To deploy **Glasswall Halo** in a Proxmox VM, you can choose from the following two options:

- [Deploy using an **OVA/VMDK** file](proxmox-deployment#deploying-from-an-ovavmdk)
- [Deploy from a **Glasswall backup** (`.vma.zst`)](proxmox-deployment#deploying-from-a-glasswall-backup-vmazst)

Please refer to [troubleshooting & faqs](proxmox-deployment#troubleshooting-and-faqs) or the [Proxmox documentation](https://pve.proxmox.com/wiki/main_page) for further information.

* * *

## Deploying from an OVA/VMDK

### Step 1 - Update Proxmox VE host

Ensure your Proxmox host is up to date by running the following command to prevent compatibility issues.

![01_Proxmox](/.attachments/01_proxmox.png)

- Online connectivity update:

>```bash
>apt-get update
>apt-get dist-upgrade
>```

### Step 2 - Create a new VM shell

1. Access the Proxmox web UI and click **Create Virtual Machine**.

![02_Proxmox](/.attachments/02_proxmox.png)

2. Under the *General* tab, provide a VM name (e.g., `Glasswall-Halo`).

![03_Proxmox](/.attachments/03_proxmox.png)

3. Under the *OS* tab, select a generic Linux type (e.g., `Linux 5.x/6.x`). You do not need an ISO.

![04_Proxmox](/.attachments/04_proxmox.png)

4. **System**:
   - **BIOS**: set to **seaBIOS**.
   - **SCSI controller**: **VirtIO SCSI**.

![05_Proxmox](/.attachments/05_proxmox.png)

5. **Hard disk**: remove the default disk (we’ll attach a converted disk later).

![06_Proxmox](/.attachments/06_proxmox.png)

6. **CPU**: set type to *host* for maximum performance; allocate at least 16 cores.

![07_Proxmox](/.attachments/07_proxmox.png)

7. **Memory**: allocate 32–64 GB.

![08_Proxmox](/.attachments/08_proxmox.png)

8. **Network**: attach a NIC to the desired bridge (e.g., `vmbr0`), typically **VirtIO** model.

![09_Proxmox](/.attachments/09_proxmox.png)

9. Under the *Confirm* tab, view the summary and click **Finish**.
>**Note:** do not start the VM yet.

![10_Proxmox](/.attachments/10_proxmox.png)


### Step 3 - Extract and transfer the OVA

1. Extract the OVA on your local system by running the following command:

   ```bash
   tar -xvf Halo-FULL-<version>.ova
   ```
![11_Proxmox](/.attachments/11_proxmox.png)

2. Identify the `.vmdk` file (e.g., `Halo-full-<version>-disk1.vmdk`).

3. Upload the `.vmdk` to proxmox, e.g.:

   ```bash
   scp Halo-FULL-...disk1.vmdk root@<Proxmox-IP>:/root/
   ```
![12_Proxmox](/.attachments/12_proxmox.png)

### Step 4 - Prepare storage (optional LVM-Thin)

**Why LVM-Thin?** It provides thin provisioning and snapshot support, making it ideal for larger or frequently updated VM disks. However, you can also attach disks to directory-based or other storage types in Proxmox.

**Example steps to create LVM-Thin**:

```bash
# Identify a free disk, e.g. /dev/sdb
pvcreate /dev/sdb
vgcreate vg-halo /dev/sdb
# Create a thin pool consuming all space
lvcreate -l 100%FREE -T -n thin-halo vg-halo
```
![13_Proxmox](/.attachments/13_proxmox.png)

After creating your thin pool, add it via **Datacenter -> Storage -> Add -> LVM-Thin**. Choose **vg-Halo** as the volume group and **Thin-Halo** as the thin pool.

![14_Proxmox](/.attachments/14_proxmox.png)

### Step 5 - Convert and attach the Halo disk

#### Option A: `qm importdisk`

**SSH into your Proxmox host**

If using storage that supports import (e.g., directory or LVM-Thin), run:

```bash
qm importdisk <VM_ID> /root/Halo-FULL-...disk1.vmdk <StorageName> --format qcow2
```

- `<Vm_id>` is the ID assigned to your VM (e.g., 100).
- `<Storagename>` is the Proxmox storage target (e.g., `local-lvm`, `Halo-lvmthin`).
- After completion, go to **vm -> hardware**, find the “unused disk,” then **edit** and select **ide0**.

#### Option B (recommended): manual conversion (`qemu-img`)

**SSH into your Proxmox host**

If `qm importdisk` encounters errors (e.g., “zeroinit”), or if you prefer more direct management:

1. **Create a thin-provisioned volume** for the Halo disk:

   ```bash
   lvcreate -n vm-<VM_ID>-disk-0 -V 200G --thinpool thin-halo vg-halo
   ```
2. **Convert the `.vmdk` to a raw disk**:

   ```bash
   qemu-img convert -f vmdk -O raw /root/Halo-FULL...disk1.vmdk /dev/vg-halo/vm-<VM_ID>-disk-0
   ```
3. **Attach disk to the VM**:

   ```bash
   qm set <VM_ID> --ide0 halo-lvmthin:vm-<VM_ID>-disk-0
   ```
![15_Proxmox](/.attachments/15_proxmox.png)

### Step 6 - Final VM configuration

1. In **VM -> Hardware**:
   - **IDE0** should be your main Halo disk.
   - Confirm “Virtio SCSI” is listed as the SCSI controller.

![16_Proxmox](/.attachments/16_proxmox.png)

2. In **VM -> Options**:
   - Ensure **Boot order** sets IDE0 as first.
   - Verify *BIOS* is **seaBIOS**.
   - **KVM hardware virtualization** and **ACPI** should be enabled.

3. Optional: **QEMU guest agent** can be installed inside the Halo VM for advanced functionality.

![17_Proxmox](/.attachments/17_proxmox.png)

### Step 7 - Initial boot

1. **Start the VM** in the Proxmox UI.

2. Watch the console; it may take up to a minute to pass “Probing EDD…” on first boot.

3. **Configure network** inside the Halo VM:
   - For static IP: follow the <a href="/halo/network-manager-configuration" target="_blank" rel="noopener noreferrer">Network Manager configuration guide</a> to continue Halo setup. Return here when finished.
   - For DHCP: ensure your DHCP server is operational.

4. **Finalize** application-level configurations (i.e. start_halo.sh, syslog server, tls).

![18_Proxmox](/.attachments/18_proxmox.png)

## Deploying from a Glasswall backup (`.vma.zst`)

If our Glasswall team has provided you with a pre-configured Proxmox backup, you can skip the OVA/VMDK steps.

### Step 1 - Uploading and restoring the backup

1. Copy the `.vma.zst` backup file to your Proxmox host’s backup directory:

   ```bash
   scp glasswall-halo-backup.vma.zst root@<Proxmox-IP>:/var/lib/vz/dump/
   ```
2. In the Proxmox UI, go to **Node -> Local -> Backup**.
3. Locate the `.vma.zst` file and select **Restore**.
4. Assign a new VM ID (e.g., 101) and target storage.

![19_Proxmox](/.attachments/19_proxmox.png)

### Step 2 - Verifying disk attachment

1. After restore, open **VM -> Hardware**.
2. Confirm that the main disk is attached to **IDE0**.
3. Ensure BIOS is set to seaBIOS under **VM -> Options**.

### Step 3 - Starting the VM

1. **Power on** the VM.
2. Watch the console for any errors.
3. Configure the network settings, if not already set.
4. Proceed with any final configuration steps within Halo.

![20_Proxmox](/.attachments/20_proxmox.png)

* * *

## Troubleshooting and FAQs

### zeroinit error

This may occur when using `qm importdisk` with certain storage types or older QEMU versions.
>**Solution**: use manual conversion with `qemu-img`.

### Network configuration issues

- If the VM interface is named differently (e.g., `ens18` vs. `eth0`), adjust your `ifcfg-` files accordingly.
- Use `nmcli device show` or `ip a` to confirm the interface name.

### Why IDE + seaBIOS?

- STIG-hardened RHEL images require legacy BIOS for certain boot configurations.
- IDE ensures broad compatibility and avoids known issues with some virtual drivers.

### Additional best practices

- **Snapshots**: leverage Proxmox snapshots or LVM-Thin snapshots for quick rollbacks.
- **Backups**: regularly use `vzdump` to create compressed backups (`.vma.zst`).
- **Resource monitoring**: keep an eye on CPU and memory usage for production loads.

### Initiate Glasswall Halo services

- Execute the following command to launch Glasswall Halo:

>```sh
>sudo start_halo.sh
>```
- Once the script has completed, confirm all the Glasswall Halo services and pods are running using the following command:

>```shell
>kubectl get pods
>```

#### Access Glasswall Portal

- Depending on your network configuration and/or domain configuration, you can now clean files by accessing the Glasswall portal through the domain name and/or ip address assigned to your virtual machine.

- Run the following command to confirm network status:

>```bash
>sudo netstat -tlnp
>```