Differences

This shows you the differences between two versions of the page.

--- foundation:virtualhost [2025/12/19 23:05] – created - external edit 127.0.0.1
+++ foundation:virtualhost [2025/12/20 00:21] (current) – privacyl0st
@@ Line 1: / Line 1: @@
+===== Virtual Host Configuration =====
+This page covers how to design and configure the **virtualization host** that underpins the Trash Panda Plex ecosystem.\\
+The virtual host is the control plane of the entire environment. If it is underpowered, misconfigured, or overcomplicated, every VM on top of it will inherit those problems. Conversely, a properly sized and segmented host largely disappears into the background — exactly what we want.\\
+This guide assumes:\\
+  * The host OS is **Windows 11**
+  * **VMware Workstation Pro 17** is used for virtualization
+  * Three Ubuntu Server VMs will be deployed (Reverse Proxy, ARR Suite, Overseerr)
+  * The broader network already supports **LAN, NFS, and DMZ VLANs**
+==== Design Priorities ====
+Before touching hardware or software, establish the priorities:\\
+. **Stability Over Density**\\
+The goal is not to pack the most VMs into the smallest box. It’s to run a few critical VMs reliably.\\
+. **Predictable Performance**\\
+Media automation is bursty. The host must absorb spikes without cascading failures.\\
+. **Hard Network Separation**\\
+VLAN separation must be enforced at the physical NIC level wherever possible.\\
+. **Operational Simplicity**\\
+Troubleshooting should start with clear boundaries, not guesswork.\\
+==== Resource Sizing ====
+=== VM Resource Requirements (Baseline) ===
+The ecosystem requires **three Ubuntu VMs** with a combined minimum of:\\
+  * **8 GB RAM total**
+  * **6 vCPUs total**
+This is the **floor**, not the **ceiling**.\\
+=== Host Resource Considerations ===
+In addition to VM resources, the host must account for:\\
+  * Windows 11 base OS overhead
+  * VMware Workstation Pro services
+  * Background and general-purpose workloads
+As a rule of thumb:\\
+  * **CPU:** Choose a CPU with at least **2–4 physical cores beyond VM allocation**. High single-core performance matters more than core count.
+  * **Memory:** Add **8–12 GB RAM above VM requirements** to keep Windows and VMware responsive under load.
+  * **Storage:** Use fast SSD or NVMe storage for:\\
+        * VM disks
+        * Snapshot files
+        * Logs
+Avoid placing VM disks on spinning media.\\
+==== Overcommitment Guidance ====
+VMware Workstation allows CPU and memory overcommitment, but this ecosystem benefits from restraint:\\
+  * Light CPU overcommitment is acceptable
+  * Memory overcommitment should be avoided
+Starving the host leads to unpredictable latency, which ARR services do not tolerate well.
+==== Physical NIC Requirements ====
+The virtual host **must have three physical NICs**.\\
+Each NIC enforces a trust boundary.\\
+=== NIC Roles ===
+. **Primary NIC (LAN / Default VLAN)**
+  * Used by the host OS
+  * Used by VMs that require LAN access
+  * Carries management and general traffic
+. **NFS NIC (Layer 2 Only)**
+  * Dedicated to storage traffic
+  * No host IP address
+  * Used exclusively by VMs that mount NFS shares
+. **DMZ NIC (Layer 2 Only)**
+  * Dedicated to internet-facing services
+  * No host IP address
+  * Used exclusively by VMs in the DMZ VLAN
+These NICs should **not** be teamed or bonded.
+==== Windows 11 Host NIC Configuration ====
+The goal on the Windows host is simple:\\
+  * One NIC behaves like a normal network interface
+  * Two NICs behave like invisible wires
+=== Primary NIC Configuration ===
+  * Assign IP via DHCP or static configuration as appropriate
+  * Configure default gateway
+  * Normal DNS configuration
+  * This NIC handles:
+        * Windows updates
+        * VMware licensing
+        * Management access
+=== NFS VLAN NIC Configuration ===
+  * **No IP address assigned**
+  * No default gateway
+  * Disable:
+        * Client for Microsoft Networks
+        * File and Printer Sharing
+  * Leave the adapter enabled
+Windows should see this NIC as connected but unusable — that is intentional.
+=== DMZ VLAN NIC Configuration ===
+Configure identically to the NFS NIC:\\
+  * No IP address
+  * No gateway
+  * No Windows networking services bound
+These NICs exist solely to be passed through to VMware virtual networks.
+=== VMware Workstation Pro Networking ===
+VMware Workstation uses **Virtual Network Editors** to map physical NICs to virtual switches.
+=== Virtual Network Layout ===
+Create the following virtual networks:\\
+  * **VMnet0 (Bridged – LAN)**
+        * Bridged to Primary NIC
+  * **VMnet2 (Custom – NFS VLAN)**
+        * Bridged to NFS NIC
+        * No host connection
+  * **VMnet3 (Custom – DMZ VLAN)**
+        * Bridged to DMZ NIC
+        * No host connection
+Disable DHCP on VMnet2 and VMnet3.
+== Why This Matters ==
+  * VLAN tagging is handled by the physical network
+  * VMware provides clean L2 handoff
+  * The Windows host remains blind to NFS and DMZ traffic
+This significantly reduces accidental exposure and simplifies troubleshooting.
+==== Storage Placement ====
+  * VM disks stored on fast local SSD/NVMe
+  * Avoid snapshots as a long-term safety net
+  * Snapshots are for:
+        * Short-term changes
+        * Known rollback points
+Snapshots are not backups.
+==== Final Thoughts ====
+The virtual host is where **discipline pays off**.\\
+Clear resource headroom, hard NIC separation, and boring configurations produce:\\
+  * Predictable VM behavior
+  * Easier security reasoning
+  * Faster recovery when something breaks
+If you’ve built the host correctly, the VMs on top of it become straightforward — and that’s exactly the outcome this ecosystem is designed to achieve.