"One better remote PBS" vs "Two worse PBSs with one local, one remote"

P

PaddyPatPat

New Member
Aug 20, 2023
6
1
3
I'm trying to decide how to use my resources for Proxmox Backup Server(s). I can either build one or two of them with what I have.

Therefore I can either:
  • dedicate all of my SSDs and HDDs to one large PBS that is remote from my PVEs, or
  • split my resources:
    • locally (with the PVEs) place storage SSDs (data and metadata) and HDDs (some data) in the first PBS, and then
    • remotely place storage HDDs in the second PBS.
If I split my resources then I would do a pull sync from the remote PBS of the contents of the local PBS.

The network connection between the local and the remote site is via a Tailscale network across the internet with a bandwidth of ~200-300 megabits/sec.

My questions:
  1. Would one of the two options be preferable for this network environment?
  2. In the case of two PBSs, assuming that the retention policies on both PBSs are the same, would the vast majority of deduplication work be done on the local PBS, or would both PBSs be heavily running deduplication processes?
  3. In the case of two PBSs, if the remote PBS is given a sparser retention policy (for example: keeping less daily backups), would this affect the deduplication workload performed on the remote PBS?
I've taken note of the advice of this thread: https://forum.proxmox.com/threads/p...sync-only-latest-n-backups.118903/post-515702 .

Thank you for your time and help,

Patrick.
 
Last edited:
The dedupe happens during the backup when PBS decides chunk 1003 exists already but 1004 does not.

Our setup has a remote. I’d expect less network traffic by syncing to the other PBS.

If the remote PBS has a different retention policy then does it sync the daily backups then remove them? I’d think it should be the same or more that is kept.
 
  • Like
Reactions: PaddyPatPat and Johannes S
Hello,

you might want to read the chapter on ransomware protection of the PBS manual: https://pbs.proxmox.com/docs/storage.html#ransomware-protection-recovery

In my opinion it's always better to have one local and one remote backup. A local one for fast restore and a remote one so you still have your data in case your local data is lost beyond repair. This also ensures that your backup strategy conforms to the 3-2-1 rule: You should have at least three copies of your data (one production plus two backups) , two of them on different storage media (so not the same disc or server!) and one of them offsite.
Obviouvsly your network will be the main bottleneck for the actual backup but that's not the whole story: PBS also will need to run verify and garbage collection jobs from time to time (e.G. daily or weekly) for two reasons:
  • To verify, that the data is still consistent, readable and restorable (you will still want to do a manual restore test from time to time, but this automation is a good foundation)
  • To remove any data not needed anymore
For this the choice of storage media is quote important since both operations needs huge IOPS which HDDs simply don't have. The reason is that PBS splits all data in a lot of small files (called "chunks"). The actual backup snapshots don't store the data, instead they have references to the chunks. If no snapshot references a chunk anymore that chunk can be removed to free some disc space which is done by the garbage collection jobs.

To illustrate this here is an excerpt from a recent garbage collection job on my PBS:
2025-05-27T02:00:21+02:00: Original data usage: 64.77 TiB
2025-05-27T02:00:21+02:00: On-Disk usage: 273.444 GiB (0.41%)
2025-05-27T02:00:21+02:00: On-Disk chunks: 248819
2025-05-27T02:00:21+02:00: Deduplication factor: 242.55
2025-05-27T02:00:21+02:00: Average chunk size: 1.125 MiB
Click to expand...

So my backups would need 64,77 TiB if I want to restore everything (which I don't since they also include the older copies), thanks to the storage as chunks they only need 273,44 GiB and are split on 248819 small files. This space saving has a cost though: Any garbage collection job needs to check the metadata of every chunk file to see whether they were referenced in a backup snapshot in the last 24 hours. Only if they are not referenced in a snapshot for more than 24 hours and five minutes they will be removed. And the verify job will need to not only read the metadata but also the actual data. As one can imagine this is quite slow on classical HDDs since their rotor head need to move around the whole time.

With other words: A HDD only datastore will need a long time for the garbage collection or verify jobs, in this forum people reported durations of 10 hours and more (depending on the amount of data). ZFS has a nice feature though to mitigate this: If you add SDDs as metadata cache ("special device") to your HDD pool the metadata of any new file will be saved on the HDD. Thus any operation accessing the metadata (like most operations of the garbage collection job) will perform a lot better than with a plain HDD ZFS pool:
https://pve.proxmox.com/wiki/ZFS_on_Linux#sysadmin_zfs_special_device
This has some caveats though:
  • The redundancy of the special device should match the redundancy of the HDDs, meaning that if you have two HDDs in a mirror for your datastore your special device should be a mirror of two SSDs. If you have a RAIDZ-ZFS-pool with three HDDs, your special device should consist of three SSDs etc.
  • The capacity of the SSDs should be around 2% of the HDDs (this is a rule of thumb from several forum discussions here and on the TrueNAS forum, the recommendations ranged from 0,02 % to 2%)
  • If the special device gets (for whatever reason) broken, you also loose everything in your HDD pool

Another thing to consider: ZFS RAIDZ is better for data safety (more redundancy, you have more random discs which might fail) but a striped mirror (ZFS jargon for RAID10) is way better for performance and IOPS (which are as said quite important for PBS).
So I would have a local small PBS with SSDs and a relative short retention policy for fast local restores and one large remote PBS as long-time-backup/archive with a ZFS striped mirror con HDDs with four SSDs as special device and a long term retention policy.

In terms of deduplication: As far I know a sync job will always check first, whther the chunks to be synced are already present on the target datastore. So the local PBS should do most of the deduplication. This assumes of course that you use sync jobs (recommended!) instead of configuring one backup job per PBS (not recommended!)

Personally I would use a pull sync job. It allows you to setup the remote PBS that any sync from your local PBS will only allow adding new data but not altering or removing any data which is a good strategy in terms of ransomware protection: https://pbs.proxmox.com/docs/storage.html#ransomware-protection-recovery

Even better you could create a firewall rule that your local PBS can be accessed by the remote PBS (to pull-sync backups from the local PBS to the remote one) but not vice versa. So even if your whole local infrastructure is taken over by a bad actor he won't be able to do any harm to your remote PBS.
So after you wiped your complete local infrastructure you could temporary enable access to the remote pbs to restore and rebuild everything.

Hope this helps :)
 
Last edited:
  • Like
Reactions: wbk, UdoB and PaddyPatPat
This is an amazing answer. Thank you Johannes. :)

I had not thought about putting a smaller PBS locally and a larger one at the remote end but I can see your logic. It seems like I'm going to need to figure out how to get some more SSDs into the mix so that at least the metadata of both PBSs are on SSD.

I really had not thought about Ransomware but it seems to serve as a good goalpost for evaluating the design of the system, even if it's not an obvious primary consideration.

I need to make decisions regarding how much I use RAIDZ1 and how much I use mirrored pairs. In the past I have always used mirrored pairs but I figured that since this is a backup I could downgrade my speed and upgrade my storage. Your post suggests otherwise. I will look into the duration of garbage collections when using HDDs vdevs with metadata special vdevs.

The largest culprit that needs off-site backup is the 12TB TrueNAS VM. Somehow (despite the size of drives these days) this amount has been unusually unwieldy to look after without getting serious about file storage.

But a plan is coming together. Thank you for your help!
 
Last edited:
  • Like
Reactions: Johannes S
You are still in the design phase thus I would do tests with several configurations ( RAIDZ versus striped mirrors with and without special device) and some large amounts of testdata
 
Last edited:
  • Like
Reactions: PaddyPatPat
Another thing to consider: For large amounts of bulk data like your TrueNAS VM I would reconsider whether you would actually use PBS for that. If you follow best practices ( https://www.truenas.com/community/r...guide-to-not-completely-losing-your-data.212/ https://www.truenas.com/blog/yes-you-can-virtualize-freenas/ and https://forum.proxmox.com/threads/best-practice-for-truenas-virtualized-on-proxmox.133536/ https://www.truenas.com/community/r...guide-to-not-completely-losing-your-data.212/ ) you attached the discs of the TrueNAS via a custom storage adapter you PCI passthrough. This is really needed (see tThe catch with this is that then PBS won't be able to do anything with it except if you use the backup client from inside the TrueNAS VM. For this reason (and because I don't really like PBS for client backups anyhow) I use PBS for backups of vms and lxcs and for anything else (TrueNAS bulk data, Proxmox host backups, my Notebooks data) restic. The benefit is also that for the bulk data I don't need a running PBS for offsite backup but can use relative cheap cloud storage (a hetzner storagebox in my case with 5TB of available space for 13 Euro per month. For comparison my remote PBS on a cheap netcup vserver also cost around 13 Euro but can hold only around 13 Euro for 500 GB storage). Now in a corporate environment your budget obviouvsly will have different constraints but still something to consider.

If you don't use a passtrhoughed PCI SATA adapter for your storage media please the linked best practice links, you are risking loosing your data.
 
  • Like
Reactions: PaddyPatPat
Yes I've been coming to the same conclusion. This however throws up a bunch more issues, primarily being the number of computers and storage devices involved.
  • PBS is consistently recommended everywhere to be installed on bare metal.
  • The links you shared (I've only skimmed them so far) suggest that virtualised TrueNAS should have every drive passed to it via PCIe Host Bus Adapters dedicated to that VM.
  • My understanding is that the easily accessible and recommended older LSI HBAs are overwhelmed pretty easily by today's SSDs. They were built for the "HDD only" days.
So jumping ahead and making some initial broad expectations of the end results, it looks like I'm suppose to run:
  • Locally:
    • My local PVE servers (currently two).
      • TrueNAS VM probably with multiple PCIe 4x M.2 SSD cards passed directly to it, or U.2 drives also passed via PCIe cards.
    • TrueNAS on bare metal as a local backup.
    • PBS on bare metal as a local backup.
  • Remotely:
    • A TrueNAS on bare metal as a remote backup.
    • A PBS on bare metal as a remote backup.
Assuming I have my 12TB of data to store, and taking into account that pools are considered full at 80% usage:
  • Locally:
    • PVE server 1 with storage dominated by the TrueNAS VM:
      • 2x OS SSDs (mirrored pair),
      • 2x VM SSDs (mirrored pair),
      • Say... 8x 4TB NVME M.2 drives (hosted via two PCIe 4x M.2 card) for a total of 12.8TB using mirrored pairs, or 19TB using RAIDZ1),
    • PVE server 2:
      • 2x SSDs for OS and VMs (mirrored pair),
    • TrueNAS local backup:
      • 2x OS SSDs (mirrored pair),
      • 6x 8TB HDDs (3x mirrored pair vdevs providing 19TB),
      • 2-3x 400GB+ SSDs (mirrored) for a metadata special device for the HDDs.
    • PBS local backup:
      • 2x OS SSDs (mirrored pair),
      • 2x 2-4TB SSDs (mirrored pair),
  • Remotely:
    • TrueNAS remote backup:
      • 2x OS SSDs (mirrored pair),
      • 6x 8TB HDDs (3x mirrored pair vdevs providing 19TB),
      • 2-3x 400GB+ SSDs (mirrored) for a metadata special device for the HDDs.
    • PBS remote backup:
      • 2x OS SSDs (mirrored pair),
      • 2x 2-4TB SSDs (mirrored pair),
I picked the 8TB HDDs as I have a bunch already.

That totals to:
  • 10x OS SSDs,
  • 8-10x 400GB+ OS/VM/Metadata SSDs,
  • 4x 2-4TB SSDs,
  • 8x 4TB NVME SSDs,
  • 12x 8TB HDDs.
That's about 140TB of storage in total, plus the associated hardware. This doesn't strike me as a reasonable solution to 12TB of data (and no room to grow).

Perhaps this is all going down the wrong route?

So dump the recommendations and do:
  • One local TrueNAS VM with lots of snapshots, and one remote PVE hosting a TrueNAS VM and a PBS VM?
  • Dump TrueNAS and use 3 node ceph, and one remote bare metal PBS? It would be hilarious if Ceph was more space efficient.
  • Perhaps there is a place for ZFS Send with incremental backups? Use it with a Pelican case full of the existing used HDDs stored off site?
  • Something else entirely?
As I said earlier, 12TB+ of data suddenly seems hard. I'm very willing to hear how I'm going wrong.
 
Last edited:
You must log in or register to reply here.
Top Bottom