[pve-devel] Vmbr bridge permissions and SDN improvements?
Neil Hawker
n.hawker at chester.ac.uk
Mon Mar 7 11:01:42 CET 2022
Hi Eneko
Thank you for the suggestion, we hadn’t thought about nested virtualization which is an interesting idea. My initial thoughts are this would create additional complexity with management of the platform (provisioning, authentication and licensing) and system overheads.
Your suggestion however, has given me the thought that we could use nested virtualization for pen testing purposes in future by having an all-in-one VM containing its sub vms/networks.
Ideally if the use of vmbr bridges could be restricted using permissions Spirit proposed in their changes, that would require minimal configuration changes for us to make particularly mid-academic year.
Thanks
From: Eneko Lacunza <elacunza at binovo.es>
Sent: 07 March 2022 08:56
To: Proxmox VE development discussion <pve-devel at lists.proxmox.com>; Neil Hawker <n.hawker at chester.ac.uk>
Subject: Re: [pve-devel] Vmbr bridge permissions and SDN improvements?
CAUTION !
This email was NOT sent using a University of Chester account, so we are unable to verify the identity of the sender. Do not click links or open attachments unless you recognise the sender and know the content is safe.
=====
Hi Neil,
Have you considered using nested Proxmox servers, so that you only have the desired networks in students' nested Promoxes?
Cheers
El 4/3/22 a las 12:08, Neil Hawker escribió:
Hi,
We're currently using version 7.1-10 and have the use case where we need to hide the vmbr bridges from normal users to prevent them circumventing network security that is applied through SDN vNets.
For context, our setup is a Proxmox cluster that is used as a learning environment for students where they can create and manage their own VMs to practice their Cybersecurity skills in an isolated environment. Being able to hide the vmbr bridges from users would achieve this.
I have found on the community forum (https://forum.proxmox.com/threads/sdn-group-pool-permissions.93872<https://eur02.safelinks.protection.outlook.com/?url=https%3A%2F%2Fforum.proxmox.com%2Fthreads%2Fsdn-group-pool-permissions.93872&data=04%7C01%7Cn.hawker%40chester.ac.uk%7C2c6719c1547a4477574908da00184b85%7C18843e6e1846456ca05c500f0aee12f6%7C0%7C0%7C637822402169129755%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000&sdata=H4P5MgWm0zeSubD7vK5jIAR7o6LTusSWaL8CKaKnC%2FQ%3D&reserved=0>) that Spirit had contributed changes that have yet to be accepted/merged in that would achieve this as well as some SDN GUI improvements.
I appreciate developers are very busy, but is it possible for Sprit's changes to be included in an upcoming version and if so, any rough idea when they might get released?
Thanks
Neil
_______________________________________________
pve-devel mailing list
pve-devel at lists.proxmox.com<mailto:pve-devel at lists.proxmox.com>
https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-devel<https://eur02.safelinks.protection.outlook.com/?url=https%3A%2F%2Flists.proxmox.com%2Fcgi-bin%2Fmailman%2Flistinfo%2Fpve-devel&data=04%7C01%7Cn.hawker%40chester.ac.uk%7C2c6719c1547a4477574908da00184b85%7C18843e6e1846456ca05c500f0aee12f6%7C0%7C0%7C637822402169129755%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000&sdata=Ur1DGse304OpUAdjmdI7i9pfMFY6sIXKX07VGTDg8GI%3D&reserved=0>
Eneko Lacunza
Zuzendari teknikoa | Director técnico
Binovo IT Human Project
Tel. +34 943 569 206 | https://www.binovo.es<https://eur02.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.binovo.es%2F&data=04%7C01%7Cn.hawker%40chester.ac.uk%7C2c6719c1547a4477574908da00184b85%7C18843e6e1846456ca05c500f0aee12f6%7C0%7C0%7C637822402169129755%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000&sdata=ZySLpr35A4QsypF9rA%2BIMrszhY9HB3Cmp42wLBXzHWc%3D&reserved=0>
Astigarragako Bidea, 2 - 2º izda. Oficina 10-11, 20180 Oiartzun
https://www.youtube.com/user/CANALBINOVO<https://eur02.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.youtube.com%2Fuser%2FCANALBINOVO&data=04%7C01%7Cn.hawker%40chester.ac.uk%7C2c6719c1547a4477574908da00184b85%7C18843e6e1846456ca05c500f0aee12f6%7C0%7C0%7C637822402169129755%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000&sdata=4NXZcop16DzRkhILlzXiININi70VtriKV6EzhJNYuYE%3D&reserved=0>
https://www.linkedin.com/company/37269706/<https://eur02.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.linkedin.com%2Fcompany%2F37269706%2F&data=04%7C01%7Cn.hawker%40chester.ac.uk%7C2c6719c1547a4477574908da00184b85%7C18843e6e1846456ca05c500f0aee12f6%7C0%7C0%7C637822402169129755%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000&sdata=wINFvSFOdI1PhAYeHy%2FQ7MdUuh%2F7z076eulOGkMuRx4%3D&reserved=0>
More information about the pve-devel
mailing list