How to implement and configure Tenancy with ProxMox

[moesmoes]

Hi everyone, I'm a student and i have been tasked with investigating a low-cost virtualization solution so that we can reuse some hardware and implement
tennancy with proxmox.

We typically use the VMware vSphere Hypervisor for our infrastructure, but due to licencing costs and hardware restrictions on newer versions, we can't use VMware vSphere on our older gear.

I've heard a few people mention Proxmox and the fact it can cluster, and doing a quick google I found some articles suggesting its possible.
But can anyone confirm if Proxmox can be configured as a Multi-Tenant Secure platform? Or point me in the right direction of something that can?

 

[Deepen Dhulla]

Yes it does, check this Link for diagram for same : https://www.oreilly.com/library/vie...05/fd548061-b6f7-4297-a0f3-8d8c2ddf12ba.xhtml , its a multi-tenant network diagramhaving an example of a network diagram of a typical cloud service provider who provides IaaS to their clients. The entire client network is virtualized within the service provider's virtual environment

 

[Fearless-Grape5584]

Yes, Proxmox VE can absolutely be used in a multi-tenant scenario — but there are some important design considerations.
Out of the box, Proxmox provides:

• Role-based access control (RBAC)
• Resource pools
• SDN (Simple zone / VNet)
• Firewall per VM / per node
• Clustering without license cost

However, it does not provide a fully isolated “tenant framework” in the same way VMware vSphere + NSX does. You need to design:

• Network isolation (VLAN or SDN VNet)
• Per-tenant gateway routing
• Access segmentation (VPN per tenant or jump hosts)
• Resource boundaries (CPU, RAM, storage allocation discipline)

For small environments or personal / lab use, this is very achievable — but it requires some integration work.

If you are specifically looking for a low-cost, portable way to implement practical multi-tenant isolation on top of Proxmox (especially for older hardware), there is an open framework called MSL Setup (Multiverse Secure Lab Setup).
It focuses on:

• Per-project isolated network zones
• Dedicated VPN gateway per tenant
• No external licensing
• Works on a single Proxmox host
• Designed for lab / educational / small multi-tenant use

It’s lightweight and can be deployed on reused hardware.
Quickstart documentation: https://www.zelogx.com/documents/readme/#quickstart
It’s not a commercial “cloud stack,” but it provides a structured way to turn Proxmox into a secure multi-tenant lab environment.
If your goal is educational, lab, or low-budget segmentation rather than enterprise cloud-scale isolation, this approach may fit well.

 

[cyruspy]

We have implement tenant isolation with the SDN part of the equation using multiple VRF/BGP combos to the external edge network element (firewall in our case). EVPN segregation via RT should be possible when the peer speaks EVPN.

All the rest, requires more work (tenant with its own set of projects with no risk about sharing disks or messing with each other's VMs)