Zelogx MSL Setup – The Multi-tenant Enabler for Proxmox.

Most security incidents begin
from ‘vulnerable dev environments’ or from an outsourced engineer’s PC and propagate through the network. What matters is separating the networks so you can limit the blast radius.：

• Viruses unknowingly stepped on by outsourced engineers. Leakage of VPN/VDI/SSH connection information on infected PCs
• Large company MC systems are isolated, but small and medium-sized companies and startups are often not isolated.
• Even if isolated, secondary damage spreads by accessing virus-infected development environments from VDI
• Vulnerable VM instances in the cloud with public IPs
• Test environments for different clients accidentally logging in just by entering the wrong destination IP
• VMs forgotten to shut down
• Copying files and code from development environments to networks connected by MC systems

Developers are not malicious. The problem is the lack of mechanisms to safely operate development environment infrastructure.

When development environments proliferate without control, the following occurs:

• Past instances that no one knows about are left abandoned
• Increasing cloud charges, even stopped VM instances are charged for storage maintenance.
• Outbound traffic to the Internet side is pay-as-you-go beyond a certain level
• Most instances built by engineers who are not familiar with security have Public IPs directly and expose vulnerable application servers such as Tomcat.
• Default security groups have insufficient IP address restrictions
• Just one client PC stepping on a virus can put all your businesses at risk.
• And mysteriously placed executable files. Infection spread to internal VPCs. These are all just examples.

Result: Not having a controlled development environment exposes companies to ransomware attacks and data breach risks.
"In the end, on-premises with control was superior in terms of risk and cost."

MSL Setup takes the opposite approach:

• Run on self-owned (or rented) high-performance hardware (OPEX reduction, performance improvement, forced application of security settings, etc.)
• Provide each project with its own fully isolated Layer 2 network. All communication within the project is allowed. Communication outside the project is restricted
• Dedicated VPN instances for each project are automatically provisioned. VPN clients can only communicate within the specified project. Even if you change the client-side settings, you can only communicate on the specified route.
• Proxmox RBAC allows VM instance creation, start, stop, backup, and snapshot control within the assigned project (Corporate Edition only automatic settings)
• Completely separate the main LAN from the development LAN. Development networks are isolated to prevent intrusion into the core LAN
• Controlled security rules are pre-provisioned, no configuration required for each VM build
• Easily start & stop dedicated VPN servers for active projects, easy VPN user management. Suspend and resume with one click. VPN connection status is also visualized.
• You will no longer waste time managing VPN client keys.
• Even if a VPN client PC is hijacked, the impact is limited to VMs within that project only.

Controlled security rules and operational rules are always applied, suppressing wasteful traffic to the main LAN. You can obtain a permanent, isolated development environment.

MSL Setup can be used for various purposes such as all software development companies, OT, game server fault localization, etc.:

• Want to quickly prepare a high-performance distributed development environment on-premises
• Need an environment where demos, PoC environments, and verifications can be prepared easily, securely, and cost-efficiently
• Want to isolate each network to localize faults from various threats
• Client projects must be strictly separated from each other
• Want to conduct vulnerability testing in a closed network
• Want to quickly launch an MSP lab
• Want to quickly launch many virtual appliance integration test environments with L2-level isolated networks
• Want to reduce the risk to the production environment by building development and staging environments in-house
• Want to efficiently manage VMs without worrying about costs such as snapshots and backup generations
• Want to efficiently manage customer training environments on a single server

This is why this project exists: to provide a way to quickly deploy multi-tenant environments — without turning every environment into a security incident waiting to happen.