How are you handling secure access to internal applications across sites?

[mohsin045]

We're reviewing our Proxmox setup and trying to improve how a few internal applications are accessed from different office locations.

One of them is Vertex-HCM, an attendance management system our HR team uses daily, and we're currently deciding whether everything should stay behind a VPN or if a reverse proxy setup would make more sense for some users. Security is the priority, but we also don't want to create extra complexity for people connecting remotely.

For those running business applications on Proxmox, what's worked best in your environment? Site to site VPNs, reverse proxies, VLAN separation, or something else?

 

[Johannes S]

In my homelab I use an overlay Network VPN ( tailscale as Client together with headscale on a vserver, netbird would be another option). I prefer this to Reverse proxys ( Like Pangolin which aims to be an opensource clone of cloudfare tunnels), because this allows me to use any protocol ( including Cifs for Network shares) and don‘t have to deal with port forwarding. Depending on your Applications and Level of Paranoia a Proxy might be a better fit though.

In theory both a VPN or reverse Proxy could be hosted on ProxmoxVE but I recommend to use a dedicated server outside of your regular Network if it shouldn‘t be connected with your Internet Services anyhow. Adding vlans as additional security layer sounds like a good idea to me but I lack real world experience with it.