Skip to main content

Virtual Datacenters (vDC)

Enterprise Feature

Virtual Datacenters are available in the Enterprise edition and are designed for MSP, IaaS, and multi-tenant platform use cases.

A virtual datacenter (vDC) is a self-service infrastructure boundary for a tenant. It combines Proxmox resource pools, placement rules, quotas, SDN networks, IPAM, and backup isolation into one tenant-facing workspace.

Providers keep a global view of the underlying Proxmox clusters, while tenants work from My vDC with only the resources assigned to them.

What a vDC Contains

ComponentPurpose
Resource poolLimits tenant visibility and placement to the tenant's assigned Proxmox pool
QuotasControls CPU, RAM, storage, snapshot, and backup consumption
NetworksAssigns SDN VNets, subnets, bridges, VLANs, and IP ranges to the tenant
IPAMReserves IP and MAC addresses during deploy, clone, restore, and network edits
BackupsBinds the vDC to a dedicated PBS namespace, token, ACL, and PVE storage target
Datacenter assignmentLinks the vDC to the physical datacenter used for Green IT metrics

Tenant Cockpit

The My vDC page gives tenant users a live view of their own capacity and services:

  • Host and VM consumption metrics
  • CPU, RAM, storage, snapshot, and backup quota usage
  • Datacenter map and placement context
  • Green IT KPIs for energy, cost, and CO2 estimates
  • Quick access to deploy, backup, restore, and manage assigned workloads

Tenant users do not need access to provider-wide settings or raw cluster administration to consume their allocated infrastructure.

Tenant virtual datacenter cockpit with quota usage, live consumption, and Green IT KPIs
The tenant cockpit exposes live vDC consumption, quotas, placement context, and Green IT indicators without provider-wide access.

Creating a vDC

Provider administrators create vDCs from the tenant management workflow:

  1. Create or select the tenant.
  2. Assign the tenant to a Proxmox pool or create the pool during setup.
  3. Define CPU, RAM, storage, snapshot, and backup quotas.
  4. Assign allowed nodes, storages, bridges, SDN VNets, and subnets.
  5. Bind a PBS namespace automatically or configure it manually.
  6. Assign the vDC to a datacenter for Green IT calculations.
  7. Invite tenant users and grant the roles they need.
tip

Use one vDC per customer, project, or isolated environment. A tenant can have multiple users, but each user's visibility remains constrained by tenant and vDC scope.

Self-Service Deployment

Tenant users can deploy workloads from a guided wizard. Supported sources include:

  • VM templates
  • ISO-based installation
  • Clone from an allowed source VM or template
  • Restore from a tenant-visible PBS backup

Every deployment step is validated server-side. ProxCenter rejects resources outside the tenant's vDC, including foreign storages, nodes, bridges, VNets, subnets, pools, and backup namespaces. Quotas are enforced before the request is sent to Proxmox.

vDC self-service deployment wizard for creating tenant virtual machines from approved sources
The self-service deployment wizard guides tenants through approved sources, placement, sizing, and quota checks.

Network and IPAM

Each vDC can receive dedicated SDN VNets and subnets. ProxCenter tracks IP and MAC reservations so tenant deployments remain consistent even when VMs are cloned, restored, or edited later.

vDC IPAM and network management with subnets, VNets, reservations, and tenant boundaries
vDC network and IPAM views make tenant subnets, VNets, address reservations, and isolation boundaries explicit.

IPAM handles:

  • Automatic IP reservation during deployment
  • Automatic MAC reservation for new network interfaces
  • Reservation updates when VM network configuration changes
  • Reconciliation when a VM is created externally in the tenant's Proxmox pool
warning

If operators create or move VMs directly in Proxmox, make sure the VM is placed in the correct tenant pool. ProxCenter reconciles tenant pool membership, but resources outside the pool remain outside the tenant vDC.

Backup Isolation

Each vDC can be bound to its own Proxmox Backup Server namespace. In automatic mode, ProxCenter provisions the namespace, sub-token, ACL, and PVE storage target. Manual mode is available for operators who prefer to pre-create PBS objects or enforce stricter naming policies.

Tenant users can:

  • View backups from their own PBS namespace
  • Create PVE backup jobs constrained to their vDC pool
  • Use a structured schedule picker for recurring jobs
  • Verify and delete allowed backups
  • Restore over the source VM or restore as a new VM in their vDC

Tenant Isolation

vDC scoping applies across the MSP feature set:

  • Inventory shows only tenant-owned resources
  • PBS backups are filtered to the tenant namespace
  • PVE backup jobs are constrained to the tenant pool
  • Events, tasks, alerts, and reports respect tenant boundaries
  • Provider administrators can still see and operate across tenants from the provider view

Tenant users with no assigned vDC do not inherit provider visibility. They see only the features and resources explicitly granted to them.