book

Learning Proxmox VE

by Rik Goldman

March 2016

Beginner

224 pages

3h 58m

English

Packt Publishing

Read now

Unlock full access

eBooks, discount offers, and moreWhy subscribe?Free access for Packt account holders
What this book covers

Downloading the example codeDownloading the color images of this book ErrataPiracyQuestions
Proxmox VE in brief
KVMQEMUOS Virtualization with Proxmox VE
Hardware requirements and recommendations for Proxmox VE
Enabling hardware virtualization extensions
Disabling the enterprise repositoryEnabling a non-subscriber repositoryUpdating and upgrading Proxmox VE
Understanding the container advantageProxmox VE and the case for LXC
Logging in to Proxmox VE's web interfaceBrowsing available container templatesDownloading a container
Changing container states with the command lineAccessing a container
Distinguishing features of virtual machinesScenarios for system virtualization
Installation mediaUploading an ISO file to local storage on PVEPreparing a virtual machineAnticipating the configuration tabsGeneralOSCD/DVDHard DiskCPUMemoryNetworkConfirmControlling the state of a virtual machineControlling a VM from the PVE command line
Virtualizing Windows Server 2012r2 with Proxmox VEConfiguring and creating the virtual machineStarting the VM and installing Windows ServerCreating a VM for Fedora 23 ServerCommand line virtual machine creation
Understanding virtual disksComing to termsUnderstanding virtual disk configurationChoosing a virtual disk formatQCOW2RAWVMDKChoosing a busUnderstanding cache options
Proxmox VE network modelBridged configurationNAT configurationRouted configurationVLAN supportNIC bonding
Providing basic connectivityOf VMs and vNICsBridge configurationUsing NAT configuration
Security benefits of virtualizationAttack surface reductionIsolationAvailability of prior statesHardware abstractionSegmentationEncapsulation and portabilityPhysical securityFine privilege controlPVE firewall features
Denial of service attacksVM escape and hyper jumpingVirtualization sprawlAt war with complexity
Protecting the boot processLocking down the bootloaderLocking down BIOS/UEFIHardening the OS and hypervisorProhibit remote access to the hypervisorHarden SSHDisabling root account access via SSHPreventing brute-force attacks against SSHRelying on key-based authenticationManaging patchesEnterprise subscriptions

Content preview from Learning Proxmox VE

Summary

The security and information that assurance administrators can realistically provide is clearly never as exhaustive as it is exhausting.

In the first section of this chapter, you learned that hardware virtualization has inherent security benefits.

However, you also learned that many promising benefits are undermined if they're not supported by thorough planning of the virtual infrastructure, explicit policy-making up front, and a flawless deployment, all followed by unflagging policy enforcement and ongoing virtual server lifecycle management.

We then outlined threats that are either unique to virtualized infrastructures or aggravated in the context of virtualization. Each point was followed by either concrete action to mitigate the threat ...