Choosing the right ZFS pool layout is crucial. I went with mirrored vdevs for my VM storage - here’s why.
Mirrors offer:
RAIDZ is great for bulk storage, but for VM workloads, mirrors win every time.
Security first! I implemented a proper 2-tier PKI with an offline Root CA and an online Enterprise Issuing CA.
The Root CA lives on an air-gapped VM that only comes online for CRL updates. The Issuing CA handles all certificate requests and integrates with Active Directory for auto-enrollment.
This setup follows Microsoft best practices and provides enterprise-grade certificate services.
I deployed a proper Active Directory forest with microsoftlab.ch as the forest root and corp.microsoftlab.ch as a child domain.
This mirrors enterprise architectures where the forest root is kept clean and child domains handle user accounts. The trust relationships are automatic and transitive.
DNS integration was the trickiest part - conditional forwarders and proper delegation are essential.
After weeks of tweaking, I finally hit 48.7 Gbit/s throughput on my 50Gbit LACP bonds. Here’s the secret sauce.
The key optimizations were:
The Mellanox ConnectX-4 cards are beasts, but they need proper configuration to shine.
Today I completed the initial setup of my 2-node Proxmox cluster. Here’s what I learned about quorum and why a QDevice is essential for 2-node setups.
The cluster uses Corosync for communication and requires careful network planning. I dedicated VLAN 10 for cluster traffic to ensure reliable heartbeat communication.
Key takeaways:
