New Proxmox User: Feedback

L

Lucas KD

Guest
Over the Christmas holidays I was searching for a new tool to manage Virtual Machines. I found many reviews that recommended Proxmox VE for small to medium size deployments. After evaluating about 10 products, I too came to the same conclusion, Proxmox 2.2 is the most mature and provided the quickest and most direct path to managing a productive VM environment. So, I want to say thanks for all those that have worked to get it where it is today. It's easy, the U/I is intuitive, and I especially appreciate the ISO image for installing systems that are immediately ready for migration into a cluster.

Here's a couple of thoughts. My usage is for testing various clients in a sandboxed environment (therefore I don't have the same security risks that systems outside of a self contained, firewalled environment would have). Consequently, I'd recommend the following:

  1. Don't require a java client for console access.
    1. My company routinely denies Java apps and applets the ability to run by disabling them in our corp operating systems and in our browsers that are deployed within our corporation. This affectively killed the use of your native console, and I had to turn on the VNC server by editing the <VMID>.conf file. This works, but would be better if there was a switch I could invoke to automatically do this when I spin up a new VM.
    2. My browser developers said using Java apps in this way is inherently unsafe.
  2. Don't require TLS in VNC clients.
    1. There are numerous valid use cases where security is not a concern, so requiring this is a bit rigid.
  3. OSX Support
    1. Now that Apple allows the running of OSX 10.6 on in a Virtual Container, I'd love to see this integration with Proxmox. My current solution has Linux and Windows managed by Proxmox, and OS X managed by VMWare Fusion. As long as it's running on Apple hardware, it seems like a sexy solution as then you have one management interface into all VMs. This would also be a differentiator from similar solutions.

Other than that, I was happy to learn about the API you've published, and it seems the Java library has significant development over the Python Library (didn't look at any others). I just wanted to say thanks for all of the generous donations to the public domain.

Thanks again for such a polished product.

Lucas
 
My browser developers said using Java apps in this way is inherently unsafe.

Please tell us why this is unsafe?

There are numerous valid use cases where security is not a concern, so requiring this is a bit rigid.

running without tls is really unsafe.
 
He has a point regarding the java applet console though, especially regarding the fact that java gets screwed like once every two months with a fresh and nice 0-day exploit. The faster Java applets die the better it's for the whole internet community. I currently can't think of an other java applet I use other than the Proxmox console. It would be great to see the java applet been replaced by something not java'ish someday in future ;)
 
Agreed with Java applets often being frowned upon from a security perspective due to frequent security issues with Java and live exploitation on web sites.

The problem is that there are now 2 easy alternatives for console access in Proxmox:
1. Java applet. As said, not everybody has Java (enabled in the browser), some Java versions don't work etc.
2. TLS+VNC access. IIRC, only a specific TigerVNC client version supports this.
1 or 2 by itself is not a big problem. However, combining the two means that easy console access is often not possible.

Setting TLS usage for VNC as an option instead of mandatory use would make sense - admins can enable this, or accept/mitigate the risk (firewall, tunnelling over SSH etc).
 
Now there is also an html5 client, NoVNC ( http://novnc.com/novnc/ ) someone and Proxmox team says is slow, in their site they say that many use it... wondering if things speed up recently :)
I wonder if spice will ever come, don't see a fast development there, nor the html5 client seems actively developed.
I would love to have NoVNC at least as a configurable option, usually I use it just in extreme situations when you have to use the guest "console", so a lower but reliable and "plugin free" solution could be great. Also consider the Android client that has been developed, I think that NoVNC would be great for it too
 

About

The Proxmox community has been around for many years and offers help and support for Proxmox VE, Proxmox Backup Server, and Proxmox Mail Gateway.
We think our community is one of the best thanks to people like you!

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get yours easily in our online shop.

Buy now!