Blog
With Proxmox Backup Server 4 , a long-awaited feature has finally arrived: native support for S3-compatible object storage as a datastore. This fundamentally expands how backups can be designed, stored, and scaled in Proxmox environments. Until now, Proxmox Backup Server required local disks or locally attached storage to host datastores. With version 4, this limitation is gone. Datastores can now be backed by any S3-compatible backend, making it possible to use self-hosted object storage solutions such as MinIO , SeaweedFS , or Garage , as well as public or private S3 offerings, while still benefiting from all core PBS features like deduplication, compression, encryption, pruning, verification, and garbage collection. One of the biggest advantages of this approach is that no local storage is required on the Proxmox Backup Server itself anymore. PBS becomes a lightweight, stateless service layer that handles backup orchestration and metadata, while the actual backup data resides .... [read more]
Live migration is one of the most powerful and frequently used features in a Proxmox VE cluster, but it relies on a prerequisite that is often underestimated: consistent CPU compatibility across all nodes. In real-world environments, clusters rarely consist of identical hardware where we could simply use the host type. Nodes are added over time, CPU generations differ, and feature sets evolve. While Proxmox VE allows flexible CPU configuration, determining a safe and optimal CPU baseline for the entire cluster is still largely a manual and experience-driven task. ProxCLMC (Prox CPU Live Migration Checker) was created by gyptazy to close this gap in a simple, automated, and reproducible way. It inspects all nodes in a Proxmox VE cluster, analyzes their CPU capabilities, and calculates the highest possible CPU compatibility level that is supported by every node. Instead of relying on assumptions, spreadsheets, or trial and error, operators receive a clear .... [read more]
BoxyBSD started as a simple idea. Lowering the barrier of entry into the BSD world. What began in late 2022 on spare hardware has grown into a globally distributed, fully automated, free VPS platform that allows beginners and newcomers to explore BSD systems without needing a credit card, prior infrastructure knowledge, or their own hardware. Where was the talk given? This talk was given on December, 11th at the Virtualization Gathering hosted by the credativ GmbH in Mönchengladbach, Germany. You may also find another talk of my ProxWall project at the upcoming event. The BoxyBSD Hypervisor Migration Talk In this talk, I walk through the journey of BoxyBSD as it really happened. Not as a polished success story, but as an honest look at what it takes to operate a non-commercial and educational hosting platform at scale. From early experiments with FreeBSD jails and bhyve, through painful scaling limitations, to .... [read more]
The Proxmox Datacenter Manager 1.0 brings something many administrators have wanted for a long time. A single place where all Proxmox VE clusters, individual nodes and Proxmox Backup Server instances come together. Instead of jumping through different interfaces, everything appears in one central cockpit. You get a clear and consistent overview of hosts, VMs, containers and datastores, even when they are spread across multiple locations. The built in search makes it easy to find the right resources quickly, even in very large environments. Progress Is Happening, Just Not Fast As the Proxmox Datacenter Manager just got released in version 1.0 the major question is what happened during almost a year of development? Let me spoiler, I’m disappointed! Maybe you already had a look at my initial post about the Proxmox Datacenter Manager when the first alpha version got released and my thoughts about it during the beta version. Now, we .... [read more]
Creating a highly secure Proxmox cluster with proper micro segmentation has become one of the most frequent topics in my discussions with users and customers. Almost every organization that migrates from another virtualization platform asks the same question early on. How can network segments be defined and enforced directly inside Proxmox in a simple and centralized way? For a long time, there was no real answer to this. While Proxmox is extremely powerful and flexible, micro segmentation was never available as a native, integrated solution. Most approaches relied on external firewalls, complex network designs, or additional tooling that did not feel like a natural part of Proxmox. This is exactly the gap that my ProxWall project is intended to close. The motivation behind ProxWall reminds me strongly of the early days of my ProxLB project. Back then, many Proxmox users were searching for a real dynamic workload scheduler that could .... [read more]
IncusOS is an immutable operating system created with one clear goal: To run Incus safely, predictably and efficiently. Every part of its design focuses on providing a hardened, consistent and fully automated foundation for container and virtual machine management. Built on Debian 13, IncusOS includes its own kernel and Incus builds to maintain full control over the complete software stack. IncusOS Installer. Security and reliability form the core of its architecture. The system uses UEFI Secure Boot and TPM to ensure a verified, tamper-resistant startup and full disk encryption that activates automatically during boot. Updates are handled atomically through an A/B partitioning scheme, allowing the system to roll back instantly if something goes wrong. This approach removes the uncertainty that often comes with traditional update methods. IncusOS runs in a fully locked-down state. There is no local or remote shell access. Management takes place only through an authenticated REST API, .... [read more]
Let me spoiler, it's the best I've seen so far for bhyve and FreeBSD! When Stefano told me about Sylve , I just had a quick look at the GitHub project and thought, "okay, just another of thousands jail manager just with a better web ui, similar to the Proxmox one" and I got completely wrong while giving it a try! When looking at virtualization and container management on FreeBSD, you quickly notice that while there are many tools around, most of them either feel outdated or are missing important features. Some work well in the background but fail when it comes to sability and modern interfaces. This is exactly where Sylve caught my interest. Sylve is an open-source project that tries to make virtualization on FreeBSD simple and user friendly. It uses Bhyve for virtual machines, Jails for containers and takes advantage of ZFS for storage. The backend is .... [read more]
In today's globalized IT landscape the term "cloud" dominates conversations about infrastructure, applications, and deployment strategies. Public cloud providers promise scalability, flexibility, and resilience but yet many organizations still operate their own infrastructure for reasons of control, cost, and compliance. In these environments, FreeBSD continues to play an important role as a robust, secure, and versatile operating system. CBSD as a bhyve Management Layer on FreeBSD One of the powerful tools in the FreeBSD ecosystem is CBSD ( github ). CBSD acts as a management layer that simplifies the handling of FreeBSD jails, bhyve virtual machines, and other system resources. Instead of manually working through complex configuration steps, administrators can rely on CBSD’s unified command-line and TUI interfaces to create, configure, and maintain VMs and containers with ease. But there is also a WebUI bundled within ClonOS which makes use of cbsd. In particular, CBSD makes bhyve—the native FreeBSD hypervisor—far .... [read more]
In this HowTo we install and configure Kanidm on Linux Debian Trixie and use it for authentication with Proxmox by OIDC (OpenID Connect). In previous articles, I’ve already shown another example in how to integrate Proxmox VE with external identity providers such as Authentik and Keycloak, using them as realms to centralize authentication. Both of these solutions are powerful in their own right, but sometimes you might be looking for something that is more lightweight, simple to deploy, and secure by default without sacrificing the features you’d expect from a modern identity management system. This is where Kanidm comes in. Kanidm is a modern, secure, and easy-to-use identity management platform built with a strong focus on simplicity and security. Its primary goal is to be a complete identity provider, meaning you shouldn’t need to run additional components like Keycloak to cover your use cases. With Kanidm, you already get everything .... [read more]
Running your own package mirror (such as for Proxmox products) may seem like an advanced setup, but it addresses challenges that are increasingly relevant in modern infrastructures. At its core, a mirror is simply a local copy of selected repositories, yet the advantages extend far beyond faster downloads. By keeping a local mirror, organizations can reduce external bandwidth usage because every server pulls packages from the same local source rather than repeatedly accessing the internet. This also ensures consistency across nodes, avoiding scenarios where some machines install slightly newer or different packages than others, which can lead to unpredictable behavior. Additionally, relying on a local mirror provides controlled availability; even if an external repository is temporarily down, your systems remain unaffected. Security and compliance also benefit from a local mirror. Administrators can control which repositories and signing keys are trusted, reducing exposure to tampered or malicious sources. Snapshots of the .... [read more]
Next