This is an automated archive.
The original was posted on /r/sysadmin by /u/thegreatcerebral on 2024-01-18 16:44:47+00:00.
Needing to rebuild data infrastructure for "reasons"...
Current Setup:
- Single Host with storage local
- Housing small amount of VMs (DC, FS, VCenter)
- No redundancy
- Can't really expand
- Backups are D2D that are on a hosted server in the rack
What I am thinking is the more traditional:
- 2 to 3 (probably 2 to start) Hosts
- Shared Dedicated Storage (Example: Dell ME5012)
- This has two controllers inside of it so there is some redundancy built-in
- Want to have 2x DCs even though it may not be worth it if I were to setup FT in which case a dedicated smaller bare metal DC as redundant would serve better possibly...
- Will still run FS
- Have some new VMs to spin up for various tools required for the "reasons" above.
- I don't want to go VMWare but I'm not familiar enough with the other options to not go with them and the new pricing model which sucks because I'll be a system short for the licensing seeing as you must license like you have the full cores anyway.
- This is a more elastic install as we can grow to another host if needed as well as grow out the storage if needed as well as customize the need (speed vs. density)
My question is first... is this still the better way to go? Technically speaking we don't NEED to make it more robust and the business would love to not look at a higher bill for hardware costs. We do have some NEW needs that have arisen but growth beyond the required things is minimal right now. I would just build a larger build like the existing to house MORE things: RAM, Storage, CPU Cores probably.
Next question is that one of the servers we are needing to implement is a SIEM server. I was looking at OSSIM for the community edition due to cost however I am open to something else if it serves the purpose. The question still stands and that is, am I better served having a dedicated server, most likely bare metal for a SIEM solution? Should I put it in the VM environment? I don't want it to kill the IOPS on ingesting of logs. I am not running one now so I'm not sure what all I will be looking at with full implementation. For servers, you have the number of what we have. With the new situation just say you will be looking at 8 servers overall, We have Meraki hardware: 1 MX, 2 MS, and 1 MR, 30 desktops, and lets put the number at 12 "other" network connected devices. Note: the other VMs from the other requirements, due to our size will be VERY small footprints just to cover some utilities that we need to have and use from time to time.
I don't think the data will be tons but I have no idea. I have only seen scenarios where someone is paying a company to do the SIEM and they usually are paying for the full service but have a local machine for ingest and then push to the cloud. This may still be an option for us however in the interim, I may need to house this box in an effort to offset any other costs.
Lastly, due to the restrictions of things, really the cloud isn't an option right now unless after pricing all of this out it becomes viable. Sorry if I'm being vague... CMMC 2.0/NIST 800-171 stuff and GovCloud type stuff.