Authoritative On-Prem Foundation¶

Overview¶

Authoritative On-Prem Foundation establishes the platform services that later systems depend on. NetBox holds the authoritative record for prefixes, VM inventory, and tagged foundation services, while Proxmox SDN delivers the management, data, and workload networks through one repeatable control path.

It provides the baseline for Kubernetes, PostgreSQL HA, WAN, and DR.

Case study¶

Context: the on-prem estate had no authoritative record for IP allocations or VM inventory. Addressing decisions lived in spreadsheets and the network was configured manually per host.
Challenge: downstream platform services (Kubernetes, PostgreSQL HA, WAN extension) all needed reliable network state to build on, but each had to resolve it independently because no single source existed.
Approach: NetBox was deployed as the authoritative IPAM, inventory, and service metadata system through onprem/authoritative-foundation@v1. Proxmox SDN replaced manual bridge configuration with a controlled delivery path through core/onprem/network-sdn.
Outcome: all downstream blueprints now consume the same addressing model. The SDN zone is active, NetBox is reachable, and later platform layers inherit the baseline instead of redefining it.

Covers NetBox reachability, SDN zone delivery, and the point where authoritative inventory and network state are established before higher platform layers are introduced.

Outcome¶

The result is an on-prem foundation with one clear source of truth for network intent, inventory, and foundation service metadata.

Addressing, VM, and service records are established before downstream services are layered on.
Proxmox SDN replaces manual bridge changes with repeatable platform delivery.
Later blueprints consume the same baseline instead of redefining network state.

Operating model¶

NetBox owns prefixes, addresses, VM inventory, and foundation service metadata.
Proxmox SDN owns the segmented network baseline.
Foundation services are delivered before platform workloads depend on them.
Higher platform layers inherit this baseline instead of rebuilding it independently.

Architecture¶

Authoritative on-prem foundation architecture showing NetBox and Proxmox SDN establishing the baseline consumed by the Proxmox estate and downstream platform layers.

NetBox and Proxmox SDN are co-equal foundation services. The cluster runs within the SDN zones; all platform layers above inherit the addressing and network baseline rather than redefining it.

Foundation sequence¶

NetBox is made reachable as the authoritative inventory, IPAM, and service metadata system.
Proxmox SDN publishes the management, data, and workload networks.
Foundation VMs and synced inventory are registered against the same addressing model.
Downstream platform layers consume the baseline instead of rebuilding it.

Platform state¶

NetBox IPAM prefix list: management, data, and workload prefixes active with correct status and VRF assignments

NetBox virtualisation VM inventory: current registered foundation VMs listed with their IPs, cluster assignment, and status

Proxmox SDN zones view: shybzone active as the platform zone baseline

Proxmox datacenter summary: hybridhub node with running VMs including NetBox and foundation services

IP addresses, hostnames, and instance identifiers visible in screenshots and recordings reflect the ephemeral infrastructure provisioned during the recorded exercise.

Service governance¶

NetBox also records the service-level contract for the foundation itself. The service records below keep protocol, port, parent VM, and governance tags in the same source-of-truth system as IPAM and VM inventory.

NetBox service detail for netbox-ui-api, showing parent VM shared-netbox-01, TCP port 8000, source-of-truth description, and governance tags platform-foundation, sot-authority, and ha-required

NetBox service detail for postgresql-core, showing parent VM shared-pgcore-01, TCP port 5432, platform foundation description, and governance tags platform-foundation, ha-required, dr-protected, and cost-sensitive

Implementation¶

Inventory authority: NetBox owns the address, VM, and service metadata source of truth.
Network baseline: Proxmox SDN publishes the routed and segmented on-prem network layer.
Foundation discipline: downstream services inherit the baseline rather than bypassing it.
Operational record: representative execution records are retained with the platform log.

Key components¶

Bootstrap path: onprem/bootstrap-netbox@v1
Foundation path: onprem/authoritative-foundation@v1
Inventory service: platform/onprem/netbox
Network baseline: core/onprem/network-sdn

Where it fits¶

organizations establishing an on-prem platform baseline
teams replacing spreadsheet-driven IPAM and manual bridge configuration
estates preparing for HA Kubernetes, PostgreSQL, WAN extension, or DR delivery

References¶

What was verified¶

Verified against HybridOps v1.0.1 with NetBox reachable, the SDN zone active, authoritative inventory established, and foundation service records carrying governance tags across the shared on-prem environment.