Hardware Recommendations for Citrix XenServer Pfsense / 3CX / Surveillance Box OR Bear metal

[WindsorComputerRepair]

So i'm looking at two solutions right now.
I need a PF Sense router, a 3cx server (Windows only) and a surveillance server.

Initially, I had the 3cx server and the surveillance server running on the same dual core PC in my rack, and a PF sense box separately.

However, I was thinking of building a Xenserver box in a 3U enclosure for my rack that will run my 3CX, Surveillance, and PFSense all in one box, but on three seperate VM's.

Any ideas on whether the virtualized environment will work better than each being on a bearmetal server, and what specs I should aim for?
3CX will handle up to 5 calls simultaneously, (This is my current license limit),
the surveillance server will handle up to 5 security cameras at 720p (Right now 640x480) set to record only on detect
And the pfSense will be hooked up to an *cringe* HP Procurve 48 Port switch, and a separate WAP (Or two for guest networking)

Any suggestions?

Right now I have an old quad core with 5 GB RAM laying around, and I think this will do the trick (Given that the previous hardware was a dual core with 1 GB ram, and an intel atom box)

 

[OaksLabs]

I do a lot with Xen, and the biggest problem I see with your setup is if you need non-virtual PCs to connect through your PFSense. It can get tricky hooking up physical to virtual networking.

I'd also suggest bumping up the RAM, (If you count Xen itself, you'd be running 4 OS'es on 5GB....and that sounds crowded).

 

[WindsorComputerRepair]

What if I kept the virtual machine, but then put PF sense on a separate atom box again?
I can upgrade my processor to an i5 with vpro, but this will limit me to 4 GB atm, and 8 GB MAX.

 

[YeOldeStonecat]

I like to keep routers separate from sharing hypervisors with internal servers.
For one,routers always perform much better "bare metal"...not sharing the CPU and RAM with anything, and not having a "layer in between" the router OS and the bare metal. Latency being primary purpose.
Security being the other purpose. There have been exploits out which can hop across hypervisors and dig into other guests. That WAN NIC is a potential open door...because of that.

 

[WindsorComputerRepair]

So here's the plan so far-
Intel Core i3 CPU W/ 8 GB DDR3 RAM, running Xen and a windows OS, and an Intel atom with 2 GB RAM running the router, bare metal, seperate, with 2 Gigabit connections, and a 100mbit line. (100mbit going from the WAN, and the 1st gigabit to the switch, whilst the second going to the WAP)

 

[jzukerman]

Looks good. I've have pfSense running on a Supermicro 1U Atom server at home. Works great. Near silient, uses 20W of power. I did need to add a 40MM fan to cool the passive heatsink on the CPU. Was kind of a pain in the ass to install because it wouldn't boot from any of the USB flashdrives I had to install pfSense. Ended up having to use ISO burned to a CD and an external CD drive to install.

 

[YeOldeStonecat]

Looks good. I've have pfSense running on a Supermicro 1U Atom server at home. Works great. Near silient, uses 20W of power. I did need to add a 40MM fan to cool the passive heatsink on the CPU. Was kind of a pain in the ass to install because it wouldn't boot from any of the USB flashdrives I had to install pfSense. Ended up having to use ISO burned to a CD and an external CD drive to install.

I did the same for a while.....had one of those SuperMicro 1U Atom dual core jobbies.....
And yes..it would get hot...and sometimes flip out. The fan in the power supply was supposed to be the exhaust fan for the whole chassis...and it died. Had to run it with the top lid cracked open.

Used to run lots of firewall distros on her...once I even skinned it with ESXi and ran firewall distros in that.

 

[WindsorComputerRepair]

Ended up going with the n270 w/2GB ram on the pf sense box in a 1U enclosure with two 80mm fans to channel air through the chassis. Has been running for since i started this thread straight with no problems. I just have to disable ACPI permanetly. I am using namecheap DDNS to have an internal access system from the net.
It goes to an HP switch, which leads out to two different wireless access points. (Protip- Do not use Linksys for anything business related if you are looking for a device with features. Flash with DD-WRT if you can.)
There's a quad core with 4 GB ram running a single VM that is running Server 2012R2 with my VoIP server.

Works wonderfully. Now all I need to do is build a redundant backup for power.