Tech Recipe Book
My Services
  • Book
    • About the author
    • Architect
      • Algorithms
        • DB index algorithms
          • How does database indexing work
        • Neural network optimization
          • Neural Network Optimization
        • Route search
          • Road network in a database to build a route
          • Traveling Salesman Problem (TSP)
      • Architecture Frameworks
        • DODAF
        • TOGAF
        • Enterprise Architecture (EA) Tools Reviews 2023 | Gartner
      • Zero Trust
      • Billing
        • SHM billing system
      • Bots
        • Discord
        • Telegram
          • Chat GPT Telegram bot
          • Получаем статистику Telegram-канала при помощи api и python или свой tgstat с регистрацией и смс
          • Как хостить телеграм-бота (и другие скрипты на Python) на Repl.it бесплатно 24/7
          • Создание Telegram бота на PHP #1: основные понятия для работы с API
          • Создание Telegram бота на PHP #2: создание первого бота для Telegram
          • Создание Telegram бота на PHP #3: примеры отправки сообщений с кнопками в Telegram
          • Создание Telegram бота на PHP #4: отправка файлов и изображений в Telegram
          • Создание Telegram бота на PHP #5: работа с хуками
      • Business intelligence
      • Cloud Storage
        • Ceph
        • Virtual Distributed File System
      • Cryptography
        • Open Source PKI Software
        • OpenPGP
          • Email Encryption
          • Kleopatra
          • Miscellaneous Tools
          • Server side applications
      • Message broker
        • Kafka
          • Kafka UI-tools
          • Kafka streams ksqlDb
        • RabbitMQ
      • DB
        • MySQL
          • Auto sharding
          • MariaDB Zabbix monitoring
          • MySQL and MariaDB replication with Zabbix monitoring
        • Postgres
          • HA PostgreSQL with Patroni, Haproxy, Keepalived
          • Mass parallel requests - Greenplum
          • PostgreSQL cluster for development and testing
        • Vitess - Scalable. Reliable. MySQL-compatible. Cloud-native. Database.
      • Identity and Access Management (IDM)
        • FreeIPA - Identity, Policy, Audit
        • FreeIPA as an Enterprise solution
        • Keycloak
          • Keycloak HA cluster
        • Open Identity Platform
        • SSO
          • Keycloak for Java app
          • OpenAM
          • OpenIG
      • Firewall
        • nftables
      • Infrastructure As a Code
        • Ansible
        • IaC Packer Ansible Teraform
        • Installing Jenkins using terraform in Kubernetes in Yandex Cloud with letsencypt
        • Teraform Crosplan Pulumi
        • Yandex IaC solutions
      • Kubernetes
        • Installation
          • Install Kubernetes cluster
          • Deploying a Kubespray cluster to OpenStack using Terraform
          • Kube deploy in Yandex cloud
        • Frameworks
          • Deckhouse
            • LDAP authentification
            • On premise Install
            • Yandex Cloud Install
          • K3S
          • OpenShift OKD
          • RKE2
          • Rancher
            • Rancher Install
        • Auth
          • Keycloak in k8s
          • LDAP
        • GUI management Lens
        • Monitoring
          • Monitoring with Falco
          • Network monitoring
          • Nginx ingress
          • Prometheus Graphana for sample Nodejs app
          • Rsource monitoring Avito
        • Exposing services
          • Exposing Kubernetes Services
          • Cilium BGP
        • CNCF
        • Helm
          • Repositories
            • Artifact Hub | official
            • Bitnami | vmware
          • Awesome helm charts and resources
          • Essential Services for Modern Organizations
          • Security and Compliance
          • Additional charts
        • Isolation
          • vcluster - Virtual Kubernetes Clusters
          • Kiosk
          • KubeArmor
          • Control Plane Hardening
          • Hierarchical namespaces
        • Security Center
          • Minesweeper
          • NeuVector by SUSE
          • SOAR in Kubernetes
          • Security Сenter for Kubernetes
        • Terraform CI security
          • Terraform plan analysis with Checkov and Bridgecrew
          • Yandex Terraform scan
        • Vulnerability management
          • Aqua
          • Sysdig
          • Kyverno
          • GitLab
          • NeuVector by SUSE
        • Image scanning
          • Snyk
          • Sysdig
          • Harbor
          • Trivy
        • Signature verification
          • Sigstore
        • Control plane security
          • Gatekeeper
            • Applying OPA Gatekeeper
          • Kyverno
            • Policy as a code. Kyverno
        • Runtime Security
          • Osquery
          • Falco
          • ClamAV
        • Network security
          • Cilium
          • Control Plane Hardening (API restriction)
          • Network policy recipes
          • Service mesh
            • Istio HA, LoadBalance, Rate limit
          • mTLS Autocert
        • Honeypot
          • Building honeypot using vcluster and Falco
        • Backup
          • Kasten K10
        • Secrets
          • Vault CSI Driver
      • Load Balance
        • Nginx
        • HAProxy
          • Proxy methods
          • HAProxy for RDP
          • Payment gateway A/B test with HAProxy
          • HAPRoxy for Percona or Galera
      • Monitoring
        • Zabbix
          • Apache Zabbix
          • Disc Quota
          • Nginx Zabbix
          • SSL certificates Zabix
          • Zabbix notifications
        • Nagios
          • Datacenter monitoring
        • Prometheus and Grafana
      • Windows
        • Sysmon enhanced Windows audit
        • Sysmon to Block Unwanted File
      • Linux
        • Rsync
        • Debian based
          • Apt-Cacher NG
          • Unattended Upgrades in Debian / Ubuntu
        • RedHat basede
          • RPM Server
        • Logs analysis
        • Build armhf qemu
      • NGFW
      • CI/CD
        • DevSecOps
          • DAST
            • Burp
              • Dastardly
            • StackHawk
            • ZAP and GitHub Actions
          • SAST
            • Checkmarx
            • OSV by Google
            • Snyk
            • SonarQube
        • GitLab Runner in Yandex Cloud
        • Dynamic Gitlab Runners in Yandex Cloud
        • GitLab runner in Kubernetes with Werf
        • Kubernetes deploy strategies
        • Kubernetes highload deploy. part 1
        • Kubernetes highload deploy. part 2
        • Kubernetes Argo Rollouts
        • Jenkins in Kubernetes
        • Ansible Semaphore
        • Image storage, scaning and signing
        • Install WireGuard with Gitlab and Terraform
        • CI/CD example fror small web app
        • Threat matrix for CI CD Pipeline
      • SIEM / SOC
        • Datadog
        • Splunk
          • Splunk — general description
        • MaxPatrol
          • MaxPatrol 8 and RedCheck Enterprise
        • QRadar IBM
        • Cloud Native Security Platform (CNAPP) - Aqua
        • OSSIM | AT&T
          • AlienVault (OSSIM) install
        • Wazuh
        • EDR
          • Cortex XDR | Palo Alto Networks
          • Cynet
          • FortiEDR | Fortinet
          • Elastic
        • Elastic
          • Install Elasticsearch, Logstash, and Kibana (Elastic Stack) on Ubuntu 22.04
          • Setting Up Elastic 8 with Kibana, Fleet, Endpoint Security, and Windows Log Collection
        • Threat Intelligence
          • MISP
          • msticpy Microsoft
          • X-Force | IBM
          • Elastic
      • VPN
        • Full-Mesh VPN fastd, tinc, VpnCloud
        • Wireguard
          • WireGuard for Internet access
          • WireGuard on MikroTik and Keenetic
          • WireGuard site to site
        • SoftEther VPN Project
        • Cisco AnyConnect client
        • OpenConnect
        • SSTP python server
      • OS hardening
        • CIS Benchmarks
      • Cloud Providers
      • OpenNebula
        • OpenNebula Edge Cloud - Open Source Cloud & Edge Computing
        • Discover OpenNebula – Open Source Cloud & Edge Computing Platform
        • OpenNebula Multi-Cloud
        • Kubernetes on OpenNebula
        • The Open Source Alternative to Nutanix
        • The Simple Alternative to OpenStack
        • OpenNebula Partner Ecosystem
      • OpenStack
        • Install manual
        • Install with DevStack
      • VM
        • Create a VHD file from a Linux disk
        • Backup / Migration
          • Coriolis
          • Proxmox Backup Server
        • oVirt
        • VMware vCenter
        • Proxmox
      • Docker
        • Container optimization
        • Ubuntu RDP container
      • LXC
        • LXD on Ubuntu 18.04
        • Install, Create and Manage LXC in Ubuntu/Debian
    • Big Data
      • OLAP data qubes
      • Storage and autoscale in Lerua
    • Machine Learning
      • Yandex YaLM 100B. GPT model
      • Kaggle Community Datasts Models
      • AI in video production
      • Image search
      • Chat bots
        • You.com
        • Chat GPT
          • Implementing GPT in NumPy
        • Jailbreak Chat
      • Coding plugins CodeWhisperer
    • Malware
      • Isiaon/Pitraix: Modern Cross-Platform Peer-to-Peer Botnet over TOR
      • theZoo A repository of LIVE malwares
    • Pentest
      • Red Team
        • MITRE ATT&CK matrix
        • C2 Frameworks
          • Brute Ratel C4
          • Cobalt Strike
          • Covenant
          • Havoc Framework
          • Merlin
          • Metasploit
          • Sillenttrinity
          • Sliver
        • Manage and report
          • Dradis Framework
          • Hexway
        • Underground
      • Social engineering
        • Social Engineer Toolkit setoolkit
      • OSINT
        • OSINT for comapny
        • Instagram fishing
      • Forensics
        • Forensics tools
      • Pentesting Methodology
      • Web
      • CI/CD Methodology
      • Cloud Methodology
        • Hacking The Cloud
      • Kubernetes Pentesting
      • Android
        • SSL Unpinning for Android applications
      • iOS
        • SSL unpinning iOS and macOS applications
      • HackBar tool
      • CyberChef Tools
      • Python virtualenv
      • IppSec - YouTube
      • Hacktricks.xyz
    • Compliance
      • 152 ФЗ. Personal data
      • PCI DSS and ГОСТ Р 57580.1-2017
      • Cloud compliance
      • ГОСТ Р 57580.1-2017 для Kubernetes
      • Kubernets as DevSecOps and NIST compliance
      • NIST SP 800-61 cyberincidece control
      • CIS Kubernetes Benchmark v1.6 - RKE2 v1.20
      • CIS Kubernetes Benchmark v1.23 - RKE2
      • Requirements for Russian Banks
      • Tools
        • Chef InSpec
        • Elastic SIEM
    • Asset management
      • CMDBuild
    • Project management
    • Incident management SRE
    • Risk management
      • IT risk management
      • BSI-Standard 200-3
    • Web Dev
      • Cookie security
      • OWASP Top 10 2021
      • Docker nginx php mysql
      • Docker tor hiddenservice nginx
      • Docker Compose wp nginx php mariadb
      • Dependency Checking
        • Nexus Analyzer
        • OWASP dependency-check
      • Yii skeeks cms
      • YiiStudio
    • Art
      • GTK Themes
      • Themes for Xfce Desktop
      • XFCE / Xubuntu Windows 95
      • Moscow events
      • Photo goods
      • Russian style gifts
    • Cryptocurrency
      • News
      • Arbitrage
      • Stocks
      • Exchange aggregators
      • Where to use
      • Prepaid cards
        • BitFree
        • Pyypl Your Money at Your Fingertips
    • IT magazines
      • WIKI and Writeups tools
        • BookStack
        • GitBook
        • MkDocs
        • Wiki.js
        • DokuWiki
    • Languages
    • Learning
      • (ISC)2
        • CISSP
      • Offensive Security
        • OSCP
        • OSEP
        • OSED
      • DevSecOps
        • Certified DevSecOps Professional (CDP)
        • Certified DevSecOps Expert (CDE)
      • Web Security Academy: PortSwigger
    • Relocation
      • London experience
      • IT visas in 2022
      • Remote work
      • Running business in UAE
    • Freenet
      • Independent online services: the philosophy of a free Internet
      • Tor Project Anonymity Online
      • I2P Anonymous Network
    • Services
      • SMS Registration
        • Registering ChatGPT in Russia
      • Local and regional eSIMs for travellers - Airalo
      • Digital busines cards
      • No KYC services and exchanges
Powered by GitBook
On this page
  • Architecture
  • Remote synchronization
  • Data Integrity & Security
  • Quick Restore
  • Granular recovery
  • Central Management
  • REST API
  • Proxmox VE Integration
  • Tape Backup

Was this helpful?

  1. Book
  2. Architect
  3. VM
  4. Backup / Migration

Proxmox Backup Server

Last updated 1 year ago

Was this helpful?

Lost or corrupted data due to deletion, ransomware, or other dangers can occur at any time. Therefore, regular backup of important data is crucial. To increase productivity and meet your operational goals, the user friendly Proxmox Backup solution lets you back up your data in a space efficient manner, restore it in a flash, and effectively reduce work hours, thanks to simplified management.

Open-Source

Proxmox Backup is a stand-alone solution. The open-source nature of the Proxmox software stack means that you get a secure, flexible product that you can trust. The , licensed under the GNU Affero General Public License, v3 (). Thus, you are free to use the software, inspect the source code at any time, or contribute to the project yourself.

Performance

The whole Proxmox Backup software stack is written in , a modern, fast, and memory-efficient language. Rust provides high speed and memory efficiency, due in part to its lack of runtime and garbage collector. Its rich type system and ownership model guarantee memory-safety and thread-safety.

Incremental & Deduplication

Backups are sent incrementally from the client to the Proxmox Backup Server, where data is then deduplicated. Typically, changes between periodic backups are low. Reading and sending only the changes reduces the storage space used and the network impact.

Periodic backups usually produce large amounts of duplicate data. The deduplication layer in the Proxmox Backup solution reduces the amount of duplicate data, reducing the physical space required for data storage.

When doing deduplication, there are different strategies to get optimal results in terms of performance and/or deduplication rates. Depending on the type of data, data can be split into fixed or variable sized chunks; Proxmox Backup Server supports both strategies.

Compression

Proxmox uses the ultra-fast Zstandard (ZSTD) compression which is able to compress several gigabytes of data per second. ZSTD is characterized by its high compression ratio and very fast compression speed.

Architecture

The Proxmox backup solution uses a client-server model. This separation allows multiple, unrelated hosts to use the backup server. While the server stores the backup data and provides an API to create and manage datastores, the client tool will work with most modern Linux distributions, allowing you to create and manage backups from all of your hosts. The software's ability to encrypt data already on the client-side ensures that it is secure, before it even reaches the server.

Remote synchronization

Proxmox Backup Server enables you to pull or synchronize datastores to other locations for redundancy. This is an efficient method to synchronize data to offsite locations. Only changes since the previous sync get transferred.

  • The term Remote refers to a separate server, which has a datastore that can be synced to a local store.

  • A Sync Job is the process which is used to pull the contents of a datastore from a Remote to a local datastore. You can schedule it to either run regularly or start a sync job manually via the web interface.

Data Integrity & Security

Not only is it important to have backed up data available, it's also necessary to ensure that the data has not been compromised. With strong encryption ensuring data integrity, you are safe when backing up data with Proxmox Backup Server, even to targets which are not fully trusted, for example, a leased colocation facility.

Encryption

You can further increase security by generating a master key to store and recover encryption keys. This master key is created as an RSA public/private key pair, and then used to securely store the backup encryption key itself alongside the backup. Furthermore, you can print the secret encryption key, so that it's safe from any system disaster.

User role & group permission

Proxmox Backup protects your data against unauthorized access. Moreover, the available range of access control options help to ensure that users are limited to only the level of access they require.

There are also several authentication realms available: Linux PAM for system users, OpenID Connect for authentication through OpenID, and a Proxmox Backup authentication server for handling permissions and data ownership. There is also wide array of user roles (group permission sets), which specify exactly what each user is allowed to do on the server.

Checksum algorithm

Proxmox Backup Server uses a built-in SHA-256 checksum algorithm, to ensure the accuracy and consistency of your data. Within each backup, a manifest file (index.json) is created, which contains a list of all the backup files, along with their sizes and checksums. This manifest file is used to verify the integrity of each backup. You can schedule regular backup verification to detect bit rot and confirm that backups are safe.

Checksumming is also used in the deduplication layer to detect identical blocks of data. This is ideal for efficiently storing multiple VMs with identical operating systems, as if they all share a similar data structure, only one copy of that will need to be stored.

In addition to being used for backup verification, the checksum algorithm is also used in deduplication to detect common data between backups of different machines. This can greatly reduce the storage needed to store, for example, multiple VMs that use an identical operating system.

Ransomware protection

Quick Restore

How long can your team or organization live without their data? With any sensible backup solution, recovery operations should be a frictionless process and not generate hours of unnecessary and frustrating labor for administrators. Speed, accuracy, and flexibility in the recovery process are important.

Proxmox Backup Server is lightning fast, meaning that when disaster strikes, you can have that VM, archive, or even single file back in seconds. In a disaster situation, the fast and simple restore via the GUI will ease any stress.

Granular recovery

  • Granular recovery options.

  • Restore single files/directories/archives from the backup.

  • Interactive recovery shell for restoring only a few individual files.

  • Use regular garbage collection to remove redundant data from the data-store and free up space.

Central Management

The administration of Proxmox Backup Server is so simple that you don't need to have a dedicated backup administrator. The integrated web-based configuration and management center enables you to set up and deploy backups, monitor tasks, logs and resource usage, and manage users, permissions, and datastores. It is so intuitive that even the helpdesk could perform recoveries.

Web-based user interface

The user interface comes with an array of options for administrating the server:

  • Get a quick overview of the most crucial information from the dashboard.

  • Easily create and mange datastores.

  • Browse file backups and select for restore.

  • Monitor tasks, logs and resource usage.

  • Manage users, access permissions, remote stores, and subscriptions.

  • Access a secure HTML5 console.

  • Manage network configuration and interfaces.

Command line interface (CLI)

For advanced users who are used to the comfort of the Unix shell, Proxmox provides a command line interface to accomplish special or very advanced tasks. The command line interface has intelligent tab completion and full UNIX man page documentation.

REST API

Proxmox Backup Server uses a RESTful API. We use JSON as the primary data format, and the whole API is formally defined using JSON Schema. This enables fast and easy integration for 3rd party management tools.

Proxmox VE Integration

Security is ensured with a certificate fingerprint.

Restore single files from a VM or container backup or even start a VM as soon as the restore starts with the Live-restore functionality.

Tape Backup

Benefits

  • Support for linear Tape-Open generation 5 (LTO-5) and later (with best-effort support for LTO-4), including hardware encryption.

  • Flexible retention policies: always recycle tapes, never recycle tapes, recycle tapes after a particular calendar event, etc.

  • Support for various tape autoloaders with the ‘pmtx’ tool (mtx tool rewritten in Rust).

  • Configuration via the web interface.

LTO barcode generator

In daily use, it helps to label tape cartridges so you can easily identify them. If you use a tape library, you have to add bar code labels in order to identify them.

In Proxmox Backup, this works through the use of .

With Proxmox Backup Server, all client-to-server traffic can be encrypted to safeguard data integrity. For high performance, the authenticated encryption is done on the client-side with . As your data is encrypted before it reaches the server, the data is useless to unauthorized users accessing the server.

A ransomware attack and encryption of your files and folders is a disaster for any business. Reliable backups and fast recovery can help limit the damage. Proxmox Backup Server includes several features to ; with fine-grained access control, data integrity verification, and the possibility to create off-site backups through remote sync and tape backups, the Proxmox solution helps you plan your ransomware defense strategy and ensures that your critical data stays protected.

Why restore all data if you can ? To reduce overhead, Proxmox Backup Server comes with a snapshot catalog for navigation. You can quickly search an archive of the contents and instantly restore single objects as well.

Proxmox Backup Server comes with an integrated, graphical user interface (GUI) to manage the server. This means that you can (via ). The web interface also provides a built-in console, so if you prefer the command line or need some extra control, you have a lot of options.

Tight integration with the makes Proxmox Backup Server a great choice for seamless backups of your virtual machines (supporting QEMU dirty bitmaps) and containers – even between remote locations. The intuitive web interface enables user-friendly management and makes it really easy to deploy, manage, and monitor backups.

After installing the Proxmox Backup Server on a dedicated host, simply (minimum pve-manager 6.2-9 installed). Then you can run backups the same way you would with any other Proxmox VE storage type.

The provides an easy way to copy datastore content to tapes and restore them at media-set granularity. Despite its age, digital magnetic tape continues to provide an easy and economical way for large amounts of data to be archived. Tape backup makes sense in any effective enterprise backup plan.

You can use a small web-app to print these labels:

https://www.proxmox.com/en/proxmox-backup-server/features
source code is free and open-source
GNU AGPLv3
Rust
Remotes and Sync Jobs
AES-256 in Galois/Counter Mode (GCM)
efficiently respond to a ransomware incident
restore only the data needed
carry out all administration tasks through your web browser
https://youripaddress:8007
virtualization platform Proxmox VE
add the backup storage as a new storage target on the Proxmox VE node
Proxmox Tape Backup system
Proxmox LTO Barcode Generator