Implementasi Software-Defined Network Terintegrasi Firewall pada Proxmox untuk Pengontrolan Konfigurasi Jaringan dan Pengamanan Layanan Container

  • I Putu Hariyadi Program Studi Ilmu Komputer, Universitas Bumigora
  • I Made Yadi Dharma Program Studi Ilmu Komputer, Universitas Bumigora
  • Raisul Azhar Program Studi Ilmu Komputer, Universitas Bumigora
  • Suriyati Suriyati Program Studi Ilmu Komputer, Universitas Bumigora
DOI: https://doi.org/10.35746/jtim.v7i1.644
Keywords: SDN, Firewall, Reverse Proxy, Container, Proxmox

Abstract

Virtualization technology has helped companies consolidate various server roles into a single physical server, reducing hardware costs. Hypervisor is a software in virtualization that is used to manage server hardware, allowing multiple Virtual Machines (VM)/Containers (CT) to run on a single physical machine. Companies face various challenges to remain competitive in the digital era, such as the need for rapid deployment of virtual guests and virtual networks on hypervisors in development, testing, and production environments, as well as securing network services. The purpose of this study is to implement SDN on hypervisors to centrally control virtual network configurations with a simple design, reducing setup and maintenance costs and time. In addition, it also implements a firewall and Virtual Private Network (VPN) based on OpenVPN and a reverse proxy to secure the hypervisor and VM/CT so that services remain available. This study presents a new approach that integrates Software-Defined Network (SDN)-based network management with comprehensive security solutions on hypervisors. This approach combines efficiency in network management and security that have rarely been focused on simultaneously in previous studies. The research method uses the Network Development Life Cycle (NDLC). The hypervisor used is Proxmox Virtual Environment (PVE) which is installed on the Virtual Private Server (VPS) provider IDCloudHost. Based on the results of the trials that have been carried out, it can be concluded that the simple zone type SDN on PVE can be used to control network configurations centrally and more simply such as routing, Dynamic Host Configuration Protocol (DHCP), Source Network Address Translation (SNAT), hostname registration and Internet Protocol (IP) from CT to forward lookup zone on the Domain Name System (DNS) server. Activating the firewall and creating rules at the cluster and CT levels from PVE and OpenVPN can protect the infrastructure when accessed both internally and externally. While the implementation of nginx reverse proxy can secure access to HTTP/HTTPS services on CT in PVE.

Downloads

Download data is not yet available.

References

A. Kurniawan Yusuf, A. Hendri Hendrawan, and Y. Afrianto, “Building Virtual Private Server In Net-Centric Computing Laboratory,” Jurnal Teknik Informatika C.I.T, vol. 11, no. 2, 2019, [Online]. Available: www.medikom.iocspublisher.org/index.php/JTI

İ. Yoşumaz, “An Examination of Cyber Security Solutions in Public and Private IaaS Infrastructures,” International Journal of Information Security Science, vol. 13, no. 3, pp. 1–29, Sep. 2024, doi: 10.55859/ijiss.1475423.

M. Kondoj, H. Langi, Y. Putung, and V. Lengkong, “Performance Analysis of Cloud Computing Based E-Commerce Server Using PROXMOX Virtual Environment,” INSTICC, Dec. 2023, pp. 741–745. doi: 10.5220/0011876000003575.

A. Kholid, A. Faif, P. Hatta, and E. S. Wihidayat, “Performance Analysis of Proxmox and Virtualbox with Overhead and Linearity Parameters to Support Server Administration Practice,” Journal of Informatics and Vocational Education (JOIVE), vol. 7, no. 2, pp. 35–41, 2024.

Y. Ariyanto, “Single Server-Side And Multiple Virtual Server-Side Architectures: Performance Analysis On Proxmox VE For Elearning Systems,” Journal of Engineering and Technology for Industrial Applications, vol. 9, no. 44, pp. 25–34, Dec. 2023, doi: 10.5935/jetia.v9i44.903.

R. Achmad Alfarizhi, T. Ariyadi, and M. Ulfa, “Implementasi Prototype Bisnis IT Layanan VPS Dan Web Hosting Sebagai Laboratorium Research Universitas Bina Darma,” Jurnal INOVTEK POLBENG - Seri Informatika, vol. 9, no. 2, pp. 526–538, 2024.

V. Oleksiuk and O. Oleksiuk, “The practice of developing the academic cloud using the Proxmox VE platform,” Educational Technology Quarterly, vol. 2021, no. 4, pp. 605–616, Dec. 2021, doi: 10.55056/etq.36.

Y. Ariyanto, B. Harijanto, V. A. H. Firdaus, and S. N. Arief, “Performance analysis of Proxmox VE firewall for network security in cloud computing server implementation,” in IOP Conference Series: Materials Science and En-gineering, Institute of Physics Publishing, Jan. 2020. doi: 10.1088/1757-899X/732/1/012081.

Baharuddin, D. Ampera, H. Fibriasari, M. A. R. Sembiring, and A. Hamid, “Implementation of cloud computing system in learning system development in engineering education study program,” International Journal of Edu-cation in Mathematics, Science and Technology, vol. 9, no. 4, pp. 697–740, 2021, doi: 10.46328/ijemst.2114.

S. Mahipal and V. Ceronmani Sharmila, “Virtual Machine Security Problems and Countermeasures for Im-proving Quality of Service in Cloud Computing,” in Proceedings - International Conference on Artificial Intelligence and Smart Systems, ICAIS 2021, Institute of Electrical and Electronics Engineers Inc., Mar. 2021, pp. 1319–1324. doi: 10.1109/ICAIS50930.2021.9395922.

A. M. Abdelrahman et al., “Software-defined networking security for private data center networks and clouds: Vulnerabilities, attacks, countermeasures, and solutions,” International Journal of Communication Systems, vol. 34, no. 4, Mar. 2021, doi: 10.1002/dac.4706.

M. Rahouti, K. Xiong, Y. Xin, S. K. Jagatheesaperumal, M. Ayyash, and M. Shaheed, “SDN Security Review: Threat Taxonomy, Implications, and Open Challenges,” 2022, Institute of Electrical and Electronics Engineers Inc. doi: 10.1109/ACCESS.2022.3168972.

Y. Zheng, Z. Li, X. Xu, and Q. Zhao, “Dynamic defenses in cyber security: Techniques, methods and challenges,” Digital Communications and Networks, vol. 8, no. 4, pp. 422–435, Aug. 2022, doi: 10.1016/j.dcan.2021.07.006.

S. * Balachandran, Dominic, and J. Sivankalai, “A Comparative Analysis of VPN and Proxy Protocols in Library Network Management,” Library Progress International, vol. 44, no. 3, pp. 17006–17020, 2024, Accessed: Nov. 20, 2024. [Online]. Available: https://bpasjournals.com/library-science/index.php/journal/article/view/2747

C. H. Chua and S. C. Ng, “Open-Source VPN Software: Performance Comparison for Remote Access,” in ACM International Conference Proceeding Series, Association for Computing Machinery, Aug. 2022, pp. 29–34. doi: 10.1145/3561877.3561882.

D. Siswanto, G. Priyandoko, N. Tjahjono, R. S. Putri, N. B. Sabela, and M. I. Muzakki, “Development of Information and Communication Technology Infrastructure in School using an Approach of the Network Development Life Cycle Method,” in Journal of Physics: Conference Series, IOP Publishing Ltd, Jul. 2021. doi: 10.1088/1742-6596/1908/1/012026.

Published
2025-01-04
How to Cite
[1]
I. P. Hariyadi, I. M. Y. Dharma, R. Azhar, and S. Suriyati, “Implementasi Software-Defined Network Terintegrasi Firewall pada Proxmox untuk Pengontrolan Konfigurasi Jaringan dan Pengamanan Layanan Container”, jtim, vol. 7, no. 1, pp. 107-122, Jan. 2025.
Issue
Vol 7 No 1 (2025): February
Section
Articles

Copyright (c) 2025 I Putu Hariyadi, I Made Yadi Dharma, Raisul Azhar, Suriyati Suriyati

Creative Commons License

This work is licensed under a Creative Commons Attribution-ShareAlike 4.0 International License.