Multiverse Secure Lab (MSL) — Whitepaper
Zelogx™ Multi-Project Secure Lab (MSL) Setup is an open-source blueprint for provisioning secure, Layer‑2 isolated development environments on Proxmox, leveraging Proxmox SDN, firewall rules, and Pritunl VPN gateways.
Overview
This project builds completely isolated development environments per project at Layer‑2, accessible securely via VPN. It is a blueprint for low‑cost distributed development, private team labs, and repeatable on‑prem isolation patterns.
What You Get (Engineer’s Perspective)
On a single Proxmox VE node:
- Per‑project, fully isolated network segments with VPN‑secured access for remote teammates.
- Ability to expose each project’s environment to your team without risking the main LAN.
- Design that limits traffic paths so non‑VPN packets do not traverse your corporate or home LAN.
- Automated client provisioning: user registration, certificate generation, and VPN management via Pritunl.
- GUI‑based server control for common operations.
- No special VLAN switches required.
What You Get (Manager’s Perspective)
- Fine‑grained access control so each partner or contractor gets access only to what they need.
- A private development cloud suitable for small to mid‑sized teams.
- A lower‑cost alternative to complex managed services for on‑prem labs.
Reference: Commercial Alternatives
| Vendors / Product | Strength | Weakness / Gaps You Can Fill |
|---|---|---|
| Palo Alto Networks “Prisma Access” | Enterprise‑grade SASE / ZTNA coverage | Overkill for small on‑prem or hybrid labs |
| Zscaler “Zero Trust Exchange” | Global edge presence, strong remote‑user security | Needs customization for on‑prem virtualized networks |
| Check Point + Perimeter81 | Integrated Zero‑Trust WAN | Complex setup, high cost for small deployments |
| StrongDM | Access management (SSH / RDP / DB) | Does not handle virtual‑network segmentation or VPN‑based multi‑tenancy |
| JumpCloud | Wide SaaS IAM coverage | Limited to identity layer, not virtual network control |
Target Audience
Organizations and teams that need repeatable, isolated development environments without cloud costs or complex vendor lock‑in. This includes small teams, research labs, training environments, and home‑lab operators seeking predictable, auditable isolation.
Why This Matters
Typical pain points when development environments live in public clouds or on shared networks:
- VMs unintentionally exposed to the Internet.
- Cross‑project visibility and lateral movement between test environments.
- Rapidly increasing costs from forgotten or overprovisioned instances.
- Slow provisioning cycles and inconsistent developer environments.
A well‑designed on‑prem approach provides systemic guardrails that reduce human error, lower cost, and improve security posture.
Cost Efficiency Example
A compact on‑prem host can outperform equivalent cloud vCPU costs at a fraction of the monthly expense. Benchmarks and a short comparison are included to illustrate performance and cost tradeoffs for small teams.
Risks & Mitigations
- Hardware failure: use a secondary node with Proxmox Backup Server.
- Power outage: deploy a UPS and planned shutdown procedures.
- Overheating: ensure adequate cooling and thermal ratings for sustained operation.
- Data loss: use regular backups to S3‑compatible or on‑site backup storage.
- Physical access: maintain restricted physical access where required.
This document is derived from the project README and edited to present a concise whitepaper style overview.