chris Moore]

Lets say that I want to run my main computer as a VM or image as to help prevent intruders from wiping my computer or giving me a virus.

Virtualized through FreeNAS? What virtualization software?

Does any of this make sense? or is my question too confusing?

You didn't really give enough details to make sense. Are you thinking to run ESXi as a hypervisor and virtualize a desktop and also virtualize FreeNAS?

 

[Ericloewe]

Or do you mean running your workstation OS from iSCSI with FreeNAS backing it?

 

[kdragon75]

Lets say that I want to run my main computer as a VM or image as to help prevent intruders from wiping my computer or giving me a virus.

Explain how this part works...
Im guessing he wants to run his desktop as a VM on FreeNAS using bhyve and use a thin client of some sort to connect. If this is the case, you will want double the RAM and should only give the desktop VM 2 cores. Oh and you will need a thin client or some other machine to connect to the VM over VNC

 

[Mike Guilmette]

Explain how this part works...
Im guessing he wants to run his desktop as a VM on FreeNAS using bhyve and use a thin client of some sort to connect. If this is the case, you will want double the RAM and should only give the desktop VM 2 cores. Oh and you will need a thin client or some other machine to connect to the VM over VNC

Ok so this is the closest to what I was thinking. I have a workstation/gaming computer and I think what I want is to host the OS in a VM on the NAS and access it on my other computer, while leveraging the equipment on the workstation/gaming computer.

Sorry that was so confusing. I did it at the end of a long shift at work.

Sent from my LGLS992 using Tapatalk

 

[jgreco]

There's validity to wanting to run stuff that's isolated. However, when you do this sort of thing, you lose a lot of the advantages of the local computer (the "workstation/gaming computer" in this case) and heap more work on the NAS.

A strategy that I've been encouraging is to separate out the risky stuff, such as web, e-mail, and the file downloads that you should probably avoid at all costs, onto a separate VM, or better, multiple VM's. You can make this a Windows VM ($$$ per license) or even a FreeBSD VM (free but somewhat less capable?). https://forums.freenas.org/index.php?threads/freebsd-based-firefox-web-browsing-vm-for-vmware.40414/

A lot of the bad stuff that happens is because people do everything on one machine, so you're doing your Facebook'ing along with your general web accesses along with your banking along with your webmail. This is a good recipe for bad things to happen.

 

[Mike Guilmette]

Ok so another option, in addition to running a VM on the local computer, would be to keep a clean image of windows on the NAS.

Eventually I would love to run a hosted version to garner some experience with it. I enjoy building and tinkering with things and if I need to build a better server I will slowly put one together like I did this one.

I thank you for your assistance.

Sent from my LGLS992 using Tapatalk

 

[jgreco]

Keeping a clean image of Windows is fine. You can do it on the NAS, but NAS space is substantially more pricey than just a cheap external drive, plus the Windows tools to image disks typically know how to work with external drives better than they know how to work with a NAS.

You can run VM's in either place. For your workstation, if you run something like VMware Workstation ($$), you can use the "AutoProtect" feature to take periodic snapshots of the VM, so that if you get infected, you just roll back. VMware has put lots of effort into that. Run your "risky stuff" in a VM. Never ever use a web browser, etc., in the host OS, always run them in the VM. You can arrange something similar with running the VM on FreeNAS, but it isn't really "click and go." You take a snapshot of the VM.

I don't really bother with any of that most of the time. The better strategy here is to have a deployment script for Windows, which allows you to blow away and reinstall Windows. Local policy here is that no important data is ever stored on end-user machines. Laptops, desktops, VM's, all of them are installed by script. If there's a problem, blow it away and reload. End user data is stored on the fileservers, ZFS snapshotted for protection against corruption, so even if a "cryptolocker" virus were to show up, it's more of a "sigh, shrug, restore snapshot" than a "gotta pay bitcoins".