New on LowEndTalk? Please Register and read our Community Rules.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
Why don't more providers let customers manage their servers with Proxmox VE?
Many providers use PVE but make customers manage their systems through crap like Virtualizer. If they're already using PVE, why not just let them use that instead? It has all the necessary features, better-integrated VNC for doing recovery if the network is broken, usage graphs, etc. It also has fine-grained privilege control, so it's not like exposing it would be giving customers access they shouldn't have.
Not a complaint, I'm genuinely curious.
Comments
Proxmox doesn’t have a good templating/reinstallation system at all. In addition, there isn’t a great IPAM system, and the UI is complex for most non-savvy users to understand.
Fair enough. I wasn't even thinking of templating, since I prefer to just attach an ISO and install directly.
We allow PVE access by default but with one exception (that I am aware of), no one uses it. Also we don't publicize it because of -
For a techie that already knows PVE it is great but for a 'newbie' used to Virtualizer etc. it is intimidating.
More importantly, there are serious security and architecture concerns.
I personally would never expose a physical Proxmox node on a public IP, regardless of how much hardening is applied. That leaves a very thin margin between malicious activity and bare metal that directly hosts customer data.
Wasting a public IPv4 address on a hypervisor node also makes little sense architecturally. Yes, placing nodes in a private, firewalled management network requires more engineering and comes with trade-offs—but it is absolutely worth the effort.
Both of the above points are security-driven, not theoretical.
Just because something hasn’t broken yet doesn’t make it best practice or industry standard.
Keeping hypervisors in a dedicated management VLAN is widely accepted best practice. It also avoids a long list of operational headaches:
MTU handling (Proxmox clusters and Ceph traffic do not play nicely when mixed with public-facing paths)
Jumbo frames and cluster traffic over public IPs are, frankly, messy
Clustered setups (which I do recommend) add another layer of complexity that makes public exposure even harder to justify
End users should never have access to the node GUI. Proxmox has fine-grained roles, yes—but one misconfigured permission or role, and suddenly a user can see or touch things they absolutely shouldn’t. That’s not a risk worth taking.
Button line, regardless the OS used for Virtualization:
A physical hypervisor node should never be publicly addressed, and customers should never interact with the node GUI directly. Proxmox is an excellent platform—but it belongs behind proper abstraction layers, not exposed as a customer control panel.
PS: The GUI was never intended to be customer facing.
Well, now you use Virtualizor as SPOF. If someone pwns single proxmox node - the impact is way more manageable, then pwning central infra component.
Central control panel does not add security or lessen impact surface. It is vice-versa.
@Levi
If securing the internal side is already a problem then I fail to see how putting it on the public Internet makes it any better.
Well, you will know that you are under the radar after first node breach
That's a very good point. I've come across providers that allowed me to do more than they should from PVE.
Hehe, even my home router is on a very separate network.
It's one of those 4 port N5105 devices, and it's running proxmox with one of those ports dedicated to the management, and pfsense in a container with the 3 other ports in PCI passthrough. One goes to the fibre ONT, one to my wireless router and the other to my home wired net. There's a third virtual network exposed to pfsense for VMs like my borg server.
Anyway, whenever I want to manage proxmox, I physically connect the cable from the management port to my home net switch, and then I do what I need and disconnect it. I think that kind of paranoia is good, but it is kind of annoying and so I actively try avoid ever using that proxmox instance in practice.
@ralf
Haha, that’s some next-level air-gap discipline 😄 Respect for the commitment.
No need to physically make them apart, VLAN the shit out of it.
Same security model, far less pain.
jushost allow user to use PVE ?
Yes. In fact, they only use PVE.
I think a lot of people said that, but most provider sell for savvy and none tech savvy customers.
I use proxmox in homelab.
If you as provider provide direct access, think about how many tickets you will answer everyday for the none savvy ones. Providers don't want that headache. Most people needs plug and play products.
@Saragoldfarb loves her plug and play products!
Confirmed.
One drawback of using PVE is that it requires the provider to invest time and resources in controlling IP allocation.
Some users can scan the entire subnet to find and use IP addresses.
Skill issue.
Plus it would immensely increase ticket count ~ load on support.
I did think about providing a Proxmox pre-built template for our clients but as @jsg mentions the likely support load stopped me. Also with the latest exploits of hypervisors, although I have tried my best to lockdown client use of PVE there are still worries.
If however a client is already experienced with PVE getting a pre-built server could save them a lot of time. On the other hand if they are experienced they should already know how to build and configure exactly as they wish so don't need the template.
So we all rinse and repeat......
People are lazy, Proxmox has a full fledged API with permissions, that actually works, in comparison with Virtualizor, where even the billing panel gets full access to everything.
You can easily, create a VM from a template, assign it to a user, send the creds to the user.
If the User needs a reinstall well, either he does it himself or ask or you offer an option in the Panel somehow.
cloud-init support duh, will do the network settings/changes for you.
With a small plugin in WHCMS you could make it work, for like free, no license fees ever, rock solid.
@Neoon Somehow you and I are certainly thinking along the same lines.....
The problem with setting the permissions, is that the GUI still shows the option (unless I have missed something) and when used gives an error. Which is why I agree with jsg, support queries are potentially the real problem.
I created the automation at FOSSVPS so building is literally
/root/build_vm [template_id] [new_vm_id] [ip_option] [disk_gb] [cores] [memory_mb] [client] [email] [forum] [send_email]To re-install either local or remote
/root/rebuild_vm [VMID] [destination]And yes we do use cloud-init
bruh, if a field is grayed out, you can't use it.
How is that a problem? Or you doing something wrong with permissions.
If you have people ticketing you, about something is grayed out and not clickable, I never had that issue so far, god bless.
I bet my fucking ass, if you have 1k VM's, using that setup.
You get like 10-20 tickets per day for reinstall.
Which is gonna be one click for you, if you do it right.
Workload 5 minutes tops, for like 10 tickets.
Reinstall on NanoKVM takes like 10s tops for me, when I click that button.
You gonna spend way more time, on useless tickets for some bullshit nonsense.
Problem is not being greyed out, it is "I want this feature" and it errors.
Stupid is as stupid does.
Maybe someone will capitalize on this opportunity to create a user friendly frontend for Proxmox.
Doesn’t convoy do that already?
Never heard of them, but could very well be the case.
I don't get your issue, it doesn't error out, except you might have configured the permissions wrong.
Its grayed out, not clickable, no errors, nothing.
I mean no offensive, just checked the demo.
Its basically just a nice, clean wrapper around proxmox, which cost you money monthly.
It doesn't do stuff Proxmox can't do.
We are actually developing a friendly (Open Source) frontend
I understand what you are saying but just because it is greyed out, users will still (hypothetically) raise support requests wanting a feature they didn't know about or wanting to know why they can't use that feature.