Proxmox releases an offline mirror system: proxmox-offline-mirror
All highly secured companies or companies for which cybersecurity is critical often have to use networks disconnected from the Internet.
In this use case it becomes difficult to maintain an up-to-date hypervisor infrastructure.
It is therefore necessary to have a method to update its hypervisors without connecting it to the Internet.
Until now, these operations were problematic because Proxmox did not offer any possibility for offline synchronization.
This problem is now solved thanks to proxmox-offline-mirror.
What is proxmox-offline-mirror?
With the Proxmox Offline Mirror tool, companies will now be able to manage a local apt mirror for all package updates for both Proxmox and Debian.
From this local apt mirror, companies will be able to create external media, such as a USB stick or local network share, to update systems that cannot or should not access package repositories directly via the Internet. These systems may be restricted by public Internet access policies or completely protected by an air-gap/air-wall.
Thanks to the system developed by Proxmox, it is now possible to manage specific subscriptions for these restricted hosts.
Are there any functional constraints?
To use proxmox-offline-mirror, it is necessary to have a package server which is simply installed on a server with internet access (only for its initial installation!).
But don’t worry: the Release files in the repositories are signed with GnuPG. APT uses these signatures to verify that all packages come from a trusted source (in this case Proxmox).
# apt update # apt install proxmox-offline-mirror
The advantage is that it is then possible to use specific subscriptions for this type of systems in order to have a support and to ensure a hyper-secure high-level maintenance.
Gather the server IDs for the systems that will be configured with offline keys.
You can find the server ID in the subscription panel of each host, or by using the CLI with the following commands:
pvesubscription getfor Proxmox VE
proxmox-backup-manager subscription getfor Proxmox Backup server
pmgsubscription getfor Proxmox Mail Gateway
The keys can then be synchronized quite easily with the command:
proxmox-offline-mirror key add pve2p-12345... ABCDEF0123...
Where to order your subscriptions ?
DynFi as a Proxmox partner has the right to market subscriptions for Proxmox Offline Mirror at the same price as Proxmox.
Please let us know about your Proxmox Offline projects using the form below or call us at the number on the top left of this screen.