Use Cases

Use cases envisioned by MSL Setup Pro for isolated multi-project environments.

Real-world ways to use Zelogx MSL Setup on top of Proxmox.

Index of use cases

Click any card to jump to the detailed example with visuals below.

Use case 1

Isolated Development Environments for Multiple Projects and Corporate Networks

A common scenario for safely running internal projects, client work, and outsourced development in parallel.

Running multiple projects or client engagements on the same corporate network can lead to unintentional exposure of data and systems between projects, and makes it difficult to safely isolate internal backend systems with external partners.

With Zelogx MSL Setup, each project gets its own layer-2 isolated network and VPN entry point on a single Proxmox host. This reduces the risk of one project being visible to another, and allows you to grant outsourced members or external partners controlled access only to the specific environments and backends they need.

It can be used both for internal teams and for providing “dedicated per-client development environments” in contract development or MSP scenarios. It also helps avoid spinning up separate public cloud resources for every ad-hoc demo or PoC, preventing unexpected costs.

Isolated Development Environments for Multiple Projects and Corporate Networks

Who it's for

Lab owners and managers accountable for cross-project risk.

Lab owners

FIELD STORY:
How I manage multiple client projects with Proxmox and MSL Scetup

MSPs & platform teams

Great for MSPs and internal platform teams who must prevent cross-project data exposure by default.

Remote dev lab for mobile / Android teams

Who it's for

Distributed mobile teams and leads who need safe shared labs.

For engineering managers who want fast, browser-accessible labs without opening flat networks. Suits Android/iOS engineers, QA and CI maintainers who need predictable access.
Use case 2

Remote dev lab for mobile / Android teams

Project-specific dev labs on Linux with VS Code Server, securely accessed by remote mobile / Android teams over VPN.

While the final production build and store submission may require a dedicated build machine,

running VS Code Server on a Linux server lets remote developers connect via a browser to a project-specific dev lab and focus on development.

By using MSL Setup in this way, you can spin up multiple secure, cross-platform mobile / Android team development environments in a short time,

and it becomes easier to run a DevSecOps lifecycle on top of those environments.

Use case 3

Active Directory (AD) Test Environment

Network isolation is essential when testing authentication and credentials.

Placing domain controllers or vulnerable clients on the same network as production devices can lead to unintended impact.

Incorrect GPO or DNS changes from a test VM connected to production networks can cause severe outages.

Active Directory (AD) Test Environment

Who it's for

AD admins and identity platform engineers.

For teams validating GPO, DNS and trust changes without risking production. Great for training junior admins on realistic but isolated AD scenarios.
A diagram of a malware analysis lab built on Proxmox. An analyst’s browser connects over HTTPS to a Guacamole gateway, which provides RDP/SSH/VNC access to FLARE VM and REMnux analysis VMs, while an isolated L2 network and firewall on Proxmox keep the lab separated from the production network.

Who it's for

Blue teams, IR responders, and malware analysts.

For security orgs that need repeatable dynamic analysis with strict egress control. Snapshots restore quickly; blast radius stays inside the lab.
Use case 4

Malware Analysis / Dynamic Sample Analysis Environment

An isolated environment for safely analyzing suspicious samples.

Malware samples under analysis may self-propagate, modify system settings, or attempt to exfiltrate credentials to external systems. Because of this, dynamic analysis labs must be strictly isolated from production networks and the internet, while still allowing analysts to observe realistic system behavior.

In the case of ransomware, entire system volumes may be encrypted during testing, so VM snapshot management becomes essential for quickly resetting the environment and repeating test scenarios.

A typical tool stack for this type of environment includes:

  • Proxmox VE as the virtualization platform
  • Zelogx MSL Setup for per-project L2 network isolation, VPN access, and RBAC to the Proxmox GUI
  • A virtual firewall such as pfSense or OPNsense – or Proxmox’s built-in firewall – can be used to control all ingress and egress traffic.
  • Remote access gateways like Apache Guacamole for browser-based RDP/SSH/VNC access
  • Malware analysis VMs such as FLARE VM (Windows) and REMnux (Linux)
  • Optional IaC tools like Terraform or Ansible to automate lab creation and teardown

With Proxmox and Zelogx MSL Setup, security teams can run repeatable malware experiments in an isolated lab, while keeping production networks and data completely out of reach.

Use case 5

Penetration Testing / CTF / Vulnerability Training Environment

Training environments that include attack tools or intentionally vulnerable systems must always be isolated.

Penetration testing labs and CTF environments often host aggressive tools, intentionally vulnerable images, and misconfigured services by design. If these systems share a network with production assets, there is a real risk of accidental scanning, lateral movement, or data exposure.

With Proxmox and Zelogx MSL Setup, each team or training class can receive its own fully isolated L2 network:

  • Proxmox VE provides the compute and VM lifecycle
  • Zelogx MSL Setup creates per-project pools, SDN zones, VPN access, and GUI RBAC
  • Security tools such as Kali Linux, Metasploit, Burp Suite, Tenable can be deployed inside the lab
  • CTF platforms like CTFd or similar frameworks can host exercises for multiple teams

With Proxmox and Zelogx MSL Setup, instructors can run realistic offensive exercises in isolated lab segments, while keeping corporate assets and user data safely out of scope.

A corporate IT security trainer stands at the front of a classroom, presenting a “Penetration Testing / CTF Training Lab – Proxmox + Zelogx MSL Setup” architecture diagram, while rows of trainees with laptops face her and listen attentively.

Who it's for

A corporate IT security training for penetration testing / CTF.

For training centers and security teams hosting offensive tools and intentionally vulnerable targets. Each class or team gets its own isolated segment.
OT/ICS and Digital Twin Security Testing

Who it's for

OT engineers and safety owners.

For validating segmentation, remote access and firewall policies in a digital twin before touching real plants. Keeps office IT and internet out.
Use case 6

OT/ICS and Digital Twin Security Testing

Control systems are safety-critical and have a "must not stop" priority.

Industrial control systems (ICS) and OT networks often support processes that must not be interrupted in production. To test firewall rules, remote access, or segmentation changes, many teams build “digital twin” labs that replicate key parts of the OT environment on virtual infrastructure.

Proxmox with Zelogx MSL Setup can host these digital twins on isolated SDN zones:

  • Virtual firewalls and VPN gateways to emulate remote access paths
  • Vendor-specific PLC / DCS simulators and protocol gateways
  • Dedicated OT lab networks separated from office IT and internet uplinks

With Proxmox and Zelogx MSL Setup, OT engineers can validate changes and simulate incidents in digital-twin networks, while ensuring that real plants and control systems remain untouched.

Use case 7

Disposable Per-Project Test Environments (VPC-like Operations)

Build project-scoped, disposable test environments similar to cloud VPCs.

Environments designed for teardown and rebuild should not share networks with other systems.

Network isolation also simplifies audits and compliance explanations.

Disposable Per-Project Test Environments (VPC-like Operations)

Who it's for

Platform teams standardizing test environments.

For teams that frequently create/tear down labs. Per-project isolation mirrors cloud VPC behavior on-prem with simple audits.
Network Appliance Configuration Validation Lab (VRRP / CGNAT / BGP, etc.)

Who it's for

Network engineers validating changes before CAB.

For pre-change testing of VRRP, BGP, CGNAT and LB configs. Reproduce production-like behavior with zero impact outside the lab.
Use case 8

Network Appliance Configuration Validation Lab (VRRP / CGNAT / BGP, etc.)

A scenario for pre-validating router/firewall/load balancer configurations using virtual appliances in an L2-isolated environment separate from production.

Testing network appliance configurations such as VRRP, dynamic routing, or CGNAT directly on a production network risks actual gateway failovers or route changes due to misconfiguration, potentially impacting business traffic.

By setting up dedicated L2 segments and test VM groups (virtual routers/virtual FW/traffic generators) on MSL Setup, you can reproduce the same address design, VRRP group IDs, and NAT rules as production while completely containing the impact within the lab.

Failover tests, packet captures, and throughput evaluations can be repeated safely, making it useful as a pre-validation environment before submitting change requests.

Use case 9

Network Isolation for Publicly Exposed Servers

Network isolation helps localize problems for public-facing services.

Public servers (game servers, media distribution, etc.) can be compromised; isolation limits the damage scope.

Separating networks makes compliance and forensic explanations simpler.

Network Isolation for Publicly Exposed Servers

Who it's for

Service owners of public-facing systems.

For operators who must contain compromise and simplify forensics. Keep blast radius narrow and explainable.