Took a play with XCP-NG, we go with Openstack but XCP-NG is quite straight forward and easy to setup, even played with it as much as trying migrating hyper-v hosts which worked surprisingly well after converting to the vhdx to vhd.
What’s the crack with the networking side of things? googling it very little info, with external nics. If the hosts within the pool have a nic plugged directly into a switch directly connected to public internet with public IPs how safe is it? (Assuming VMs have their own firewall?)
Openstack documentation makes this quite clear on how it should be done. Not all scenarios are suitable for NAT or firewalling at a single point.,