Hi all,
Proxmox is truly great and I have used it at home for about a year for many purposes. Now I'm considering upgrading some of my servers at my lab and would need some input on what would be the best practice and experience from others. I lead a neuroscience lab focusing on gene therapy, bioengineering and bioinformatics. All employees are now expected to learn and utilize bioinformatics in their work, some full time and others intermittently. Our datasets are huge and ever expanding and thus have significant computing and memory needs. Thus, it is not feasible for each student to have their own computation workstation but we have a group of servers which they run their analysis on. We also need to make sure that we can make the analysis reproducible and sharable to others so we utilize container technologies a lot. Many of our students coming in are also meeting linux/bioinformatics for the first time so they have a lot to take in and need to break things to learn.
Here is what I would like to do: Setup Proxmox and develop template LXC containers and VMs (depending on the task) which I then will start up for each student/project. This will give them full autonomy in this but ensures that they cannot destroy each others work, I can restore containers/VMs to functional states and I can load balance/move the containers between the servers. All in all, I think that this will work great for us.
Now to the question: Our university network is very restrictive and all computers are given a public IP. I also need to ensure that all the tools the students will install (probably with lousy passwords as well) will not be hacked. My wish would be to setup a NAT/firewall which the students would connect into using IPsec VPN with a shared secret (so that it is easy, working with Win/Mac without additional software et.c.). Then the NAT/firewall would also distribute stable internal IPs so that the students can know which IPs are pointing to their containers. All containers would through this have internet access.
What would be the recommendations for me to accomplish this? Are there any suitable tools / tutorials on how to accomplish it entirely in software on one of the Proxmox servers? Does anyone have experience in setting up such a system? Alternatively, is it a better option to handle this with a hardware router such as a Ubiquity EdgeRouter? I run those at home and in the summer cottage and have been very satisfied with them.
Proxmox is truly great and I have used it at home for about a year for many purposes. Now I'm considering upgrading some of my servers at my lab and would need some input on what would be the best practice and experience from others. I lead a neuroscience lab focusing on gene therapy, bioengineering and bioinformatics. All employees are now expected to learn and utilize bioinformatics in their work, some full time and others intermittently. Our datasets are huge and ever expanding and thus have significant computing and memory needs. Thus, it is not feasible for each student to have their own computation workstation but we have a group of servers which they run their analysis on. We also need to make sure that we can make the analysis reproducible and sharable to others so we utilize container technologies a lot. Many of our students coming in are also meeting linux/bioinformatics for the first time so they have a lot to take in and need to break things to learn.
Here is what I would like to do: Setup Proxmox and develop template LXC containers and VMs (depending on the task) which I then will start up for each student/project. This will give them full autonomy in this but ensures that they cannot destroy each others work, I can restore containers/VMs to functional states and I can load balance/move the containers between the servers. All in all, I think that this will work great for us.
Now to the question: Our university network is very restrictive and all computers are given a public IP. I also need to ensure that all the tools the students will install (probably with lousy passwords as well) will not be hacked. My wish would be to setup a NAT/firewall which the students would connect into using IPsec VPN with a shared secret (so that it is easy, working with Win/Mac without additional software et.c.). Then the NAT/firewall would also distribute stable internal IPs so that the students can know which IPs are pointing to their containers. All containers would through this have internet access.
What would be the recommendations for me to accomplish this? Are there any suitable tools / tutorials on how to accomplish it entirely in software on one of the Proxmox servers? Does anyone have experience in setting up such a system? Alternatively, is it a better option to handle this with a hardware router such as a Ubiquity EdgeRouter? I run those at home and in the summer cottage and have been very satisfied with them.