[PVE-User] Hosted Proxmox Server Deployment Questions

Theron Trout theron.trout at mellonway.com
Thu Dec 18 00:43:41 CET 2008


Hi All,

I'm about to build a new Proxmox server that I will be handing off to a
hosting provider for them to stand up at their location.  This has lead
me to contemplate various security issues that I wouldn't worry about as
much as if I were operating it on my own network.  Here are some
questions I have.  I hope some of you can provide me with some insight
and possible means of handling these issues (or even point out other
important issues that I may be overlooking).  I don't mind blazing my
own trail on this, but if there is a more tried approach, I'd prefer
such a route.

My proxmox server will be plugged into the hosting companies network.  I
plan to use bridge networking with my VMs drawing from a pool of IP
addresses I have available.  This is okay for those virtual machines
that will be externally visible web/mail/etc servers, but bad for
database servers and other sensitive VMs.

Is it possible to setup something like a virtual LAN that lets the
proxmox client VMs see each other on an internal only schema like
192.168.0.1, .2, .3, etc, but isolated from the outside network?

If this can be done, I figure I can give internal-only machines virtual
network cards attached to this network and give a second card to public
facing machines with outside associated IP addresses.

I've looked at some of the VLAN documentation, but it's not quite clear
to me that I'm standing at the base of the right tree.  Am I overlooking
a much easier solution?  It would be great if there is one that would
allow me to do a regular vlan connection with my local network.

I suppose the best way to go would be to have one VM be a dedicated
firewall system delegating all access, which might open some elegant
solutions, but that assumes I solve the most basic problem above.  I
imagine this could become a major bottleneck in high-traffic situations,
though.

Finally, assuming I get this to work, would it be possible in the future
to hand them additional Proxmox servers for clustering and have the
virtual network span the growing cluster?

Please pardon me for the long post, but I figured it raises some issues
that others would find useful.

Best regards,
Theron

-- 

Theron Trout
Principal, Mellonway LLC

800-614-MWAY (6929)
301-358-5547
www.mellonway.com

Efficiency and Results through Expertise. (TM)





More information about the pve-user mailing list