Virtual machines (KVM / Proxmox / virsh)

Virtual machines form the stable foundation of many of my infrastructures.
I plan, implement, and operate KVM-based virtualization (KVM virtualization) environments that offer maximum performance, security, and reproducibility—from individual hosts to complex clusters with Ceph storage and Ansible provisioning.
I work with Proxmox VE as a management platform as well as directly via libvirt and virsh to ensure maximum flexibility and scriptability.
This direct control over the hypervisor, network, storage, and resources allows systems to be fully automated and documented in detail.

Architecture & Setup

I design virtualization environments based on clear resource separation, reproducibility, and security.

The focus is on stability, easy maintenance, and expandability.

  • Planning and building KVM hosts with libvirt and QEMU
  • Clusters with Proxmox VE and Ceph or ZFS backends
  • CPU pinning, NUMA optimization, and virtualization tuning
  • VLAN and bridge designs for internal/external networks
  • Integration of ISO, cloud, and template images

Provisioning & Automation

I use Ansible and cloud-init to provision VMs in a reproducible manner and configure them automatically.

This creates maintainable, scalable, and versioned environments.

  • Automated VM creation via Ansible libvirt or Proxmox modules
  • Use of cloud-init and preseed for initial system configuration
  • Template-based deployments for homogeneous system landscapes
  • Automatic allocation of networks, volumes, and host resources
  • Version control via Git (IaC principle)

Storage & Integration

I closely associate virtualization with scalable, resilient storage.

The goal is a high-performance, redundant database for VMs, containers, or databases.

  • Ceph RBD, ZFS iSCSI, and LVM-Thin as storage backends
  • Multipath and Fibre Channel integration
  • Snapshot management and live migration
  • Integration into backup workflows (Bareos, Borg, PBS)

Security & Isolation

Virtualization creates security through isolation – I supplement this with hardening, logging, and certificate management.

  • SELinux and AppArmor integration at host level
  • Network and storage isolation (bridges, VLANs, iSCSI)
  • SSH and TLS hardening, key rotation
  • Automated host updates and security audits

Monitoring & Performance

I continuously monitor VMs, hosts, and resources to ensure performance and stability. Continuous measurements enable bottlenecks to be identified and resolved at an early stage.

  • Prometheus Node Exporter, libvirt Exporter, Grafana Dashboards
  • Log and event analysis via Loki and Syslog
  • Resource analysis (CPU, RAM, IO, network)
  • Automatic alerts and capacity reports

Integration & Further Development

KVM environments remain open and expandable.

I connect them seamlessly with modern platforms and use them as a stable basis for containerization and orchestration.

  • Integration with Kubernetes via KubeVirt
  • Deployment of automated testing and training systems
  • Hybrid scenarios with VMs and containers
  • API-supported management (libvirt / REST)
  • Documentation and operating manuals in Bookstack

Trainings

You can find specific trainings and current topics in the Comelio GmbH training catalog.
Available in-house at your company, as a webinar, or as an open training—designed to meet different requirements.

View trainings

Frequently asked questions about Virtual machines

In this FAQ, you will find the topics that come up most frequently in consultations and training sessions. Each answer is kept brief and refers to further content where necessary. Can’t find your question? Feel free to contact me.

Comeli dragon leans against a ‘FAQ’ sign and answers questions about virtual machines.

Proxmox VE or directly with libvirt/virsh?

Proxmox provides cluster HA, web GUI, API, backup (PBS), and role models “out of the box.” libvirt/virsh is extremely lean and scriptable, ideal for minimal stacks and special cases. In practice, I combine both: Proxmox for cluster management, libvirt/virsh for fine-grained automation.

Ceph, ZFS, or LVM-Thin – which storage backend?

Ceph (RBD) for true cluster redundancy and live migration without shared NFS; ZFS for strong single/small cluster performance with snapshots/compression; LVM-Thin for local, simple, and fast provisioning. Selection based on HA requirements, operating costs, and monitoring depth.

How can I perform maintenance without downtime?

With HA groups, live migration, compatible CCeph, ZFS, or LVM-Thin – which storage backend? PU flags, shared/replicated datastores, and maintenance mode. Health checks, quorum/fencing (corosync/pve-ha-manager), and clean runbooks prevent split-brain and unplanned stops.