I've just started playing with an instance today. My plan is to use the seven day trial to decide if I keep it. So far, I believe I will.
Here's my setup:
- One local proxmox host
- One local, physical PBS
- All backups go from proxmox to local PBS and are encrypted
- I set the cloud-pbs instance to sync (see details below)
- I've added the cloud-pbs instance into proxmox
I think I've done this securely. I have my firewall NATing the local PBS and only permitting the cloud-pbs IP.
On the local PBS, I created a user with DatastoreReader and RemoteSyncOperator. That user has TOTP MFA set up as well as an API key with the same permissions. On the cloud-pbs server, I set up a pull sync.
To permit proxmox to talk to the cloud-pbs server, I created a user there with only DatastoreReader. That user is also protected by TOTP and has an API key with the same permissions.
I believe those permissions mean that a compromise of the remote cloud-pbs system means that all they have are access to encrypted backups and read-only access to my local PBS.
Should my local systems be compromised, the bad guys will have my encryption key, but will not be able to do anything to the remote backups, since they only have read access.
Sync and restore from cloud-pbs worked successfully. I'm less than a day in, but I'm happy.
I still need to figure out some way to get e-mail alerting on issues.
