Start Here
Insights
Concepts, decision points, troubleshooting patterns, and operator-facing field notes.
Topic Hub
Documents and Templates
Reusable documentation, reporting formats, handoff notes, worksheets, and evidence templates.
Use this hub as a cross-surface map: start with insights for this topic, then branch into supporting tools, drills, and implementation work as needed.
Related Items111
Best First StopInsights
How To Use This Hub
57 Insights41 Toolchest13 Labs
Support Surface
Toolchest
Checklists, scripts, templates, and evidence packs you can use once the path is clear.
Support Surface
Labs
Hands-on build guides and validation environments for testing ideas end to end.
Insights
Insights that frame Documents and Templates
Insightschanges-system-state
.NET Network Path Not Found Error on Windows Server 2016: Troubleshooting Guide
NET network-path triage guide for separating DNS, SMB reachability, firewall policy, share permissions, and application configuration failures.
Insightsread-only
Cloud Evidence-First Validation Before Control-Plane Changes
Use this supporting Insight to capture cloud evidence before changing DNS, bindings, access policy, probes, or service configuration.
Insightsreview-before-running
Comparing Automation Fix Paths: Logic Repair, Context Repair, Retries, and Observability
Use this supporting Insight to choose whether an automation failure needs logic repair, context repair, retries, or better observability before you change the workflow.
Insightsread-only
Comparing Cloud Validation Paths for DNS, Identity, Gateway, and Storage Failures
Use this supporting Insight to decide whether a cloud failure should be validated from DNS, identity, gateway, or storage first.
Insightsread-only
Comparing Container Validation Paths for Runtime, Registry, Network, and Ingress
Use this supporting Insight to decide whether a container failure should be validated from runtime, registry, network, or ingress first.
Insightsread-only
Comparing Identity Validation Paths Across DNS, LDAP, Kerberos, and SMB
Use this supporting Insight to decide whether an identity or Windows access failure should be validated from DNS, LDAP, Kerberos, or SMB first.
Insightsreview-before-running
Comparing Linux Validation Paths for SSH, Services, Packages, and Network Reachability
Use this supporting Insight to choose between SSH, service, package, and network validation branches before changing a Linux host.
Insightsreview-before-running
Comparing Network Edge Validation Paths for DHCP, VPN, Switching, and Policy Failures
Use this supporting Insight to choose between WAN handoff, switching, VPN, and policy validation branches before changing the network edge.
Insightsread-only
Comparing Robocopy, PowerShell, rsync, and Storage-Native Replication for File Migrations
Use this when you need to choose the right file-migration path instead of defaulting blindly to Robocopy, PowerShell, rsync, or storage replication.
Insightsreview-before-running
Comparing Windows Repair Paths: SFC, DISM, Restore, Rollback, and Reinstall
Use this supporting Insight to compare Windows repair paths before reaching for SFC, DISM, restore workflows, update rollback, or full rebuilds.
Insightsread-only
Container Evidence-First Comparison Between Good and Broken Service Paths
Use this supporting Insight to compare a working container path against the failing one before changing image, network, or ingress configuration.
Insightsread-only
Identity Evidence-First Comparison Between Good and Broken Paths
Use this supporting Insight to compare a working identity or protocol path against the failing one before you change AD, DNS, trust, or service settings.
Insightschanges-system-state
In-Depth Troubleshooting of Windows 11 Update Errors
A Windows 11 update repair checklist covering disk space, service state, component reset, SFC, DISM, software conflicts, and manual update fallback.
Insightsreview-before-running
Linux Evidence-First Host and Service Comparison Before Broad Changes
Use this supporting Insight to compare good and broken Linux host behavior before changing services, repositories, or access settings.
Insightsreview-before-running
Network Edge Evidence-First Comparison Between Good and Broken Paths
Use this supporting Insight to compare a working edge path against the failing one before changing leases, auth, or network policy.
Insightssecurity-sensitive
OPNsense WAN DHCP failure after a MAC address or ISP lease change
Use this when OPNsense stops receiving the expected WAN DHCP lease after a reboot, VM move, NIC change, modem/ONT reset, or ISP equipment change.
Insightsreview-before-running
Planning Admin Automation and Script Failure Response Systematically
Use this parent Insight to troubleshoot admin automation by separating script logic, execution context, dependencies, and validation before rewriting the workflow.
Insightsreview-before-running
Planning Cloud App Publishing, Access, and Managed-Service Validation Safely
Use this parent Insight to plan cloud app publishing and access troubleshooting around path validation, service boundaries, safe changes, and rollback.
Insightsreview-before-running
Planning Container Runtime, Registry, and Service-Networking Failures Systematically
Use this parent Insight to isolate container failures by separating image, runtime, service-networking, and ingress branches before changing the stack.
Insightsreview-before-running
Planning Data Migrations and File Moves Without Creating Validation Gaps
Use this Insight to plan file-share and data migrations around scope, tool choice, validation, rollback, and evidence before running the copy path.
Insightsreview-before-running
Planning Identity and Windows Protocol Troubleshooting Without Guessing
Use this parent Insight to isolate identity and Windows protocol failures by mapping the failing boundary before changing DNS, AD, SMB, or auth settings.
Insightsreview-before-running
Planning Linux Service and Access Validation Without Taking Risky Shortcuts
Use this parent Insight to separate Linux host access, service state, package-source, and network-path failures before making broad system changes.
Insightsreview-before-running
Planning Network Edge, Access, VPN, and Switching Failures Without Guessing
Use this parent Insight to separate provider handoff, switching, VPN, and edge-policy failures before making broad network changes.
Insightsreview-before-running
Planning Windows Recovery and Repair Without Making the Outage Worse
Use this parent Insight to plan Windows recovery around evidence, repair-path choice, validation, and rollback before you change system state.
Insightschanges-system-state
Resolving 0x800f0954 Error When Installing .NET Features on Windows Server 2022
NET feature. Check WSUS or policy-controlled servicing first, then validate the feature source path and Windows Update reachability before forcing repair steps.
Insightschanges-system-state
Troubleshooting 'Error Reading File Content' in Helm Template on Kubernetes
Use this when Helm template rendering fails with an Error reading file content message.
Insightssecurity-sensitive
Troubleshooting Azure Function App Publish Failures: 'Value cannot be null. Parameter 'input'' on Windows using PowerShell in Premium or Consumption Plan
Use this when publishing a Windows PowerShell Azure Function fails with Value cannot be null. Parameter 'input'.
Insightssecurity-sensitive
Troubleshooting Azure OpenAI Realtime API Server Errors During Response Processing
Use this when Azure OpenAI Realtime API calls fail during session creation, streaming, or response processing.
Insightssecurity-sensitive
Troubleshooting Azure VPN Client 3.4.0.0: Resolving Authentication Expiration with Microsoft Entra
Use this when Azure VPN Client reports expired Microsoft Entra authentication.
Insightsreview-before-running
Troubleshooting Blazor WinForms App Launch Errors on Windows Server
Use this when a Blazor WinForms application will not launch on Windows Server. NET runtime, desktop dependencies, permissions, and application logs in the same user context.
Insightschanges-system-state
Troubleshooting Boot Issues in VMware Workstation Pro 17: Encrypted VM with Corrupted Snapshot Disk
A VMware Workstation Pro 17 recovery checklist for encrypted VMs with suspected snapshot-disk corruption, emphasizing evidence collection, disk-chain safety, repair limits, and backup fallback.
Insightsdestructive
Troubleshooting Cisco Catalyst Stack Switch Discovery Issues
Use this when Cisco Catalyst stack members are stuck in discovery or fail to reach Ready state.
Insightsreview-before-running
Troubleshooting CORS Error: Permission Denied for Requests in Chrome on Office Network
Use this when a browser reports a CORS failure only on a corporate or filtered network.
Insightsreview-before-running
Troubleshooting Dataloader Errors in Ansible Windows with PowerShell
Dataloader errors in Ansible when using PowerShell can often be resolved by validating compatibility, checking permissions, and reviewing script syntax.
Insightschanges-system-state
Troubleshooting Docker Container Exit Code 0 and Dependency Failures
Use this when a Docker container exits with code 0 but the service was expected to stay running.
Insightschanges-system-state
Troubleshooting ERR_NETWORK_CHANGED Error on Android VPN Interface
Use this when Android shows ERR_NETWORK_CHANGED after a VPN connects and web traffic drops or resets.
Insightschanges-system-state
Troubleshooting File Copy Failures in Windows Task Scheduler
Use this when a Windows Task Scheduler file-copy job fails with access denied, missing paths, or no visible run.
Insightschanges-system-state
Troubleshooting File Deletion Issues in PowerShell: Unable to Delete Opened Files
Use this when PowerShell cannot delete a file because another process holds it open.
Insightssecurity-sensitive
Troubleshooting FortiClient SAML Authentication Errors for IPSEC VPN Connections
Use this when FortiClient IPsec SAML auth opens a browser flow and then reports that the page cannot be reached.
Insightschanges-system-state
Troubleshooting Gmail 550 5.7.25 Error: PTR Record Mismatch for Sending IP
25 reverse DNS failures, focused on PTR alignment, SMTP hostname evidence, DNS ownership, and safe provider-side changes.
Insightsreview-before-running
Troubleshooting IPsec Connectivity Issues on pfSense with DrayTek
A pfSense-to-DrayTek IPsec triage guide for one-host reachability failures, focused on tunnel state, phase selectors, firewall rules, routing, NAT overlap, and packet-path evidence.
Insightschanges-system-state
Troubleshooting M365 Domain DNS Setup Issues
A Microsoft 365 domain DNS checklist for validating ownership, MX, Autodiscover, SPF, Teams/Skype records, propagation, and rollback before changing production mail flow.
Insightssecurity-sensitive
Troubleshooting NuGet Source Addition in Dockerfile for .NET Applications
NET Docker build cannot add or use a NuGet source during image creation.
Insightschanges-system-state
Troubleshooting PowerShell Get-ADUser Published Certificates Import Error
Use this when a PowerShell workflow reading published certificates from Get-ADUser returns import errors or empty values.
Insightschanges-system-state
Troubleshooting PowerShell Scripts That Do Not Run and Show No Error
Use this when a PowerShell script appears not to run and no useful error appears.
Insightssecurity-sensitive
Troubleshooting RustRover Remote Docker Connections over SSH
Use this when RustRover cannot connect to a remote Docker host over SSH.
Insightschanges-system-state
Troubleshooting Terraform Errors with Databricks RFA Access Request Destinations
Use this when Terraform fails on Databricks RFA access-request destinations because provider blocks or schema expectations do not match the target resource.
Insightschanges-system-state
Troubleshooting the NVLDDMKM Not Found Error in Windows 11
A practical NVIDIA driver troubleshooting path for Windows 11 systems reporting NVLDDMKM-related failures.
Insightschanges-system-state
Troubleshooting VSCode SSH Connection Issues to CentOS: Failed to Parse Remote Port from Server Output
Use this when VS Code Remote SSH reports that it failed to parse the remote port from server output.
Insightsreview-before-running
Troubleshooting Windows Installation Failure at 75%
Use this when a Windows installation stalls or fails around 75 percent.
Insightschanges-system-state
Troubleshooting Windows Update Reports That Stop Updating
Use this when Windows Update or patch compliance reports stop refreshing.
Insightschanges-system-state
Troubleshooting WriteFile Failure on Windows When Network Share is Disconnected
Use this when a WriteFile operation fails because a Windows network share disconnects mid-workflow.
Insightsreview-before-running
Troubleshooting Zscaler ZCC VDI Intune Win32 App Command-Line Limit Failures
Use this when Zscaler Client Connector VDI deployments fail as Intune Win32 apps and the install command may be too long, malformed, or unstable under IME system context.
Insightschanges-system-state
Troubleshooting: Stuck on 'Can't Connect to This Network' during Connection Attempt
Use this when Windows gets stuck connecting to Wi-Fi and then reports it cannot connect to the network.
Insightsread-only
Validating File Migrations Before Cutover and Proving the Target Is Authoritative
Use this when you need a validation model that proves a migrated target is ready before users, apps, or cutover steps depend on it.
Insightsread-only
Windows and PowerShell Execution Context Checks Before Script Rewrites
Use this supporting Insight to verify Windows and PowerShell execution context before rewriting scripts that may actually be failing for account, shell, path, or environment reasons.
Insightsread-only
Windows Evidence-First Recovery Workflow Before Repair Commands
Use this supporting Insight to gather Windows evidence before SFC, DISM, uninstalls, Safe Mode, or other repair commands change the system.
Toolchest
Toolchest assets for Documents and Templates
ToolchestScriptActive Directory and IdentityRead-only
AD stale computer cleanup report
A read-only Active Directory stale computer report for last logon, OU, operating system, enabled state, and cleanup planning.
ToolchestScriptActive Directory and IdentityRead-only
All-DC lastLogon collector and stale-user evidence report
Collect non-replicated lastLogon values from every writable domain controller, calculate the newest observed logon per account, and export evidence suitable for stale-user or stale-computer cleanup decisions without relying on replicated lastLogonTimestamp alone.
ToolchestScriptSecurity and Exposure ChecksRead-only
Authenticated Users drive ACL scanner
PowerShell scanner that checks fixed local drives on Windows servers for root ACL entries where Authenticated Users have broad access. Produces console and CSV evidence so admins can review exposure before any ACL changes.
ToolchestTemplateHybrid Cloud OperationsRead-only
Azure Arc bulk onboarding CSV and logging starter
Reusable starter for Azure Arc onboarding waves using a host CSV, dry-run expectations, per-host logging, and repeatable result tracking suitable for tickets, change records, and post-wave reporting.
ToolchestChecklistHybrid Cloud OperationsRead-only
Azure Arc onboarding preflight checklist
Preflight checklist for onboarding Windows servers to Azure Arc. Confirms supported OS state, outbound connectivity, proxy/TLS behavior, local admin rights, target Azure placement, tagging, pilot scope, and rollback notes before any agent install.
ToolchestTemplateReporting and Evidence PacksRead-only
Azure Update Manager compliance workbook starter
Starter template for an Azure Workbook plus Resource Graph evidence pack that shows patch compliance, pending updates, unsupported coverage, and patch-group drift across Azure and Arc-enabled machines.
ToolchestTemplateHybrid Cloud OperationsRead-only
Azure Update Manager patch wave planning template
Operator-ready planning template for Azure Update Manager patch waves covering scope, maintenance windows, reboot tolerance, exclusions, soak periods, rollback contacts, and stop-go criteria before scheduled patching.
ToolchestTemplateBackup and RecoveryChanges system state
Backup Restore Drill Evidence Checklist
A restore-drill evidence template for proving backups are usable, measuring recovery time, and turning failed assumptions into repair tasks before an outage.
ToolchestTemplateReporting and Evidence PacksChanges system state
Build the Ops Reporting Foundation Helper
Create the local PowerShell helper file that every Ops Stack reporting-compatible script can share. This guide walks through the folder structure, the helper contract, the commented PowerShell implementation, a sample validation run, and the artifacts the helper creates so a new reader can build it from scratch and prove it works.
ToolchestScriptSecurity and Exposure ChecksRead-only
Certificate expiration scanner
A read-only certificate inventory that finds local-machine store certificates nearing expiration and captures certificates presented by known TLS endpoints for review.
ToolchestScriptConnectivity and Network TriageRead-only
DHCP scope utilization report
A read-only DHCP scope report that surfaces high utilization, exhausted ranges, and cleanup candidates.
ToolchestScriptWindows Server HealthRead-only
Disk space cleanup candidate report
A read-only disk-pressure report that captures low-space context and returns targeted cleanup candidates from known folders without deleting, compressing, or moving anything.
ToolchestChecklistDNS and DHCPRead-only
DNS and DHCP Health Check
A read-only DNS and DHCP triage checklist that captures client-side evidence, compares DNS paths, and narrows the failure domain before anyone flushes caches or changes records.
ToolchestScriptConnectivity and Network TriageRead-only
DNS resolution and reverse lookup audit
A read-only DNS audit that compares forward and reverse lookup results across host lists and expected DNS servers.
ToolchestScriptFile, Backup, and Storage OperationsRead-only
File share permission audit
A read-only file share audit that records SMB share permissions, NTFS access, and ownership evidence for review.
ToolchestRecommended toolFreeware Utilities Worth KeepingReview before running
Free network scanner and port inventory guide
A practical guide to free network scanning options for host discovery, port inventory, and safe scan scoping.
ToolchestScriptWindows Server HealthRead-only
IIS site and binding inventory
A read-only IIS inventory that correlates sites, bindings, ports, host headers, app-pool identities, content paths, and certificate thumbprints for migration or renewal work.
ToolchestChecklistActive Directory and IdentityChanges system state
Inactive AD user disable review workflow
Two-phase review checklist for identifying inactive AD user accounts, validating inactivity evidence, applying exclusions, capturing approval, and preparing rollback details before any disable action.
ToolchestTemplateOperations TemplatesChanges system state
Incident Note Template
A compact operator note format for capturing symptoms, checks, decisions, and follow-up while the issue is fresh.
ToolchestScriptInventoryRead-only
Installed Application Inventory for Windows Endpoints
A read-only PowerShell inventory starter for collecting installed applications from local or remote Windows endpoints.
ToolchestChecklistApplication HostingRead-only
Internal IIS site rollout checklist
Operator checklist for launching an internal IIS-hosted site with evidence capture for IIS role presence, site folder layout, bindings, app pool identity, DNS readiness, browser validation, and rollback notes.
ToolchestScriptActive Directory and IdentityRead-only
Local administrator group audit across Windows endpoints
A read-only local administrator audit that records privileged group membership across Windows endpoints for review.
ToolchestScriptPatch and Reboot ReadinessRead-only
Pending reboot detection across Windows servers
A read-only pending reboot check for Windows servers before patching, application installs, or maintenance-window closure.
ToolchestTemplateReporting and Evidence PacksChanges system state
PowerShell HTML operations report starter
Concrete PowerShell reporting pattern for turning host-check results into an HTML operations summary with a status rollup, per-host table, failure section, saved local artifacts, and optional email delivery.
ToolchestTemplateReporting and Evidence PacksChanges system state
PowerShell operations reporting foundation
Academy-style guide for using the Ops Reporting Foundation helper to turn PowerShell checks into consistent HTML, CSV, JSON, and log artifacts. Start here after creating the helper file, then plug health checks, patch checks, certificate scans, AD hygiene checks, and other collectors into the same reporting pattern.
ToolchestScriptConnectivity and Network TriageRead-only
PowerShell server connectivity quick check
A concise read-only connectivity triage script that separates DNS, ICMP reachability, and expected TCP-port failures before escalation.
ToolchestScriptInventoryRead-only
RADIUS and NPS server detection report
Read-only PowerShell reporting script pattern to identify likely Microsoft NPS or other RADIUS-capable Windows servers using multiple evidence sources: NPS service presence, NPAS role/feature state, IAS/NPS event log activity, UDP 1812/1813 listener evidence, and registry indicators. Designed for migration discovery, audit support, and authentication troubleshooting.
ToolchestChecklistRemote AccessRead-only
RDP Connectivity Checklist
A structured check for RDP failures before changing firewall rules, user rights, or server policy.
ToolchestScriptConnectivity and Network TriageRead-only
RDP failure triage script
A read-only RDP triage script pattern for DNS, TCP 3389, listener state, firewall evidence, sessions, and event logs.
ToolchestTemplateFile ServicesChanges system state
Robocopy Job Template
A safer starting point for repeatable Windows file copy jobs with logging and dry-run review.
ToolchestTemplateFile, Backup, and Storage OperationsChanges system state
Robocopy job template and log parser
A safer Robocopy job template with dry-run review, log capture, exit-code interpretation, and migration evidence.
ToolchestChecklistMigration and CutoverChanges system state
Robocopy migration cutover checklist and evidence pack
Operator checklist and evidence structure for file migration cutovers using Robocopy. Covers pre-copy checks, dry-run evidence, final sync readiness, exclusion review, validation samples, rollback details, and signoff artifacts suitable for tickets and change records.
ToolchestScriptWindows Server HealthRead-only
Scheduled task inventory and failure report
A read-only scheduled task inventory that highlights failed runs, missed runs, disabled tasks, and ownership gaps.
ToolchestScriptActive Directory and IdentityRead-only
Service account usage finder
A read-only service account discovery pass for Windows services, scheduled tasks, and IIS application pools.
ToolchestRecommended toolFreeware Utilities Worth KeepingRead-only
Sysinternals first-response kit guide
A practical Sysinternals first-response map for process, file handle, startup, network, login, and registry symptoms.
ToolchestRecommended toolMonitoringChanges system state
Uptime Kuma Monitoring Starter
A simple monitoring starter for internal services, homelab systems, and small-office status checks.
ToolchestScriptSecurity and Exposure ChecksRead-only
Windows firewall rule audit
A read-only Windows Firewall audit that records enabled allow rules, ports, profiles, and address scopes.
ToolchestScriptWindows Server HealthRead-only
Windows server health snapshot
A read-only Windows Server health snapshot that returns one compact row per host for uptime, disk pressure, memory headroom, stopped automatic services, and recent system errors.
ToolchestChecklistPatch and Reboot ReadinessChanges system state
Windows Update readiness and repair evidence pack
A patch readiness and repair evidence pack for reboot state, servicing health, update logs, and approved repair actions.
ToolchestChecklistPatchingChanges system state
Windows Update Repair Checks
A staged Windows Update troubleshooting path that starts read-only and escalates only when needed.
ToolchestRecommended toolConnectivity and Network TriageReview before running
Wireshark packet capture triage guide
A packet-capture triage guide for DNS, TLS, DHCP, SMB, RDP, retransmissions, and sensitive-data handling.
Labs
Labs and build work for Documents and Templates
LabsStorage and BackupRecovery ValidationIntermediate
Build a Backup Verification Workflow for Hyper-V or Proxmox VMs with Scheduled Restore Checks
Build a backup verification workflow for Hyper-V or Proxmox so restores are tested before an outage forces the question.
LabsSelf-Hosted Services and ProductivityService Portals and MediaIntermediate
Build a Lightweight Internal Git and Script Catalog with Gitea
A practical setup for a lightweight internal Git repository and script catalog using Gitea, a self-hosted Git service.
LabsPowerShell and Admin AutomationReporting and AuditsIntermediate
Build a Patch Compliance Reporting Workflow for Windows Devices Using PowerShell and Scheduled Scans
Build a Windows patch compliance reporting workflow with PowerShell, scheduled scans, CSV evidence, and rollback notes for the scheduled task and local script files.
LabsStorage and BackupBackup PlatformsIntermediate
Build a Proxmox Backup Server Lab with Retention Policies and Monthly Recovery Drills
Build a Proxmox Backup Server lab with retention policy, backup job evidence, and a monthly restore drill so recovery confidence comes from tested restores.
LabsPowerShell and Admin AutomationReporting and AuditsIntermediate
Build a Reproducible Devcontainer Environment for PowerShell, Terraform, and Azure CLI
Build a reproducible devcontainer for PowerShell, Terraform, and Azure CLI work so the toolchain is easy to rebuild.
LabsPowerShell and Admin AutomationReporting and AuditsIntermediate
Build a Reusable PowerShell Script for Software Inventory Reporting
Build a reusable PowerShell software inventory script that exports clean CSV reports from Windows endpoints.
LabsPowerShell and Admin AutomationReporting and AuditsIntermediate
Build a Safe File Server Permission Audit with PowerShell
Build a read-only PowerShell permission audit for Windows file shares, export remediation candidates, and preserve evidence for an access review without changing ACLs.
LabsSelf-Hosted Services and ProductivityDocs and File WorkflowsIntermediate
Build a Self-Hosted Password Vault Lab with Vaultwarden
A self-hosted Vaultwarden password vault with backups, recovery notes, and practical safeguards for family use.
LabsSelf-Hosted Services and ProductivityDocs and File WorkflowsIntermediate
Create a Self-Hosted Document Workflow with Paperless-ngx, OCR, and Backup Validation
Build a self-hosted Paperless-ngx workflow that turns scanned documents into searchable records and includes a backup check you can repeat.
LabsStorage and BackupBackup PlatformsIntermediate
Family NAS Backup Plan with Snapshots and Offsite Sync
Create a family NAS backup plan with snapshot retention, offsite copy targets, restore notes, and a small proof restore so backup success is based on evidence instead of hope.
LabsStorage and BackupBackup PlatformsIntermediate
PowerShell Home Lab Toolkit for Backup Checks and Service Management
Create a PowerShell toolkit for backup checks, service restarts, and daily status notes in a small lab environment.
LabsPowerShell and Admin AutomationReporting and AuditsIntermediate
PowerShell Toolkit for Rotating Local Admin Passwords and Auditing Privileged Access Drift
Create a PowerShell toolkit for rotating local administrator passwords and checking privileged access drift across Windows machines.
LabsVirtualization and ContainersVirtualization PlatformsIntermediate
Proxmox Starter Cluster Guide with Templates, Backups, and Service Placement Rules
Build a small Proxmox starter cluster with templates, backups, and placement rules you can reuse for later services.