Security Model¶
Threat model summary¶
The primary threat vectors considered are: a compromised worker VM accessing other tenants' data, a compromised edge server, and unauthorized access to the Proxmox management plane.
| Control | What it protects |
|---|---|
| VLAN isolation (OpenWrt zones) | A compromised worker cannot initiate connections to the management network or DMZ. Worker blast radius is contained to VLAN 30. |
| No inbound port forwarding | The on-prem cluster has no externally-reachable ports. All connectivity goes via Netbird overlay. |
| Netbird overlay (WireGuard) | All traffic between edge and on-prem is encrypted in transit. Peers must present valid keys to join the mesh. |
| S3 IAM credentials per worker | Workers should use scoped credentials that allow writing only to their project prefix. Prevents cross-tenant data access via S3. |
| Workers write to S3 directly | Output data does not traverse the Internal VLAN — workers write to cloud storage directly using the S3 API over the internet egress path. |
| Proxmox management on VLAN 10 | Proxmox UI is accessible only on the management VLAN. No public exposure. Accessible via Netbird for operators. |
| User data in cloud storage | Even if all on-prem nodes are lost, user simulation data is safe in Hetzner Object Storage. |
Multi-tenancy note
At early stage, all users share the same Redis queue and S3 bucket (with prefix isolation). Before onboarding untrusted users, implement per-user S3 IAM policies and job queue namespacing to prevent one tenant from viewing another tenant's job status.