Encrypted SMB Storage

K

Khensu

Member
Proxmox Subscriber
Feb 3, 2023
4
1
8
Hello Proxmox Community,

I'm just trying to mount my SMB/CIFS Storage for my backups.
For this I rent a Storage Box at Hetzner, they offer SAMBA/CIFS and more but SMB is the only
method Proxmox supports of them.
At the bottom of the page https://docs.hetzner.com/robot/storage-box/access/access-samba-cifs/ they say you have to add
"seal" to the mount command, as the connection is over the internet I rather have my backups transfered encrypted or not?
Or is Proxmox using encryption with SMB by default?
I may also use backup based encryption, so the backups themselves are encrypted, is this already possible over the Webinterface?

Thank you in advance :)
 
Encrypted backups are only supported when running a Proxmox Backup Server.

If you want to modify how that SMB Share is mounted, you could manually mount that SMB share using the fstab and then add a directory storage pointing to its mountpoint.
 
Thank you very much.
This could be a solution your right!
I wanted to use backup based encryption as well but I don't have a Proxmox backup Server.

I have now decided to use BorgBackup and transfer my backups with that to my StorageBox.
 
Khensu said:
I have now decided to use BorgBackup and transfer my backups with that to my StorageBox.
Click to expand...
That's a valid solution; I am using Borg for other means and I like it very much. But it is not "integrated" in PVE and for that reason I would do it this way instead:
  • as @Dunuin mentioned: mount that SMB-share locally and use the space as a "directory"-storage
  • accept that this storage is not trustworthy and avoid to store plain unencrypted data on it
  • install PBS and connect it to your PVE the documented and tested way - with encryption on this level
The main advantage is to have your backups integrated in PVE in a manageable way - backup/restore works from the PVE-Webgui without manually handling BorgBackup.

PBS can be setup on separate hardware (of course recommended for obvious reasons!), directly on the PVE host, in a Container or in a VM. Every approach has pros and cons already discussed here in the forum.

Just my 2 €¢...

----
Edit: Forget it! (I mean: my approach.) PBS is extremely slow in this constellation. Probably unbearable. PBS needs IOPS - the recommended configuration for its datastore is local SSDs...
 
Last edited:
You must log in or register to reply here.
Top Bottom