🔁 Cross-cluster replication mapping, near-zero-downtime ESXi migration & a security pass
New
- Per-NIC bridge mapping for cross-cluster replication (#532) — a multi-NIC VM now keeps each card on its own destination bridge instead of all of them landing on the single configured one.
- Pin the replica VMID + optional teardown (#552) — set the target VMID for a replication job (keep IDs in sync across both sides) and optionally remove the replica VM when you delete the job, instead of leaking a fresh VM on every recreate.
- VDDK-free near-zero-downtime ESXi → Proxmox migration (
vmkfstools_clone) is now the default/recommended transfer mode and the first thingautotries — ~3–4 s cutover, with live progress on thick-LVM / raw-RBD targets. - Per-tenant resource quotas + chargeback rollup (#502) and alert escalation chains with ack & auto-resolve (#501).
Fixed
- Fix QEMU args now warns that custom
args:block live / cross-cluster migration before it writes them (#424). - Resource-pool membership is honoured in cluster/VM visibility and the client portal (#555).
- Portal VNC console passes the vncproxy ticket through and honours the reverse proxy (#547); the external console link uses the correct console type (#551).
- ISO-upload streaming + multipart field order (#525); numeric IP sorting in the VM list (#431); CIS-control rollback + SSH-access / PAM controls (#386/#433/#434); ceph-detection without a cluster (#403); no SSE re-auth loop on a connected node with no VMs (#554).
Security
- Cross-cluster replication endpoints now enforce per-cluster access on source and target (create / run / delete), with input validation and an ownership-checked, guarded replica teardown.
- Tenant chargeback / quota scoped to the caller's own tenant (BOLA); resource-pool / VM-ACL cluster reach no longer grants blanket VM control beyond the explicitly granted VMs; the portal console validates the passed vncproxy port/ticket before it steers a connection; tag endpoints are tenant-scoped.
Upgrade: in-app updater (Settings → Updates) or ./update.sh. Docker: docker compose pull && docker compose up -d.
💎 Platinum Sponsors
- netwolk GmbH — Swiss managed-services partner
- Expertize.nl — Dutch Proxmox specialists
- Netzware — Austrian IT & infrastructure
PegaProx runs entirely on sponsorships and donations — server costs, certificates and the developer hours behind every release. Massive thanks 🙌. Sponsor PegaProx → opencollective.com/pegaprox | pegaprox.com/#sponsor