Hardening/fine tuning/start from scratch(not prefered) for a small use case for a startup

[Karbadan_Barbadan]

There is a certain amount of irony here as that I am an IT guy not knowing which way I need to go, as I had other jobs in life and mostly in the stupid windows world, the current result of my proxmox setup is definately too overwhelming and thus issues WILL come, and with far not hassle free and secure

So, the current whole scenario:

• Server - DL380, SSDs in raid
• QNAP storage - 2 arrays, 1 in stripping, 1 in mirroring (thus the total space gets maximazed, given the different sizes of all 4 hdds) (confiugered to some extent, no backup solution implemented, proxmox sees the arrays)
• Old SME router box (which I could dump for some SME second hand grade thing, no teaming, and 100Mbps ethernet, has portforwarding)
• 2 vWorkstations for 3d Modelling with passedthrough physical GPUs and smth like PARsec for interaction with them (done)
• 2 more simple office LInux vPCs (done, not needed currently)
• Openproject (done, also integrated with nextcloud)
• NEXTCLOUD - (done, both should be better interconnected. It is killing me with the aforementioned issues - intermitent bad gateways, intermitent build in editing not working)
• Domain name. (bought)
• Cloudflare (I am not happy about it, as it is an additional network layer + imposes bans on bigger files + you never know if it is the RC of an issue and speedwise one could believe it is choked, so it could make money for their paid plans)
• Nginx proxy manager with encryption between the CFlare and the Ngnix (it is very buggy IMO)

Task for the whole thing:

• a lowcost startup infrastructure for upto 5 participants(eventually more as NEXTCLOUD users only ) all over Europe, giving them the ability to follow up on the project, work online with documents, exchange files, and work in the vPCs and vWorkstations environments (3d Modelling)
• reliable and secure environment, which won’t need DIY miracles every now and then, out of the regular maintainance once an year or every second year.
• a reliable and free backuping solution to keep the images of the configured setup + to run a hassle free backuping of user data - Nextcloud, Openproject, vWindows, vLinux.

what I can give? I do have several boxes lying around, which I could repurpose(old thin clients) I could buy a switch/switch router with firewall/ if this will make my life easier.

So, given all the ways one could go, and given the best practices, one could out of experience, could give me the mixture of tools/solutions/practices/simple ideas/ for my target setup, that I could then research and/or implement on my own and have a rocksolid environment in the end, so we could focuse on the startup matters after that. Today the NextCloud broke prior some file exchange with its occasional "Bad Gateway 502/504/506" and this got me boling... When the startup grows, I will simply load the whole config to a newer machine through failover clustering and scale it up. Let’s hope!

even it is kind of a struggle now, I am very thankful that I am having such a task, cause it is putting me back on track in the real IT world + I am more annoyed than unable to do the use case setup, but should I try every single tool/program/practise only to find a well known scenario in the end as well?


Thanks to you all, which are willing to help!

 

[Karbadan_Barbadan]

Hey, buddies, please put some inputs, will be very happy!

 

[tom]

This is the Proxmox VE installation and configuration forum, your questions do not really fit here.

Which specific Proxmox VE questions do you have?

 

[Karbadan_Barbadan]

Hello guys, thank you for your replies!

I've decided that I will develop my topic and show everything throughout the way to one good build and config of Hypervisor, VMs, Web and services for private server and SMEs. ITs must show and not ask, so I will show the good concepts and decisions, that I know they will work, but for the details I will be asking. Thus one very good topic will stay for the others, so they would not struggle that much (I am definately not strugglin, but haven't built anything for me personally since many years, just taking care of the other peoples's systems)



This is the beginning, it is by purpose with no details given, it will evolve over time and I will be posting the details from time to time with all the philosophy and the decisions staying behind.

Stay tuned and for the rest - help when needed! :smiley:

 

[Karbadan_Barbadan]

OK, so let's get started. So you want to get your digital infra for your startup installed and configured like a pro?

OK, if you have similar scenario as the one here, please read further, I will gradually do it, explaining everything along the way and giving you many hints and screenshots, so you could repeat it without any issues, but that you would also be sure that you have done it in the best (possible according to the given resources) way. I am building my system currently (when I have the time to) exactly because of a small startup I am about to start.

As I have done other jobs, there's no better way to remind me the stuff here, catch up, than to make a write up of building of one system, stating all the available options/decisions I should do, and then to state my decisions for my design and why I've done it so. For the rest, I would like to have assistance from our forum mates.

my Idea ist, that in the end one "all in one" walk-through would be compiled for everyone (not) struggling

Let's divide our project in some bullet points:

1. Defining our goal.

we want to build a:
* cheap / subscription free/ (virtualization) system that ensures the work of couple of users for a startup,
* backups their work on multiple media and devices, that is
* secure,
* stable and hassle free as much as it can.

The good thing about it, that these requirements are opposing each other. Every engineer/designer knows that feeling. Remember this now.

2. Conceptualizing our system through NEEDS, hardware givens, good to haves and budget constraints

Our needs: We want to:

* have like 5 VMs in total, 2 of them to be Workstations for mechanical Design. The rest for supportive functions like Project owner/Manager, Marketing Manager, Assistance Manager.
* be able to invite people with non-permanent contracts, task, to join to our infrastructure, and to give them a corresponding vMachine,
* have our data and the output of our users secured against hackers and againts deletion of a annoyed dude from out project (you know, startups are not like on the movies and frustration is often a thing)
* to have our data secured against system failure
* to have our system and VMs secured against system failure (on some level)
* to provide our project participants with tools for file sharing and colaboration, thus some smaller contractors can interact with our project (i.e logo designers, startup analysts and marketologist etc.)
* to provide to our project a platform for project management
* to have our system built in a rock solid way
* to build it in way, that it will ask for lesser maintainance

we want a multiprocessor/multicore second hand server. This automatically ensures that we are going to put our hands on something with good output and designed to work with multiple VMs, network and IO loads (this could vary greatly). Important thing is, that you need to calculate roughly your loads - System, IO, Network, based on how many users, what kind of work and VMs are needed, what are they going to do in general, how are they going to access their data, the product of their work. So, you can say how many users you are going to have for the beginning, and you can calculate roughly the needed single configuration for all the VMs needed + the load needed for tools/firewall/fileserver.
I am going to use for now my hardware as an example and on a later point of time I will come back to spread this theory for your choice further out, the other guys may feel free to put some thoughts, recommendations, links to useful sources on calculating virtualized loads/ thus hardware configs. Mine got older in the meanwhile, as I am (mainly) one man orchestra for two sister (interconnected) projects + employed full time, so every step takes a while. Time for some output.

Startup Config:

• Server: DL380 G6, 2X x5690, 128GB RAM, 1.5 TB consumer grade SSDs in RAID5.
• GPUs: 1x Nvidia M2000 4GB VRAM, 1x Nvidia K2200, 4GB VRAM
• QNAP storage: 2 separate arrays:
• I-st Array: 2x 2 TB in stripping = 4 TB in total
• II-nd Array: 2x 4TB in mirroring = 4 TB
  Thus the total space gets maximazed, given the different sizes of all 4 hdds) (confiugered to some extent, no backup solution implemented, proxmox sees the arrays)
• Old SME router box (no teaming,100Mbps ethernet, has firewall and portforwarding, it's a real bottleneck now)

The confing now:



always use some tools to visualize mindmap your initial config / needed config, this will help you greatly in visualising weak spots and attack horizons, which you need to minimize.

3. battling our way through the woods of settings on different levels.

Our core source of fun. If our goal has been defined clearly, we have analysed and chosen our hardware wisely, it could be also very easy with relatively good security, or a little bit harder with bulletproof security...

4. testing and documenting

Very important thing of the whole project is to document all configs, passwords, connections, our you WILL get in trouble (just like me currently with my NGINX admin password.... )

5. get the champagne (or call the sweet neighbor to open your bottle for you! (the better way! )) and continue to your main thing with your startup


the topic will evolve through editing over time, so it would not grow 2093209834 pages big. Dont like such enormous posts...

stay tuned!!