Trust and protection

Security

VMNexor includes licensing, update integrity, feature gating, controlled console access, and operational safeguards for hosting providers.

VMNexor documentation is actively evolving. Some features, wording, and screenshots may change during beta.

Security model

VMNexor should be treated as a privileged control plane. It can create, modify, suspend, reinstall, and terminate infrastructure, so access to the panel, API keys, server, and Proxmox credentials must be protected carefully.

Access control

  • Use strong admin passwords
  • Limit admin access to trusted staff
  • Remove accounts that are no longer needed
  • Avoid sharing administrator logins
  • Use separate customer and administrator accounts

Proxmox credentials

  • Prefer scoped API tokens where possible
  • Avoid using root password authentication for routine automation
  • Limit token permissions to required actions
  • Rotate credentials if staff or servers change
  • Keep Proxmox management access restricted to trusted networks

Licensing

  • Signed license validation
  • Local runtime license state
  • Feature gating by licensed capability
  • Expiry and suspension handling
  • Protection against untrusted or tampered license state

Update integrity

  • Signed release verification
  • Integrity manifest checks
  • Rollback support on failed updates
  • Preservation of shared license and configuration files
  • Controlled update scripts with explicit sudo permissions

Console security

  • Customers do not receive Proxmox credentials
  • Console access is routed through VMNexor relay logic
  • Console sessions should be short-lived
  • Only authorised users should be able to open service consoles

Customer isolation

Customers should only see and control services assigned to their account. Billing integrations should not expose infrastructure details that are not needed by the customer.

Operational safeguards

  • Keep regular database backups
  • Back up shared configuration and license files
  • Review failed provisioning actions
  • Avoid manual Proxmox changes unless VMNexor state is reconciled
  • Test destructive actions on disposable services first

Production hardening checklist

  • Use HTTPS only
  • Keep system packages updated
  • Restrict SSH access
  • Use a firewall around the VMNexor server
  • Protect database credentials
  • Monitor logs for failed logins and failed automation actions
  • Keep Proxmox nodes patched
© 2026 VMNexor. All rights reserved.