Masaaki Harada

Posted on Jan 26

How Not to Burn Out on Impossible Client Schedules (with Shadow Labs on Proxmox)

#productivity #cybersecurity #development #networking

Last updated: 2026-01-26

This post is about how freelancers and small shops can survive brutal project schedules without burning themselves and their team to the ground – by quietly preparing a separated, secure dev environment and an internal project plan of their own.

2026-01-25 Update

The “shadow lab per project” idea in this article eventually pushed me to build a small automation toolkit on top of Proxmox.

It creates multiple, securely separated project labs on a single Proxmox host, so VPN users can’t hop into your main LAN or see other projects’ VMs.

I released it as Zelogx™ Multiverse Secure Lab Setup (MSL Setup).

For anyone curious, the Personal / Community Edition is available here:

GitHub: https://github.com/zelogx/msl-setup
Overview (EN/JP): https://www.zelogx.com/

Intro: The reality for freelancers and small shops

If you join projects as a freelancer or as a head-count style subcontractor, the story often looks like this:

The prime contractor (big SI / vendor) presents a beautiful project plan and Gantt chart – with lots of hidden holes.
Most people on the receiving side don’t have enough real-world review experience to see those holes.
- Or even if they do, they’re not in a position to openly challenge the prime.
The downstream vendor follows that (usually waterfall-style) plan and:
- Does only “high-level design” during the high-level design phase
- Does only “detailed design” during the detailed design phase
Work starts while the overall system is still fuzzy, critical items are missing from the big picture, and only when the environment is finally put together does reality show up.

The result is familiar:

Requirements gaps
Unplanned work and painful change-request negotiations
“Just-barely” deadlines
Unhappy users

In an ideal world, the prime’s project plan would be shared with partners, reviewed together, and adjusted with mutual understanding.

In reality, many small-shop owners and freelancers treat that project plan as nothing more than a kickoff ritual.

At that time you should be hearing:

What risks the PM is assuming
How those risks are going to be mitigated …but for many reasons, that kind of discussion rarely happens.

So this article assumes that reality and talks about:

“If you rely only on the prime’s project plan, you will probably burn.

So as a freelancer / small shop, what kind of internal plan and shadow environment can you quietly prepare for yourself?”

1. Assume the prime’s project plan is the PM’s “wish list”

First, an important mindset:

The prime’s project plan is essentially

“what the PM wishes would happen.”

Usually you won’t see much about:

When the production architecture will actually be finalized
How much of that will be reproduced in test
What exactly will be tested at each stage

In other words, safety margins and risk-mitigation on the ground are mostly absent.

In more extreme cases you’ll see plans where:

There is no proper requirements-definition phase
Deliverables per phase are not defined
There is no real high-level / functional / detailed / operations design – you jump straight to “parameter sheet”
Someone says “we already did a PoC, so let’s just build it, we don’t really need formal design, right?”
It’s not even a production cut-over, but staging is treated as production with almost no time or resources set aside
Implementation window is strangely short (3 weeks), yet you’re supposed to:
- Build the environment
- Implement features
- Test
- Write test specs
- Do code review
- Write test reports
There is no security design or secure-coding guideline, and only at the very end a vulnerability scan blows everything up

You may have seen project plans like this. (This is just a partial list.)
And the boss says something like:

“I got us this job; just shut up and do it.”

Realistically, the prime should be the one to sort this out.

But they also have to chase revenue to survive.

The problem is: if you just ride along, you’ll probably burn in the second half.
So for freelancers and small shops, it becomes very important to:

Respect the “external project plan” as a public contract,

but quietly maintain your own internal plan behind the scenes.

I’m not saying you must suddenly start writing a 50-page project plan of your own.

I’m also not saying you must instantly master reading huge Gantt charts like a senior PM.

There is a much simpler, more practical way.

2. Technique #1 – Build a “shadow prototype environment” early in high-level design

The first technique:

During the early high-level design phase,

quietly build a shadow prototype environment on your side that mimics the production setup.

What I mean by “prototype environment” is a set of boxes that:

Use the OS you expect to use in production
Include the key middleware (app server, reporting platform, etc.)

…built in a way that’s as close to the real production architecture as you can reasonably guess at that point.

In almost any moderately sized system, you’ll eventually need things like:

GitLab or some kind of source-control / CI/CD platform It helps to prepare at least that much from the beginning.

Why this matters

If you do this, you can:

Notice big design holes early, like:
- “We are missing a reverse proxy here, aren’t we?”
- “With this structure we actually need another DB.”
Even if the prime’s high-level design is fuzzy, you can see a working big picture with your own eyes. And please, keep the build notes and setup steps for this prototype. Rough notes are fine; you just need something you can explain later.

With those notes and the original requirements, you can often write the actual high-level design document in 2–3 days later.

Formatting and polishing are painful, but LLMs can help with that part.

The key mindset is:

Not: “In the high-level design phase I only write documents, because that’s what the plan says.”
But: “In the early part of high-level design, I secretly build and run a prototype environment.” You quietly re-order the internal steps.

You don’t have to tell anyone.

(That step doesn’t exist on the official plan, so there’s nothing to report.)
This is purely insurance so you don’t burn later.
Also, you don’t necessarily need a big new budget for this.
At the beginning of projects there is often a lot of “waiting time”:

Requirements not finalized yet
Basic policies still under discussion
Kickoff is next week

You can use those gaps – or long meetings where you’re mostly a listener – to make partial progress on your shadow env.

In other words:

Use idle time to build at least a partial, working prototype.

It’s like secretly running a mini-agile loop under the waterfall plan.

3. Technique #2 – Push for an early “version-pinning meeting”

There is one big trap when building prototypes early:

Versions change later and you have to rebuild everything.
If you have good build notes, this isn’t fatal—but we’d still prefer to minimize rework.
To avoid that, it helps to quietly insert an early:
“Version pinning meeting”
…during the start of the high-level design phase.

At minimum, try to get provisional agreement on:

OS version (major + minor, if possible)
Key middleware (app server, reporting, batch platform, etc.) and their versions
Support situation for each (EoL, vendor support or not, OSS community activity, etc.)

It doesn’t have to be perfect

The important point is:

This is not a promise that versions will never change.
It’s a “let’s at least assume this for design and estimation” kind of agreement.

Later you will still get:

“Security says this version isn’t allowed…”
“The antivirus vendor doesn’t officially support this OS…”

That’s life. You adjust when necessary.
But having that early baseline makes your shadow prototype much less likely to be total rework.

4. Technique #3 – Don’t talk about the prototype; frame it as “experience from other projects”

This one is surprisingly important.
Once you have a shadow environment and some performance numbers, you will be asked questions like:

“How many CPU cores do we need for this?”
“Roughly how many users can this handle?”
“What kind of machine size should we provision?”

In reality, you’ve already measured quite a bit in your prototype.

But you don’t have to say:

“We secretly built a production-like environment on our own and ran load tests!”

In fact, it’s usually better not to say that.
This is about expectation management.

How to talk about it externally

You can phrase it like:

“Based on experience from similar-sized systems we’ve built, CPU usage stayed around X% at this level of load.”
“Looking at previous projects with a comparable architecture, starting with this instance size seems reasonable.”
“From projects with similar business load, this spec should give us enough headroom for the initial phase.”

In practice, one of those “previous projects” is… your very current shadow lab.
From outside, though, that’s perfectly fine to present as “experience.”
The balance is:

Internally, you measure properly.
Externally, you don’t oversell “We did EVERYTHING for you.”
You present it as: “We’re using past experience to suggest a realistic range.”

5. Technique #4 – Write down steps as if you’ll feed them to an LLM later

This is a trick that only became powerful in the last few years.
When you build the shadow environment, focus on how you leave behind your notes, more than on writing the “perfect” design doc.

Why? Because:

If you feed those notes to an LLM,

you can get a surprisingly solid draft high-level design in very little time.

The pattern looks like:

Build the shadow environment.
While doing that, jot down:
- Install steps
- Middleware settings
- Where you got stuck and how you solved it
Later, give those notes to an LLM and say:
- “Propose a structure for the high-level design document.”
- “Rephrase this for client-facing language.”
- “List likely test items.”
- “Generate a first draft of the parameter sheet.”
Suddenly, what used to take 2–3 days now takes hours.

So:

“First build the prototype”

plus

“Leave decent notes assuming you’ll feed them to an LLM”
…becomes a strategy that:

Reduces implementation risk, and

Shrinks documentation effort at the same time. ---

6. Run a secret agile loop under a waterfall surface

If we sum up the story so far:

On the surface you follow waterfall,

but underneath you quietly run small agile cycles to stay ahead.
On the surface:

You appear to follow the big waterfall plan the prime gave you.

Milestone names and deliverables match: high-level design, detailed design, integration test, etc.

Under the hood:

During high-level design you already:
- Build and run the prototype
- Pin down versions
- Lock in a working architecture early
Using that, you can quickly provide:
- Performance estimates
- Resource estimates
- Clear lists of risks

So even though the official methodology looks like pure waterfall,

internally you’re continuously reducing uncertainty in advance.

This doesn’t mean:

“You may delay the prime’s master schedule.”
Quite the opposite:

Because you already have a working prototype,

You are less likely to cause schedule slips later. You’re lining up the dominoes so they fall in your favor.

7. “We don’t have time to build a custom environment for every project”

At this point you might be thinking:

“I get the idea, but building a fresh prototype environment for every project is too heavy.”
And you’d be right.

For freelancers and small shops, it’s pretty tough to:

Rebuild OS, middleware, auth flows, and test clients
From scratch
For every new project So once you start getting a steady stream of work, it’s worth considering: > Building a template or tooling that lets you quickly spin up > “per-project sandbox environments.”

For example:

Keep one physical machine somewhere that has:
- A virtualization platform
- Scripts or tools to auto-create “project sandboxes”
When a new project starts, first spin up a shadow environment in ~30 minutes, then start design.

The actual tools / stack don’t really matter.

What matters is the mindset shift:

From “hand-craft a new environment every time”
To “instantiate a per-project sandbox from templates”

…and making sure that:

Partners can easily join via VPN, and
VMs from one project never leak into another project’s view.

One concrete implementation: MSL Setup on Proxmox

The ideas in this article are technology-agnostic, but in my own work I wanted something concrete, so I built:

Zelogx™ Multiverse Secure Lab Setup (MSL Setup)

It runs on a single Proxmox host and:

Builds per-project, L2-isolated dev labs (PJ01, PJ02… style)
Uses:
- Proxmox SDN simple zones + VNets
- Proxmox firewall security groups
- Pritunl as per-project VPN entry points

So when a new project comes in, I can:

Spin up an isolated lab quickly
Let external members in via VPN
Know they can’t see other projects’ VMs

If you’re curious how that looks in practice:

GitHub (Personal / Community Edition – free for individuals): https://github.com/zelogx/msl-setup
Overview & docs: https://www.zelogx.com/

Conclusion

For freelancers and small software shops, trusting only the prime’s project plan is a good way to get burned.

Instead, it helps to:

Maintain your own internal project plan, separate from the client-facing one
Quietly build a prototype environment early in high-level design
Lock down OS and middleware versions as early as reasonably possible
Treat numbers from your prototype as “experience from similar projects” rather than “we secretly built a lab just for you”
Leave good notes and let LLMs handle a lot of the document boilerplate
Outwardly follow waterfall, while inwardly running small agile loops to stay ahead

These aren’t “perfect textbook best practices.”

They’re more like street-level survival tactics picked up from real projects.
But if you stack enough of these small tricks, you’ll start to notice a difference in:

How often projects catch fire
How satisfied your users end up
How exhausted you and your team feel at the end If you’re in the “the prime’s plan is a mess but I still have to ship” club, I hope this gives you a few ideas for building your own safety net.

DEV Community