Are there any best practices to secure a Flame server instance?

We’re trying to build out some infrastructure to allow machine owners with GPUs to “rent out” their machines and allow remote users to push some code into their host without having to worry about security or whether the executed code will go outside of the allowed parameters.

Elixir w/Flame seems to be quite promising as it can still coordinate with the users own BEAM cluster services even though computations on the rented host are restricted.

Is it possible to lock down the BEAM instance or Elixir environment on the rented host so it can’t execute code that goes outside of what’s allowed for that VM?

It’s possible but you should resort to OS level sandboxing and/or virtualization. If you deploy to Linux, you can use LXC or systemd-nspawn. On FreeBSD you can use jails. There are alternatives but without more details, I can’t help really help you. I’ve been planning on writing a jails backend for FLAME for some time.