Tech Recipe Book
My Services
  • Book
    • About the author
    • Architect
      • Algorithms
        • DB index algorithms
          • How does database indexing work
        • Neural network optimization
          • Neural Network Optimization
        • Route search
          • Road network in a database to build a route
          • Traveling Salesman Problem (TSP)
      • Architecture Frameworks
        • DODAF
        • TOGAF
        • Enterprise Architecture (EA) Tools Reviews 2023 | Gartner
      • Zero Trust
      • Billing
        • SHM billing system
      • Bots
        • Discord
        • Telegram
          • Chat GPT Telegram bot
          • Получаем статистику Telegram-канала при помощи api и python или свой tgstat с регистрацией и смс
          • Как хостить телеграм-бота (и другие скрипты на Python) на Repl.it бесплатно 24/7
          • Создание Telegram бота на PHP #1: основные понятия для работы с API
          • Создание Telegram бота на PHP #2: создание первого бота для Telegram
          • Создание Telegram бота на PHP #3: примеры отправки сообщений с кнопками в Telegram
          • Создание Telegram бота на PHP #4: отправка файлов и изображений в Telegram
          • Создание Telegram бота на PHP #5: работа с хуками
      • Business intelligence
      • Cloud Storage
        • Ceph
        • Virtual Distributed File System
      • Cryptography
        • Open Source PKI Software
        • OpenPGP
          • Email Encryption
          • Kleopatra
          • Miscellaneous Tools
          • Server side applications
      • Message broker
        • Kafka
          • Kafka UI-tools
          • Kafka streams ksqlDb
        • RabbitMQ
      • DB
        • MySQL
          • Auto sharding
          • MariaDB Zabbix monitoring
          • MySQL and MariaDB replication with Zabbix monitoring
        • Postgres
          • HA PostgreSQL with Patroni, Haproxy, Keepalived
          • Mass parallel requests - Greenplum
          • PostgreSQL cluster for development and testing
        • Vitess - Scalable. Reliable. MySQL-compatible. Cloud-native. Database.
      • Identity and Access Management (IDM)
        • FreeIPA - Identity, Policy, Audit
        • FreeIPA as an Enterprise solution
        • Keycloak
          • Keycloak HA cluster
        • Open Identity Platform
        • SSO
          • Keycloak for Java app
          • OpenAM
          • OpenIG
      • Firewall
        • nftables
      • Infrastructure As a Code
        • Ansible
        • IaC Packer Ansible Teraform
        • Installing Jenkins using terraform in Kubernetes in Yandex Cloud with letsencypt
        • Teraform Crosplan Pulumi
        • Yandex IaC solutions
      • Kubernetes
        • Installation
          • Install Kubernetes cluster
          • Deploying a Kubespray cluster to OpenStack using Terraform
          • Kube deploy in Yandex cloud
        • Frameworks
          • Deckhouse
            • LDAP authentification
            • On premise Install
            • Yandex Cloud Install
          • K3S
          • OpenShift OKD
          • RKE2
          • Rancher
            • Rancher Install
        • Auth
          • Keycloak in k8s
          • LDAP
        • GUI management Lens
        • Monitoring
          • Monitoring with Falco
          • Network monitoring
          • Nginx ingress
          • Prometheus Graphana for sample Nodejs app
          • Rsource monitoring Avito
        • Exposing services
          • Exposing Kubernetes Services
          • Cilium BGP
        • CNCF
        • Helm
          • Repositories
            • Artifact Hub | official
            • Bitnami | vmware
          • Awesome helm charts and resources
          • Essential Services for Modern Organizations
          • Security and Compliance
          • Additional charts
        • Isolation
          • vcluster - Virtual Kubernetes Clusters
          • Kiosk
          • KubeArmor
          • Control Plane Hardening
          • Hierarchical namespaces
        • Security Center
          • Minesweeper
          • NeuVector by SUSE
          • SOAR in Kubernetes
          • Security Сenter for Kubernetes
        • Terraform CI security
          • Terraform plan analysis with Checkov and Bridgecrew
          • Yandex Terraform scan
        • Vulnerability management
          • Aqua
          • Sysdig
          • Kyverno
          • GitLab
          • NeuVector by SUSE
        • Image scanning
          • Snyk
          • Sysdig
          • Harbor
          • Trivy
        • Signature verification
          • Sigstore
        • Control plane security
          • Gatekeeper
            • Applying OPA Gatekeeper
          • Kyverno
            • Policy as a code. Kyverno
        • Runtime Security
          • Osquery
          • Falco
          • ClamAV
        • Network security
          • Cilium
          • Control Plane Hardening (API restriction)
          • Network policy recipes
          • Service mesh
            • Istio HA, LoadBalance, Rate limit
          • mTLS Autocert
        • Honeypot
          • Building honeypot using vcluster and Falco
        • Backup
          • Kasten K10
        • Secrets
          • Vault CSI Driver
      • Load Balance
        • Nginx
        • HAProxy
          • Proxy methods
          • HAProxy for RDP
          • Payment gateway A/B test with HAProxy
          • HAPRoxy for Percona or Galera
      • Monitoring
        • Zabbix
          • Apache Zabbix
          • Disc Quota
          • Nginx Zabbix
          • SSL certificates Zabix
          • Zabbix notifications
        • Nagios
          • Datacenter monitoring
        • Prometheus and Grafana
      • Windows
        • Sysmon enhanced Windows audit
        • Sysmon to Block Unwanted File
      • Linux
        • Rsync
        • Debian based
          • Apt-Cacher NG
          • Unattended Upgrades in Debian / Ubuntu
        • RedHat basede
          • RPM Server
        • Logs analysis
        • Build armhf qemu
      • NGFW
      • CI/CD
        • DevSecOps
          • DAST
            • Burp
              • Dastardly
            • StackHawk
            • ZAP and GitHub Actions
          • SAST
            • Checkmarx
            • OSV by Google
            • Snyk
            • SonarQube
        • GitLab Runner in Yandex Cloud
        • Dynamic Gitlab Runners in Yandex Cloud
        • GitLab runner in Kubernetes with Werf
        • Kubernetes deploy strategies
        • Kubernetes highload deploy. part 1
        • Kubernetes highload deploy. part 2
        • Kubernetes Argo Rollouts
        • Jenkins in Kubernetes
        • Ansible Semaphore
        • Image storage, scaning and signing
        • Install WireGuard with Gitlab and Terraform
        • CI/CD example fror small web app
        • Threat matrix for CI CD Pipeline
      • SIEM / SOC
        • Datadog
        • Splunk
          • Splunk — general description
        • MaxPatrol
          • MaxPatrol 8 and RedCheck Enterprise
        • QRadar IBM
        • Cloud Native Security Platform (CNAPP) - Aqua
        • OSSIM | AT&T
          • AlienVault (OSSIM) install
        • Wazuh
        • EDR
          • Cortex XDR | Palo Alto Networks
          • Cynet
          • FortiEDR | Fortinet
          • Elastic
        • Elastic
          • Install Elasticsearch, Logstash, and Kibana (Elastic Stack) on Ubuntu 22.04
          • Setting Up Elastic 8 with Kibana, Fleet, Endpoint Security, and Windows Log Collection
        • Threat Intelligence
          • MISP
          • msticpy Microsoft
          • X-Force | IBM
          • Elastic
      • VPN
        • Full-Mesh VPN fastd, tinc, VpnCloud
        • Wireguard
          • WireGuard for Internet access
          • WireGuard on MikroTik and Keenetic
          • WireGuard site to site
        • SoftEther VPN Project
        • Cisco AnyConnect client
        • OpenConnect
        • SSTP python server
      • OS hardening
        • CIS Benchmarks
      • Cloud Providers
      • OpenNebula
        • OpenNebula Edge Cloud - Open Source Cloud & Edge Computing
        • Discover OpenNebula – Open Source Cloud & Edge Computing Platform
        • OpenNebula Multi-Cloud
        • Kubernetes on OpenNebula
        • The Open Source Alternative to Nutanix
        • The Simple Alternative to OpenStack
        • OpenNebula Partner Ecosystem
      • OpenStack
        • Install manual
        • Install with DevStack
      • VM
        • Create a VHD file from a Linux disk
        • Backup / Migration
          • Coriolis
          • Proxmox Backup Server
        • oVirt
        • VMware vCenter
        • Proxmox
      • Docker
        • Container optimization
        • Ubuntu RDP container
      • LXC
        • LXD on Ubuntu 18.04
        • Install, Create and Manage LXC in Ubuntu/Debian
    • Big Data
      • OLAP data qubes
      • Storage and autoscale in Lerua
    • Machine Learning
      • Yandex YaLM 100B. GPT model
      • Kaggle Community Datasts Models
      • AI in video production
      • Image search
      • Chat bots
        • You.com
        • Chat GPT
          • Implementing GPT in NumPy
        • Jailbreak Chat
      • Coding plugins CodeWhisperer
    • Malware
      • Isiaon/Pitraix: Modern Cross-Platform Peer-to-Peer Botnet over TOR
      • theZoo A repository of LIVE malwares
    • Pentest
      • Red Team
        • MITRE ATT&CK matrix
        • C2 Frameworks
          • Brute Ratel C4
          • Cobalt Strike
          • Covenant
          • Havoc Framework
          • Merlin
          • Metasploit
          • Sillenttrinity
          • Sliver
        • Manage and report
          • Dradis Framework
          • Hexway
        • Underground
      • Social engineering
        • Social Engineer Toolkit setoolkit
      • OSINT
        • OSINT for comapny
        • Instagram fishing
      • Forensics
        • Forensics tools
      • Pentesting Methodology
      • Web
      • CI/CD Methodology
      • Cloud Methodology
        • Hacking The Cloud
      • Kubernetes Pentesting
      • Android
        • SSL Unpinning for Android applications
      • iOS
        • SSL unpinning iOS and macOS applications
      • HackBar tool
      • CyberChef Tools
      • Python virtualenv
      • IppSec - YouTube
      • Hacktricks.xyz
    • Compliance
      • 152 ФЗ. Personal data
      • PCI DSS and ГОСТ Р 57580.1-2017
      • Cloud compliance
      • ГОСТ Р 57580.1-2017 для Kubernetes
      • Kubernets as DevSecOps and NIST compliance
      • NIST SP 800-61 cyberincidece control
      • CIS Kubernetes Benchmark v1.6 - RKE2 v1.20
      • CIS Kubernetes Benchmark v1.23 - RKE2
      • Requirements for Russian Banks
      • Tools
        • Chef InSpec
        • Elastic SIEM
    • Asset management
      • CMDBuild
    • Project management
    • Incident management SRE
    • Risk management
      • IT risk management
      • BSI-Standard 200-3
    • Web Dev
      • Cookie security
      • OWASP Top 10 2021
      • Docker nginx php mysql
      • Docker tor hiddenservice nginx
      • Docker Compose wp nginx php mariadb
      • Dependency Checking
        • Nexus Analyzer
        • OWASP dependency-check
      • Yii skeeks cms
      • YiiStudio
    • Art
      • GTK Themes
      • Themes for Xfce Desktop
      • XFCE / Xubuntu Windows 95
      • Moscow events
      • Photo goods
      • Russian style gifts
    • Cryptocurrency
      • News
      • Arbitrage
      • Stocks
      • Exchange aggregators
      • Where to use
      • Prepaid cards
        • BitFree
        • Pyypl Your Money at Your Fingertips
    • IT magazines
      • WIKI and Writeups tools
        • BookStack
        • GitBook
        • MkDocs
        • Wiki.js
        • DokuWiki
    • Languages
    • Learning
      • (ISC)2
        • CISSP
      • Offensive Security
        • OSCP
        • OSEP
        • OSED
      • DevSecOps
        • Certified DevSecOps Professional (CDP)
        • Certified DevSecOps Expert (CDE)
      • Web Security Academy: PortSwigger
    • Relocation
      • London experience
      • IT visas in 2022
      • Remote work
      • Running business in UAE
    • Freenet
      • Independent online services: the philosophy of a free Internet
      • Tor Project Anonymity Online
      • I2P Anonymous Network
    • Services
      • SMS Registration
        • Registering ChatGPT in Russia
      • Local and regional eSIMs for travellers - Airalo
      • Digital busines cards
      • No KYC services and exchanges
Powered by GitBook
On this page

Was this helpful?

Last updated 1 year ago

Was this helpful?

Server Virtualization

Proxmox Virtual Environment is based on Debian GNU/Linux and uses a custom Linux Kernel. The Proxmox VE source code is free, released under the (GNU AGPLv3). This means that you are free to use the software, inspect the source code at any time and contribute to the project yourself. You can download the Proxmox VE ISO installer or inspect the code in the public .

Using open-source software guarantees full access to all functionality, as well as a high level of reliability and security. We encourage everybody to contribute to the Proxmox VE project, while Proxmox, the company behind it, ensures that the product meets consistent, enterprise-class quality criteria.

Kernel-based Virtual Machine (KVM)

KVM is the industry-leading Linux virtualization technology for full virtualization. It's a kernel module, that's merged into the mainline Linux kernel, and it runs with near-native performance on all x86 hardware with virtualization support—either Intel VT-x or AMD-V.

With KVM you can run both Windows and Linux in virtual machines (VMs), where each VM has private, virtualized hardware: a network card, disk, graphics adapter, etc. Running several applications in VMs on a single system, enables you to save power and reduce costs, while at the same time, giving you the flexibility to build an agile and scalable software-defined data center, that meets your business demands.

Proxmox VE has included KVM support since the beginning of the project, back in 2008 (that is since version 0.9beta2).

Container-based virtualization

Container-based virtualization technology is a lightweight alternative to full machine virtualization, because it shares the host system's kernel.

Linux Containers (LXC)

LXC is an operating-system-level virtualization environment for running multiple, isolated Linux systems on a single Linux control host. LXC works as a userspace interface for the Linux kernel containment features. Users can easily create and manage system or application containers with a powerful API and simple tools.

Central Management

To manage all tasks of your virtual data center, you can use the central, web-based management interface. The whole functionality of the web interface is also accessible via CLI or REST API, which can be used to automate tasks.

Web-based management interface

Proxmox VE is easy to use. You can do all management tasks with the integrated graphical user interface (GUI), there is no need to install a separate management tool. The central web interface is based on the ExtJS JavaScript framework and can be accessed from any modern browser. In addition to management tasks, it also provides an overview of the task history and system logs of each node. This includes running backup tasks, live migration, software-defined storage, or HA triggered activities. The multi-master tool allows you to manage your whole cluster from any node of your cluster; you don't need a dedicated manager node.

Proxmox VE mobile

Command line interface (CLI)

For advanced users who are used to the comfort of the Unix shell or Windows Powershell, Proxmox VE provides a command line interface to manage all the components of your virtual environment. This command line interface has intelligent tab completion and full documentation in the form of UNIX man pages.

REST API

Proxmox VE uses a RESTful API. We chose JSON as the primary data format, and the whole API is formally defined using JSON Schema. This enables fast and easy integration for third party management tools, such as custom hosting environments.

Clustering

While many people start with a single node, Proxmox Virtual Environment can scale out to a large set of clustered nodes. The cluster stack is fully integrated and ships with the default installation.

Proxmox Cluster File System (pmxcfs)

The pmxcfs enables you to synchronize configuration files across your cluster. By using Corosync, these files are replicated in real time to all cluster nodes. The file system stores all data inside a persistent database on disk, nonetheless, a copy of the data resides in RAM. The maximum storage size is currently 30 MB - more than enough to store the configuration of several thousands of VMs.

Proxmox VE is the only virtualization platform using this unique cluster file system, pmxcfs.

Live/Online migration

Administrators can initiate this process from either the web interface or the command line. This enables you to minimize downtime, in case you need to take the host system offline for maintenance.

Unique multi-master design

To simplify the management of a cluster, you can carry out maintenance tasks cluster-wide, from any node. The integrated web-based management interface gives you a clean overview of all your KVM guests and Linux containers across your cluster. You can easily manage your VMs and containers, storage or cluster from the GUI. There is no need to install a separate, complex, and pricey management server.

Authentication

Role-based administration

You can define granular access to all objects (like VMs, storage, nodes, etc.) by using the role-based permission management system. This allows you to define privileges and helps you to control access to objects. This concept is also known as access control lists: Each permission specifies a subject (a user group, or API token) and a role (set of privileges) on a specific path.

Authentication realms

Proxmox VE supports multiple authentication sources, for example Linux PAM, an integrated Proxmox VE authentication server, LDAP, Microsoft Active Directory, and OpenID Connect.

Proxmox VE High Availability (HA) Cluster

A multi-node Proxmox VE Cluster enables the creation of highly available virtual servers. The Proxmox VE HA Cluster is based on proven Linux HA technologies, providing stable and reliable HA service.

The entire Proxmox VE HA Cluster can be easily configured from the integrated web-based user interface.

Proxmox VE HA Manager

The resource manager, Proxmox VE HA Manager, monitors all VMs and containers in the cluster and automatically comes into action if one of them fails. The Proxmox VE HA Manager works out-of-the-box. Zero configuration is needed. Additionally, the watchdog-based fencing dramatically simplifies deployment.

Proxmox VE HA Simulator

Proxmox VE includes a HA Simulator. This allows you to test the behavior of a real-world 3 node cluster with 6 VMs. The Proxmox HA Simulator runs out-of-the-box and helps you to learn and understand how Proxmox VE HA works.

Bridged Networking

Proxmox VE uses a bridged networking model. Each host can have up to 4094 bridges.

Bridges are like physical network switches, implemented in software on the Proxmox VE host. All VMs can share one bridge, as if virtual network cables from each guest were all plugged into the same switch. For connecting VMs to the outside world, bridges are attached to physical network cards assigned a TCP/IP configuration.

For further flexibility, VLANs (IEEE 802.1q) and network bonding/aggregation are possible. In this way, it is possible to build complex, flexible, virtual networks for the Proxmox VE hosts, leveraging the full power of the Linux network stack.

In case you have more specific needs, Proxmox VE also supports Open vSwitch (OVS) as an alternative to Linux bridges, bonds, and VLAN interfaces. OVS provides advanced features, such as RSTP support, VXLANs and OpenFlow, and also support multiple VLAN on a single bridge.

Flexible Storage Options

The Proxmox VE storage model is very flexible. VM images can either be stored on one or several local storage devices or on shared storage like NFS and SAN. There are no limits. You can configure as many storages as you like, and can use all storage technologies available for Debian GNU/Linux. The benefit of storing VMs on shared storage is the ability to live-migrate running machines without any downtime.

In the Proxmox VE web interface, you can add the following storage types:

Network storage types

  • LVM Group (network backing with iSCSI targets)

  • iSCSI target

  • NFS Share

  • SMB/CIFS

  • Ceph RBD

  • Direct to iSCSI LUN

  • GlusterFS

  • CephFS

Local storage types

  • LVM Group

  • Directory (storage on an existing filesystem)

Software-Defined Storage with Ceph

Ceph is an open-source distributed object store and file system designed to provide excellent performance, reliability and scalability. Proxmox Virtual Environment fully integrates Ceph, giving you the ability to run and manage Ceph storage directly from any of your cluster nodes.

Ceph provides two types of storage, RADOS Block Device (RBD) and CephFS. An RBD provides block level storage, for content such as disk images and snapshots. CephFS implements a POSIX-compliant filesystem using a Ceph storage cluster to store its data.

Benefits of Ceph with Proxmox VE

  • Easy setup and management through the GUI and CLI

  • Self-healing

  • Scalable to the exabyte level

  • Setup pools with different performance and redundancy characteristics

  • Runs on economical commodity hardware

Read more:

Proxmox VE Firewall

The built-in Proxmox VE Firewall provides an easy way to protect your IT infrastructure. The firewall is completely customizable, allowing complex configurations via the GUI or CLI.

You can set up firewall rules for all hosts inside a cluster, or define rules for virtual machines and containers only. Features like firewall macros, security groups, IP sets and aliases help to make that task easier.

Distributed firewall

While all configuration is stored in the cluster file system, the iptables-based firewall runs on each cluster node, and thus provides full isolation between virtual machines. The distributed nature of this system also provides much higher bandwidth than a centralized firewall solution.

IPv4 and IPv6

The firewall has full support for IPv4 and IPv6. IPv6 support is fully transparent, and we filter traffic for both protocols by default. Thus, there is no need to maintain a different set of rules for IPv6.

Backup/Restore

Backups are a basic requirement for any sensible IT environment. The Proxmox VE platform provides a fully integrated solution, using the capabilities of each storage and each guest system type. Backups can be easily started with the GUI or with the vzdump backup tool (via command line). These backups are always full backups - containing the configuration of VMs and container, and all data.

The integrated backup tool (vzdump) creates consistent snapshots of running containers and KVM guests. It basically creates an archive of the VM or container data and also includes the configuration files.

Scheduled backup

Backup jobs can be scheduled so that they are executed automatically on specific days and times, for selectable nodes and guest systems.

Backup storage

KVM live backup works for all storage types including VM images on NFS, iSCSI LUN, and Ceph RBD. The Proxmox VE backup format is optimized for storing VM backups quick and effectively (accounting for sparse files, out of order data, minimized I/O).

Proxmox Backup Server Integration

These backups are incremental, only transferring newly changed data over the network. This is highly beneficial in terms of network bandwidth and backup job run time. Data can also be easily encrypted on the client side, so that your backed up data is inaccessible to attackers.

Live-restore

Restoring large backups can take a long time and be a major source of downtime in case of disaster. However, for VM backups that are stored on a Proxmox Backup Server, the live-restore feature minimizes this downtime, allowing the VM to start as soon as the restore begins. In this case, the data is continuously copied in the background, prioritizing chunks that the VM is actively accessing.

Single-file restore

Oftentimes, only a single file or directory is needed from a backup. From the Proxmox VE web interface, you can securely search for and restore individual files or directories from a VM or container backup.

You can either via an Android app or via the HTML5-based mobile version of the web interface. The Proxmox VE Android app is based on the Flutter framework, and allows you to access your Proxmox VE server and manage your cluster, nodes, VMs, and containers. The Proxmox VE HTML5 mobile client enables you to manage Proxmox VE on the go, including access to the SPICE and HTML5 console. This allows you to manage VMs and containers, and view their configuration.

Proxmox VE uses the , a database-driven file system developed by Proxmox.

With the integrated , you can move running virtual machines from one Proxmox VE cluster node to another, without any downtime or noticeable effect from the end-user side.

Read more about the

Read more on the .

Read more on the

Read more about the

Read how to configure

is our enterprise-class backup solution, that is capable of backing up VMs, containers, and physical hosts. Support for this is fully integrated into Proxmox VE, meaning you can seamlessly back up and restore guests using the same common interface that the other storage types use.

  1. Book
  2. Architect
  3. VM

Proxmox

  • Server Virtualization
  • Linux Containers (LXC)
  • Central Management
  • Clustering
  • Authentication
  • Role-based administration
  • Authentication realms
  • Proxmox VE High Availability (HA) Cluster
  • Bridged Networking
  • Flexible Storage Options
  • Software-Defined Storage with Ceph
  • Proxmox VE Firewall
  • Backup/Restore
  • Proxmox Backup Server Integration
https://www.proxmox.com/en/proxmox-virtual-environment/features
GNU Affero General Public License, v3
code repository (git)
Read more about the Proxmox technology
Read more about KVM
Read more about Linux Containers (LXC)
access Proxmox VE on mobile devices
unique Proxmox Cluster File System (pmxcfs)
live/online migration feature
Proxmox VE High Availability
Proxmox VE Network Configuration
ZFS
Proxmox VE Storage Model
How to deploy a hyper-converged Proxmox VE Ceph Cluster
Proxmox VE Ceph Benchmark 2020/09
Proxmox VE Firewall
Proxmox VE Backup and Restore
Proxmox Backup Server