The magic of Virtualization: Proxmox VE introductory course

Today, I am going to explain how to quickly deploy several virtual servers with different operating systems on a single physical server without much effort. This will enable any system administrator to manage the whole corporate IT infrastructure in a centralized manner and save a huge amount of resources.

Virtualization helps reach maximum abstraction from physical server equipment, protect critical services and easily restore their operation after serious failures.

Most system administrators are certainly aware of virtual environment techniques, so this article may not be a revelation to them. Nevertheless, some companies still do not use flexible and fast virtual solutions because of a lack of reliable information. We hope that this article's case study will help you realize that it is much simpler to start using virtualization once, rather than experience the inconveniences and drawbacks of physical infrastructure.

The good news is that it is quite easy to try using virtualization. We will demonstrate how to create a server in a virtual network, for example, to migrate a corporate CRM system. Almost any physical server can be transformed into a virtual server, but you need to learn the basic techniques first. These are described below.

How it works

When it comes to virtualization, many beginners face problems understanding the terminology. So, let's explain some basic concepts:

• A hypervisor is a special software for creating and managing virtual machines.
• A virtual machine («VM») is a system that operates as a logical server inside a physical server, with its individual set of features, storage media, and operating system.
• A virtualization host is a physical server with a running hypervisor.

To make a server a full-featured virtualization host, its processor must either support Intel VT or AMD-V technology. Both technologies perform a fundamental task — allocating server hardware resources to virtual machines.

The key feature is that any virtual machine operations are performed directly at the hardware level. However, they remain isolated from one another; so, it is quite easy to manage them individually. The hypervisor's role is to control and distribute resources, roles, and priorities between them. In addition, the hypervisor emulates the part of the hardware which is required for the operating system to function correctly.

Extended capabilities

Implementing virtualization makes it possible to have several running copies of a single server available. A critical failure or error that may occur when modifying such a copy will have no impact on the operation of the current service or application. In addition, this eliminates two major problems — scalability and the ability to host a range of different operating systems on a single hardware unit. This is perfect when you need a combination of absolutely different services without purchasing additional hardware for each of them.

Virtualization improves fault tolerance of services and deployed applications. Even if a physical service fails and needs replacement, all the virtual infrastructure will remain fully functional as long as the disks are safe. It is even possible to use physical servers from other manufacturers. This is of special interest for companies using servers that are no longer manufactured and who need to move to other models.

A list of the most popular hypervisors today is given below:

• VMware ESXi
• Microsoft Hyper-V
• Open Virtualization Alliance KVM
• Oracle VM VirtualBox

They are all quite versatile, but each has specific features that need to be considered during the selection process: deployment/maintenance costs and technical specifications. VMware and Hyper-V commercial licenses are quite expensive, and it is very difficult to fix issues using your own resources in the event of failures.

In contrast, KVM is absolutely free and user-friendly, in particular, as part of a ready-to-use Debian Linux-based solution — Proxmox Virtual Environment. Therefore, we can recommend this system as an introduction to the world of virtual infrastructure.

Proxmox VE installation

This procedure does not usually create any problems. Download the latest version of the image from the official website and save it to any external medium using the Win32DiskImager utility (dd command in Linux), then download the server from that medium. Customers who are renting hosted dedicated servers from Selectel can use more simpler method — just mount the required image directly via the KVM console.

The setup utility has a graphical interface that will ask just a few questions.

1. Choose the installation disk. You can also configure disk format settings in the Options section.
   
   
   
2. Specify regional settings.
   
   
   
3. Choose your password that will be used for root superuser authentication and the admin email address.
   
   
   
4. Specify network settings. FQDN is a fully quality domain name, such as host.yourcompany.com.
   
   
   
5. Once the installation is complete, restart the server using the Reboot button.
   
   
   

The control web interface will become available at:

https://server_IP_address:8006

What to do after installation

There are several important steps that should be performed after installing Proxmox. Let's look at each of them in more detail.

Update the system to its latest version

To do this, enter our server console and disable the paid repository (available only if paid support has been purchased). If you don't do this, apt will report an error when updating package sources.

1. Open the console and edit apt (configuration file):
   
   

   nano /etc/apt/sources.list.d/pve-enterprise.list
   	

2. There is only one line in this file. Insert # in front of it to disable updates from the paid repository.
   
   

   #deb https://enterprise.proxmox.com/debian/pve stretch pve-enterprise
   	

3. Use Ctrl+X to exit the editor and answer Y when the system asks if you want to save the file.
4. Run the package source update command:
   
   

   apt update
   	

5. Update all the packages:
   
   

   apt -y upgrade
   	

Take care of security

We recommend using the popular utility Fail2Ban to ensure protection against brute force attacks. If an attacker exceeds the preset number of unsuccessful login attempts using invalid username/password combinations, the attacker's IP will be blocked. You can set the duration the block lasts and the number of attempts in the configuration file.

Based on practical experience, more than 5,000 attempts to guess the password were recorded during a week of a server operating with an open ssh port 22 and external static IPv4 address. The utility successfully blocked about 1,500 addresses.

Below is a brief installation guide:

1. Open the server console via the web interface or SSH.
2. Update the package sources:
   
   

   apt update

3. Install Fail2Ban:
   
   

   apt install fail2ban

4. Open the utility configuration for editing:
   
   

   nano /etc/fail2ban/jail.conf

5. Modify variables: bantime variable (how many seconds the attacker will remain blocked) and maxretry (number of username/password entry attempts) for each service.
6. Use Ctrl+X to exit the editor and answer Y when the system asks if you want to save the file.
7. Restart the service:
   
   

   systemctl restart fail2ban

You can use the following simple command to check the operating status of the utility, for example, to view statistics on blocked IP addresses that attempted to guess the SSH password:

fail2ban-client -v status sshd

The utility's response will look something like this:

root@hypervisor:~# fail2ban-client -v status sshd
INFO   Loading configs for fail2ban under /etc/fail2ban
INFO     Loading files: ['/etc/fail2ban/fail2ban.conf']
INFO     Loading files: ['/etc/fail2ban/fail2ban.conf']
INFO   Using socket file /var/run/fail2ban/fail2ban.sock
Status for the jail: sshd
|- Filter
|  |- Currently failed: 3
|  |- Total failed:     4249
|  `- File list:        /var/log/auth.log
`- Actions
|- Currently banned: 0
|- Total banned:     410
`- Banned IP list: 

Similarly, you can secure your web interface against these kinds of attacks by creating a suitable rule. An example of such a rule for Fail2Ban can be found in its official guide.

Getting Started

Note that you can create new machines as soon as Proxmox is installed. However, we recommend configuring initial settings to make it easier to manage the system at a later stage. Based on our experience, different physical media should be used for the hypervisor and for the virtual machines. See how to do this below.

Setting up the disk drives

The next stage is to set up storage for saving virtual machine data and backup copies.

IMPORTANT! The disk formatting example below should only be used for test purposes. In actual practice, we highly recommend using a software or hardware RAID array to prevent data loss in the event of a disk failure. In one of our next articles, we will explain how to properly prepare the disk array and what to do in case of an emergency.

Let's assume that there are two disks on the physical server: /dev/sda where the hypervisor is installed and an empty /dev/sdb disk where virtual machine data will be stored. To let the system recognize the new storage, we can use the simplest and the most efficient method: connect it as a simple directory. Before doing this, we need to perform some preparatory steps. As an example, let's see how to connect a new /dev/sdb disk, of any size, by formatting it using the ext4 file system.

1. Format the disk by creating a new partition:
   
   

   fdisk /dev/sdb
   

2. Click o or g (format the disk as MBR or GPT).
3. Then, click n (create new partition).
4. Finally, click w (to save changes).
5. Create the ext4 file system:
   
   

   mkfs.ext4 /dev/sdb1

6. Create a directory where the partition will be mounted:
   
   

   mkdir /mnt/storage

7. Open the configuration file for editing:
   
   

   nano /etc/fstab

8. Add the following new line to it:
   
   

   /dev/sdb1	/mnt/storage	ext4	defaults	0	0

9. Once you have made the changes, save them using Ctrl + X and answer Y to the editor's questions.
10. Restart the server to check that everything is working correctly.
    
    

    shutdown -r now

11. After restarting the server, check the mounted partitions:
    
    

    df -H

The command output should confirm that /dev/sdb1 is mounted in directory /mnt/storage. This means that our storage is ready to use.

Adding a new Proxmox storage

Sign in to the control panel and go to Datacenter settings: ➝ Storage ➝ Add ➝ Directory.

Complete the following fields in the box that appears:

• ID — new storage name;
• Directory — /mnt/storage;
• Content — highlight all the options (by clicking on each option one by one).

Then, click Add. The setup is complete.

Creating a virtual machine

Do the following to create the virtual machine:

1. Choose the operating system version.
2. Download the ISO image in advance.
3. Select the newly created storage in the Storage menu.
4. Click Content ➝ Load.
5. Select the ISO image in the list and confirm the selection by clicking Download.

Once the operation is complete, the image will appear in the list of available images.

Create your first virtual machine:

1. Click Create VM.
2. Complete the following fields one by one: Name ➝ ISO-Image ➝ Hard disk size and type ➝ Number of processors ➝ RAM ➝ Network adapter.
3. Select all the options you need and click Finish. The new virtual machine will appear in the control panel menu.
4. Select it and click Start.
5. Go to the Console item and install the operating system in the same way that you would install it on a physical server.

Repeat the steps listed above if you need to create another virtual machine. Once all VMs are created, you can use them simultaneously by opening multiple console windows.

Configuring autorun

By default, Proxmox does not start machines automatically, but you can change this with a couple of mouse clicks:

1. Click the required VM name.
2. Go to Options ➝ Start at boot tab.
3. Tick the corresponding box.

Now, when the physical server is rebooted, the VM will start automatically.

Experienced administrators can also specify additional autorun parameters in the Start/Shutdown order section. You can directly set the order in which virtual machines will be started. You can also specify a time before starting the next VM and the delay before shutdown. (If the operating machine fails to shut down, the hypervisor will force its shutdown after the selected number of seconds passes.)

Conclusion

This article sets out the basics of how to start using Proxmox VE. We hope it will help beginners to take the first step and try virtualization in practice.

Proxmox VE is a really powerful and convenient tool for any system administrator — just feel free to experiment and try and understand how it works.

Please leave a comment if you have any questions.