@scottalanmiller said in Proxmox hates security:
@Pete-S said in Proxmox hates security:
@scottalanmiller said in Proxmox hates security:
@Pete-S said in Proxmox hates security:
I'm not saying Proxmox is insecure, I'm just saying it wasn't designed with security as it's primary focus.
KVM by default for instance is managed by libvirt and by default doesn't open any tcp ports at all. That gives the administrator the option to decide what level of security versus convenience they want.Ignoring "by default" in that, ProxMox can be the same. You can close everything up and only manage however you like. You don't have to use the web interface on it, it can be totally shut down. Obviously defeating lots of the purpose, but plausible.
I spend far more time on ProxMox via command line via MeshCentral than via the web interface and the web interface, while we don't lock it down from the LAN in most cases (we run a LOT of ProxMox these days) we primarily access it from the PM host itself from a jump box running on top of it for the cases when the web interface is needed. So while we don't go to the degree of locking it off from the LAN, we could and we wouldn't notice the difference most of the time.
That's not a default, so obviously totally different. But it's a really simple setting.
That's good to know.
We don't use gui anymore either but we're moving away from pre-packaged hypervisors and to pure KVM with libvirt compatible management tools.
We have found that to be the best solution for our use case (high degree of automation and customization).
I'd like to see that for sure. There's a lot of benefit to that, potentially at least.
We're automating a lot.
But the real problem is not the automation itself. The real problem is that automation and standardization is time consuming.