Prototyping Enterprise Infrastructure in Proxmox: 11+ VMs, 8 VLANs, and Ansible Automation
Source: Dev.to
Why Test in VMs First?
- Network misconfigurations caught in VLANs before buying physical switches.
- Resource constraints identified before ordering hardware.
- Backup failures discovered during testing instead of during a disaster.
- Automation issues debugged in isolated environments.
- Disaster‑recovery drills practiced without real outages.
VLAN Design
| VLAN | Subnet | Purpose |
|---|---|---|
| 10.0.100.0/24 | Management & monitoring | |
| 10.0.110.0/24 | Base infrastructure servers | |
| 10.0.120.0/24 | Application servers | |
| 10.0.130.0/24 | General workstations | |
| 10.0.131.0/24 | Manager workstations | |
| 10.0.132.0/24 | IT workstations | |
| 10.0.140.0/24 | Guest Wi‑Fi & IoT | |
| 10.0.150.0/24 | Public‑facing services |
All inter‑VLAN routing is handled by an OPNSense VM, allowing me to test firewall rules, routing policies, and network segmentation before moving to physical hardware.
Authentication & Access Control
- PAM admin – SSH access + web UI (root disabled).
- PVE users – Limited permissions, no shell access.
- Ansible user – API‑only access for automation.
Pro tip: Stop the web UI when not in use
# Stop the web UI
systemctl stop pveproxy
# Restart it when needed
systemctl start pveproxyResource Pools (Not Tags)
I previously misused resource pools as tags. They are actually for delegation and access control:
smb-servers– Core infrastructuresmb-workstations– Desktop/Laptop VMssmb-project-admin@pve– Full access across poolssmb-admin@pve– Server pool only
Backup Strategy
Local (10 TB)
- 7 daily backups
- 4 weekly backups
- 2 monthly backups
External (4 TB)
- 1 daily backup
- 2 weekly backups
- 1 monthly backup
I regularly test restore procedures; backups are worthless if never validated.
Ansible‑Driven Infrastructure as Code
The Ansible user with Proxmox API access enables:
- VM provisioning from templates
- Network configuration (VLAN assignments)
- Resource management
- Backup scheduling
All configurations are stored in GitHub, allowing a full destroy‑and‑rebuild from source.
“For a homelab? Yes. For learning? Absolutely not.” – Over‑engineering in the lab teaches enterprise concepts (VLANs, RBAC, disaster recovery, automation) without production risk. When something breaks, fixing it builds real‑world troubleshooting skills.
Hardware Platform
Dual‑socket Lenovo D20 (24 cores)
- CPU host passthrough for VMs
- Memory ballooning across VMs
- Initial allocation: 4 GB for servers, 8 GB for workstations
Documentation Roadmap (3–6 months)
- SMB infrastructure planning
- Ansible automation setup
- Samba Active Directory deployment
- File and print services
- Linux workstation configuration
- SELinux hardening
- Monitoring and backup automation
Further Reading
- Complete details on my Proxmox prototyping methodology: Prototyping a Larger Project with Proxmox
Tags: #virtualization #infrastructure #linux #devops #networking #ansible