Sign in Subscribe
Featured

Implementing a Bulletproof 3-2-1 Backup Strategy with Proxmox Backup Server

Blog_Editor

4 min read
Implementing a Bulletproof 3-2-1 Backup Strategy with Proxmox Backup Server

My journey to implementing a comprehensive backup solution for my homelab culminated in deploying Proxmox Backup Server (PBS) with a true 3-2-1 backup strategy. After months of managing Proxmox VE nodes and experimenting with various storage configurations, I finally achieved peace of mind knowing my virtual machines and containers are protected across multiple layers of redundancy.

Understanding the 3-2-1 Backup Strategy

The 3-2-1 backup rule is the gold standard for data protection: maintain 3 copies of your data, store them on 2 different media types, and keep 1 copy offsite. In my implementation, this translates to:

  • Production data on Proxmox hosts
  • Local backups on my NAS-based PBS instance
  • Cloud backups on a remote PBS server
  • Cold storage backups on a USB-attached hard drive

This approach ensures that even in catastrophic scenarios—whether hardware failure, ransomware attacks, or natural disasters—I can restore my entire infrastructure.

My Proxmox Backup Server Architecture

Local PBS on NAS Storage

My primary backup target is a Proxmox Backup Server with its datastore mounted on my NAS, specifically on my Truenas ZFS pool that runs on 4TB HDDs configured for reliability. This PBS instance performs nightly automated backups of all my VMs and LXC containers from both Proxmox nodes.

The local PBS provides the fastest recovery path—if a VM crashes or becomes corrupted, I can restore it within minutes directly from the NAS-backed datastore. PBS's incremental backup approach with chunked deduplication means that even full VM backups consume minimal storage space, as only changed data blocks are stored after the initial full backup.

Cloud PBS for Offsite Protection

For offsite redundancy, I configured a cloud-based PBS instance, similar to services like Tuxis PBS or RemoteBackups . This provides geographical separation from my Homelab, protecting against site-level disasters.

I use PBS's built-in sync functionality to replicate backups from my local PBS to the cloud instance on a scheduled basis. The cloud PBS has a shorter retention policy compared to my local backups—I maintain the last 2 days plus quarterly and a Yearly snapshots—since this tier is primarily for disaster recovery rather than long-term archival.

The beauty of PBS's deduplication is that cloud storage requirements are significantly lower than you might expect. My cloud PBS providers offer Free Tiers for up to 100GB, which comfortably accommodates my deduplicated backup set.

Cold Storage: USB Hard Drive Backup

The final layer of my strategy involves cold storage backups on a USB-attached hard drive. This air-gapped backup provides protection against sophisticated attacks that might compromise networked storage.

I periodically export backups from my local PBS to the USB drive, which I then disconnect and store securely. While PBS stores data in chunked format that requires PBS to restore, this cold storage ensures I have a completely isolated copy that cannot be accessed by any network-based threat.

Backup Configuration and Scheduling

Retention and Pruning Policy

I implemented a retention policy that balances storage efficiency with recovery flexibility:

  • Last 5 daily backups for recent recovery needs
  • One backup every 3 months for mid-term recovery
  • Yearly backups for long-term archival

This policy applies to my local PBS, while the cloud instance maintains a streamlined last 2 backups, plus one quarterly and one yearly retention.

Automated Backup Scripts

I configured using Proxmox Backup Server the entire backup workflow to run automatically. My Proxmox VE nodes are configured to push backups to the local PBS datastore during off-peak hours, respecting my preference to avoid heavy disk activity between 23:00 and 08:00.

The backup verification process is equally automated—PBS includes built-in verification jobs that check backup integrity without requiring a full restore. This ensures that when I need to recover data, the backups are actually usable.

Network Considerations

My backup infrastructure leverages a 1 Gbps network connection for local transfers, with cloud synchronization occurring over my 250 Mbps internet link. Even with large VMs—like a 35 GB backup—the transfer times remain reasonable thanks to PBS's efficient chunking and compression.

Why Proxmox Backup Server Excels

Encryption and Security

PBS encrypts backups client-side before transmission, meaning even my cloud provider cannot access the backup contents. This encryption happens transparently, with no performance penalty, and ensures compliance with data protection requirements.

Granular Recovery Options

One of PBS's most valuable features is granular file-level recovery. Rather than restoring an entire VM to retrieve a single file, I can browse the backup catalog and extract only what's needed. This capability has saved countless hours when users accidentally delete files from my Nextcloud instance.

Deduplication Efficiency

PBS's chunk-based deduplication is exceptional. Multiple VMs running similar operating systems share common data chunks, and incremental backups only store changed blocks. This efficiency is why my cloud storage costs remain minimal despite backing up dozens of VMs.

Disaster Recovery Testing

I regularly test my disaster recovery procedures by performing restore operations from each backup tier. I've successfully:

  • Restored VMs from my local PBS
  • Pulled backups from the remote cloud PBS over my internet connection
  • Verified that cold storage exports remain accessible

This testing revealed that I can rebuild my entire infrastructure from the cloud PBS if necessary—simply deploy a new Proxmox host, reconnect to the cloud PBS datastore, and restore my critical VMs.

Lessons Learned

Implementing this three-tiered backup strategy taught me several valuable lessons:

First, automation is non-negotiable—manual backups inevitably get skipped.

Second, testing restores is as important as creating backups—a backup you can't restore is worthless.

Third, the 3-2-1 strategy isn't overkill; it's the minimum viable protection for data you can't afford to lose.

The combination of local PBS on my NAS for fast recovery, cloud PBS for offsite protection, and cold storage for air-gapped security provides comprehensive coverage against virtually any data loss scenario. With PBS's enterprise features available in the open-source version, I've built a backup infrastructure that rivals commercial solutions at a practically no cost.

What's your backup strategy? Are you still in the "I really should set that up" phase, or have you built something even more robust?​

And if you're running Proxmox without backups right now, let this be your wake-up call. Download Proxmox Backup Server today—your future self will thank you when disaster strikes.​

Found this guide helpful? Share it with your homelab community, and subscribe below for more deep-dives into self-hosting, Proxmox, and building resilient infrastructure.