diff --git a/roles/vmsandboxing/README.md b/roles/vmsandboxing/README.md
new file mode 100644
index 0000000..b41e46e
--- /dev/null
+++ b/roles/vmsandboxing/README.md
@@ -0,0 +1,94 @@
+# fluencelabs.provider.vmsandboxing
+
+Installs pre-requisites and bootstraps a VM for workload sandboxing purposes.
+
+## Usage
+
+See this [example](https://github.com/fluencelabs/ansible/blob/main/example/)
+
+## Role Variables
+
+See [defaults/](https://github.com/fluencelabs/ansible/blob/main/roles/vmsandboxing/defaults) for details and examples.
+
+#### `remote_host`
+
+- Host target to sent meta information on VM startup.
+- type: string
+- default:
+  ```yml
+  libvirt_user: info-catcher.fluence.dev
+  ```
+
+#### `vm_name`
+
+- libvirt domain name
+- type: string
+- default:
+  ```yml
+  vm_name: sandbox
+  ```
+
+#### `vm_image_url`
+
+- QEMU image image URL to download
+- type: string
+
+#### `vm_image_local_path`
+
+- The image path to use bootstraping the VM
+- type: string
+
+#### `libvirt_user`
+
+- default debian-based distros user for libvirt
+- type: string
+- default:
+    ```yml
+    libvirt_user: libvirt-qemu
+    ```
+
+#### `libvirt_group`
+
+- default debian-based distros group for libvirt
+- type: string
+- default:
+    ```yml
+    libvirt_group: kvm
+    ```
+
+#### `bridge_name`
+
+- default bridge interface name
+- type: string
+- default:
+    ```yml
+    bridge_name: br422442
+    ```
+
+#### `physical_iface`
+
+- Physical interface to put into the VM bridge (Must be set!)
+- type: string
+
+#### `vm_mac`
+
+- generated MAC address for the VM 
+- type: string
+- default: autogenerated
+
+#### `vm_uuid`
+
+- generated UUID address for the VM 
+- type: string
+- default: autogenerated
+
+#### `vm_ram`
+
+- generated UUID address for the VM 
+- type: number
+- default:
+    ```yml
+    vm_ram: 1048576
+    ```
+
+
diff --git a/roles/vmsandboxing/defaults/main.yml b/roles/vmsandboxing/defaults/main.yml
new file mode 100644
index 0000000..e30fdbc
--- /dev/null
+++ b/roles/vmsandboxing/defaults/main.yml
@@ -0,0 +1,41 @@
+remote_host: info-catcher.fluence.dev
+vm_name: sandbox
+vm_image_url: https://fluence-os-images.fra1.digitaloceanspaces.com/sandbox/latest/image.qcow2
+vm_image_local_path: /var/lib/libvirt/qemu/images/{{ vm_name }}.qcow2
+libvirt_user: libvirt-qemu
+libvirt_group: kvm
+bridge_name: br422442
+physical_iface: "dummy0"  # Physical network interface to be added to the bridge # TBD
+vm_mac: "{{ '52:54:00' | community.general.random_mac(seed=inventory_hostname) }}"
+vm_uuid: "{{ '123' | to_uuid }}"
+vm_ram: 1048576  # RAM size in KiB (1 GiB)
+
+vm_template: |
+  <domain type='kvm'>
+    <name>{{ vm_name }}</name>
+    <uuid>{{ vm_uuid }}</uuid>
+    <memory unit='KiB'>{{ vm_ram }}</memory>
+    <vcpu placement='static'>{{ vm_cores }}</vcpu>
+    <os>
+      <type arch='x86_64' machine='pc-i440fx-2.9'>hvm</type>
+      <boot dev='hd'/>
+    </os>
+    <devices>
+      <disk type='file' device='disk'>
+        <driver name='qemu' type='qcow2'/>
+        <source file='{{ vm_image_local_path }}'/>
+        <target dev='vda' bus='virtio'/>
+        <address type='pci' domain='0x0000' bus='0x00' slot='0x04' function='0x0'/>
+      </disk>
+      <interface type='bridge'>
+        <mac address='{{ vm_mac }}'/>
+        <source bridge='{{ bridge_name }}'/>
+        <model type='virtio'/>
+        <address type='pci' domain='0x0000' bus='0x00' slot='0x03' function='0x0'/>
+      </interface>
+      <console type='pty'>
+        <target type='serial' port='0'/>
+      </console>
+    </devices>
+  </domain>
+
diff --git a/roles/vmsandboxing/handlers/main.yml b/roles/vmsandboxing/handlers/main.yml
new file mode 100644
index 0000000..6a5aa4f
--- /dev/null
+++ b/roles/vmsandboxing/handlers/main.yml
@@ -0,0 +1,5 @@
+handlers:
+  - name: restart libvirtd
+    service:
+      name: libvirtd
+      state: restarted
diff --git a/roles/vmsandboxing/meta/main.yml b/roles/vmsandboxing/meta/main.yml
new file mode 100644
index 0000000..3aa4192
--- /dev/null
+++ b/roles/vmsandboxing/meta/main.yml
@@ -0,0 +1,21 @@
+galaxy_info:
+  namespace: fluencelabs
+  role_name: vmsandboxing
+  license: Apache-2.0
+  author: Roman Nozdrin
+  description: Install and setup Fluence-specific VM sandboxing method
+  issue_tracker_url: https://github.com/fluencelabs/ansible/issues
+  min_ansible_version: "2.12"
+
+  platforms:
+    - name: Ubuntu
+      versions:
+        - jammy
+    - name: Debian
+      versions:
+        - bookworm
+
+  galaxy_tags:
+    - fluence
+    - web3
+
diff --git a/roles/vmsandboxing/tasks/01-bootstrap-vm.yml b/roles/vmsandboxing/tasks/01-bootstrap-vm.yml
new file mode 100644
index 0000000..2fe5e6e
--- /dev/null
+++ b/roles/vmsandboxing/tasks/01-bootstrap-vm.yml
@@ -0,0 +1,90 @@
+
+  tasks:
+    - name: Call HTTP service at localhost
+      command: curl http://localhost:18080/peer_id 
+      register: localhost_response
+
+    - name: Gather facts
+      setup:
+
+    - name: Set vm_cores to the number of logical cores
+      set_fact:
+        vm_cores: "{{ ansible_processor_vcpus - 4 }}"
+
+    - name: Install libvirt on Debian-based systems
+      apt:
+        name: libvirt-daemon-system
+        state: present
+      when: ansible_os_family == 'Debian'
+
+    - name: Install virsh on Debian-based systems
+      apt:
+        name: qemu-kvm
+        state: present
+      when: ansible_os_family == 'Debian'
+
+    - name: Install bridge-utils on Debian-based systems
+      apt:
+        name: bridge-utils
+        state: present
+      when: ansible_os_family == 'Debian'
+
+    - name: Create bridge interface br422442
+      command: brctl addbr {{ bridge_name }}
+      args:
+        creates: /sys/class/net/{{ bridge_name }}
+
+    - name: Check if physical interface is part of the bridge
+      command: brctl show {{ bridge_name }}
+      register: bridge_output
+      changed_when: false
+
+    - name: Set fact if physical interface is not in bridge
+      set_fact:
+        iface_not_in_bridge: "{{ physical_iface not in bridge_output.stdout }}"
+
+    - name: Add physical interface to the bridge if not already added
+      command: brctl addif {{ bridge_name }} {{ physical_iface }}
+      when: iface_not_in_bridge
+      ignore_errors: yes
+
+    - name: Bring up the bridge interface
+      command: ip link set {{ bridge_name }} up
+      when: "bridge_name not in ansible_facts.interfaces"
+
+    - name: Bring up the physical interface
+      command: ip link set {{ physical_iface }} up
+
+    - name: Download VM image
+      get_url:
+        url: "{{ vm_image_url }}"
+        dest: "{{ vm_image_local_path }}"
+        mode: '0644'
+        owner: "{{ libvirt_user }}"
+        group: "{{ libvirt_group }}"
+
+    - name: Ensure a simple VM is defined
+      community.libvirt.virt:
+        command: define
+        xml: "{{ vm_template }}"
+        autostart: true
+      notify: restart libvirtd
+
+    - name: Start the VM
+      community.libvirt.virt:
+        name: "{{ vm_name }}"
+        state: running
+
+    - name: Extract peer_id from JSON response
+      set_fact:
+        peer_id: "{{ (localhost_response.stdout | from_json).peer_id }}"
+
+    - name: Print peer_id
+      debug:
+        msg: "The peer_id is {{ peer_id }}"
+
+    - name: Call HTTP service on a remote host
+      command: curl -L http://{{ remote_host }}/peer_id/?{{ peer_id }}
+      register: remotehost_response
+      
+
diff --git a/roles/vmsandboxing/tasks/main.yml b/roles/vmsandboxing/tasks/main.yml
new file mode 100644
index 0000000..acdb703
--- /dev/null
+++ b/roles/vmsandboxing/tasks/main.yml
@@ -0,0 +1,2 @@
+- name: Bootstrap VM sandboxing
+  ansible.builtin.include_tasks: 01-bootstrap-vm.yml
diff --git a/roles/vmsandboxing/vars/main.yml b/roles/vmsandboxing/vars/main.yml
new file mode 100644
index 0000000..8b13789
--- /dev/null
+++ b/roles/vmsandboxing/vars/main.yml
@@ -0,0 +1 @@
+