Skip to main content

Proxmox Backup and Disaster Recovery: The Complete Data Protection Guide

May 27, 2026by Kubo Team #Proxmox #Backup #Disaster Recovery #PBS #Data Protection #3-2-1 Rule #Self-Hosting

In virtualization infrastructure operations, backup and disaster recovery (DR) strategy is not about "whether to do it" but "how thoroughly to implement it." Proxmox Backup Server (PBS) is a backup solution tightly integrated with Proxmox VE, providing enterprise-grade features including incremental backups, deduplication, client-side encryption, and remote synchronization. This article explains how to build a comprehensive data protection strategy with PBS at its core.

When running Kubernetes on Proxmox, Kubo On-Premise provides a fully managed K8s environment that includes backup and recovery for stateful workloads.

Designing Your Backup Strategy

The 3-2-1 Rule

Follow the industry-standard 3-2-1 rule for data protection:

  • 3 copies: Production data + 2 backups
  • 2 different media types: Use different storage technologies (e.g., SSD + HDD, local + cloud)
  • 1 copy offsite: Remote backup at a physically separate location

Modern best practices extend this to 3-2-1-1-0:

  • 1 copy air-gapped or immutable
  • 0 errors: Regular verification confirms backup integrity

Classifying Backup Targets

CategoryTargetsRPORTO
Mission CriticalDB servers, auth infrastructure1 hour15 minutes
Business ImportantWeb apps, API servers4 hours1 hour
StandardDev environments, test VMs24 hours4 hours
ArchiveLogs, old snapshots1 week24 hours

Setting Up Proxmox Backup Server

Installing PBS

Follow the official PBS documentation to install on a dedicated server:

bash
# After installing from PBS ISO, access the Web UI
# https://<pbs-ip>:8007

# Or install on an existing Debian server
apt install proxmox-backup-server

Creating a Datastore

Configure a datastore to hold backups:

bash
# Create storage path
mkdir -p /backup/datastore1

# Create datastore via PBS Web UI or CLI
proxmox-backup-manager datastore create ds1 /backup/datastore1

PBS's chunk-based deduplication architecture stores only changed data, reducing storage usage by up to 90%.

Integrating with PVE

Register PBS as storage on the Proxmox VE side:

bash
# Add PBS storage to PVE
pvesm add pbs pbs-local \
  --server 192.168.1.50 \
  --datastore ds1 \
  --username backup@pbs \
  --fingerprint <PBS-fingerprint> \
  --content backup

In the Web UI, navigate to Datacenter, then Storage, then Add, then Proxmox Backup Server.

Combined with Kubo infrastructure management, you can integrate Kubernetes Persistent Volume backups into a unified management framework.

Backup Scheduling and Retention Policies

Scheduling with vzdump

vzdump is Proxmox VE's built-in backup tool. Create schedules from Datacenter, then Backup in the Web UI:

bash
# Create backup job via CLI
# Back up all VMs daily at 2:00 AM
cat > /etc/pve/jobs.cfg <<EOF
vzdump: daily-backup
    schedule 02:00
    storage pbs-local
    mode snapshot
    all 1
    compress zstd
    mailnotification failure
    mailto admin@example.com
EOF

Backup Modes:

ModeDescriptionDowntime
SnapshotLive snapshot (recommended)None
SuspendSuspend then backupBrief
StopStop VM then backupYes

Retention Policies

Retention policies balance storage costs against data protection:

bash
# Configure pruning for PBS datastore
proxmox-backup-manager prune-job create ds1-prune \
  --store ds1 \
  --schedule "daily" \
  --keep-last 3 \
  --keep-daily 7 \
  --keep-weekly 4 \
  --keep-monthly 6 \
  --keep-yearly 2

Important: Pruning only marks chunks as unused. Garbage collection (GC) is required to actually free disk space. GC typically runs automatically 30-60 minutes after pruning.

Remote Sync and Disaster Recovery

Syncing to Remote PBS

Use PBS's built-in sync job functionality to replicate backups to an offsite PBS instance:

bash
# Register remote PBS server
proxmox-backup-manager remote add remote-pbs \
  --host remote-pbs.example.com \
  --auth-id sync@pbs \
  --fingerprint <remote-fingerprint>

# Create sync job (push direction)
proxmox-backup-manager sync-job create offsite-sync \
  --store ds1 \
  --remote remote-pbs \
  --remote-store ds1-remote \
  --schedule "daily" \
  --rate-in 100  # Bandwidth limit 100 MB/s

Sync supports both push and pull directions, with bandwidth limiting and server-side encryption/decryption.

Configuring Encryption

Client-side encryption protects data in transit and at rest:

bash
# Generate encryption key
proxmox-backup-client key create /etc/proxmox-backup/encryption-key.json

# Back up the encryption key (critically important)
# Store the key in a secure location -- losing it makes backup restoration impossible

# Run encrypted backup
proxmox-backup-client backup \
  vm/100.img:/dev/vg/vm-100-disk-0 \
  --keyfile /etc/proxmox-backup/encryption-key.json \
  --repository pbs-server:ds1

Disaster Recovery Procedures

Document and regularly test recovery procedures for total-loss scenarios:

  1. Install a fresh Proxmox VE node
  2. Connect PBS storage: pvesm add pbs pbs-restore --server <pbs-ip> ...
  3. Restore VMs/CTs: Use the Web UI Backup, then Restore, or the qmrestore command
  4. Verify network configuration: IP addresses, VLANs, firewall rules
  5. Confirm service operation: Applications, database connections, DNS
bash
# Restore VM via CLI
qmrestore pbs-local:backup/vm/100/2026-05-26T02:00:00Z 100 --storage local-lvm

# File-level restore via FUSE mount
proxmox-backup-client mount pbs-server:ds1:backup/vm/100/latest /mnt/restore

Backup Verification and Testing

A backup that cannot be restored is worthless. Implement regular verification:

Automated Verification Jobs

bash
# Create verification job for PBS datastore
proxmox-backup-manager verify-job create ds1-verify \
  --store ds1 \
  --schedule "weekly" \
  --outdated-after 30  # Target snapshots not verified in 30+ days

Restore Testing

Conduct monthly restore tests to validate procedure accuracy:

  1. Prepare an isolated test network
  2. Restore a VM from the latest backup
  3. Verify application functionality
  4. Record time to restore (RTO validation)
  5. Confirm data integrity (RPO validation)

The Proxmox forum backup threads share practical DR techniques from real-world deployments.

Conclusion

Proxmox Backup Server provides enterprise-grade features including deduplication, encryption, and remote synchronization at no cost, enabling you to build a robust data protection foundation. Implement a strategy based on the 3-2-1-1-0 rule, and maintain reliability through regular verification and restore testing.

For comprehensive backup and DR strategy that includes Kubernetes workloads on Proxmox, Kubo On-Premise is the optimal choice. As a fully managed K8s solution, it automates protection and recovery of stateful workloads.

For consultation on backup and DR strategy design, contact us to discuss your requirements.

Related Links:

← Back to all posts