Clickbait headline, but I think it is true 
Maybe others can chime in with their setups and why they need beefy hardware.
Here is my PBS testimonial.
Reading the documentation I was a little bit scared. Especially the storage part seemed brutal.
Turns out it is not that bad and I misunderstood how PBS works.
I wanted to backup 3 destination, each roughly hosting 5-10 VMs.
Mixture of Windows and Linux VMs.
Since some of the PVE are from my clients, I wanted to do it right.
AMD Ryzen 5 8500G, two 120GB SSDs for boot and two 2TB nvme for datastore.
Changed to recordsize to 4M for the datastore (which I think should be a changed default for PBS).
I was for a long time on the edge, if I should just get two HDD and combine them with L2ARC, but then decided that if I need more than 2TB in the future, I could still do that and use the NVME as svdev or L2ARC.
Turns out, the storage performance is not that important. I thought that PVE would create a chunk checksum, send that to PBS and then PBS would check some kind of metadata table or DB on the disk, to see if the checksum is already there. I think what happens instead is that the PVE will get a hashtable at the beginning. So it will check against a local hashtable and only send the chunks that are not on that table. Thank god, otherwise high latency VDSL backups would probably become a problem.
So in reality, not my storage is the bottleneck, but the 1GBit/s WAN of PBS and the 40Mbit/s upload of one PVE location.
No matter if garbage collection or prune jobs, they are under 10 seconds.
Maybe the random 4mb chunk reads when doing a restore profit a little bit from having SSDs, but probably even that would have been fine with HDDs.
If you are going to use an ACME, do it first! I did it afterwards only to realize that ACME changes the fingerprint when the cert gets renewed.
It is also easier to just get a real cert, then you don't have to use fingerprints on PVE and can just leave it empty.
Some things about permission I love, others I don't really like.
Love:
You can give PVE only the DatastoreBackup permission and have a ransomware protected backup system by doing so.
Don't like:
I struggled with api tokens and users.
I want to create an api token for PVE1 that has permission to access /datastore/PVE1namespace.
So I naturally assumed just creating a token with permission to /datastore/PVE1namespace is enough.
Instead I have to create a token tied up to a user.
Why is it combined with a user?
So I have to create the user PVE1user and then create the token with permission for /datastore/PVE1namespace.
And that is not enough either, I have to give PVE1user access to /datastore/ so PVE can read it. Which seems rather stupid, since I explicitly told PVE to use PVE1namespace.
Deduplication is pretty poor. Not because of PBS of course.
Looks like Windows just shuffles and changes too many data even during normal usage.
I currently have 18x backups of each VM and my deduplication factor is only 11x.
All in all, I am very happy with PBS!
Unlike PVE, for PBS pricing is a little bit too steep for me. But thankfully that isn't a problem since you let me use the community edition.
Keep up the good work!
Maybe others can chime in with their setups and why they need beefy hardware.
Here is my PBS testimonial.
Reading the documentation I was a little bit scared. Especially the storage part seemed brutal.
Turns out it is not that bad and I misunderstood how PBS works.
I wanted to backup 3 destination, each roughly hosting 5-10 VMs.
Mixture of Windows and Linux VMs.
Since some of the PVE are from my clients, I wanted to do it right.
AMD Ryzen 5 8500G, two 120GB SSDs for boot and two 2TB nvme for datastore.
Changed to recordsize to 4M for the datastore (which I think should be a changed default for PBS).
I was for a long time on the edge, if I should just get two HDD and combine them with L2ARC, but then decided that if I need more than 2TB in the future, I could still do that and use the NVME as svdev or L2ARC.
Turns out, the storage performance is not that important. I thought that PVE would create a chunk checksum, send that to PBS and then PBS would check some kind of metadata table or DB on the disk, to see if the checksum is already there. I think what happens instead is that the PVE will get a hashtable at the beginning. So it will check against a local hashtable and only send the chunks that are not on that table. Thank god, otherwise high latency VDSL backups would probably become a problem.
So in reality, not my storage is the bottleneck, but the 1GBit/s WAN of PBS and the 40Mbit/s upload of one PVE location.
No matter if garbage collection or prune jobs, they are under 10 seconds.
Maybe the random 4mb chunk reads when doing a restore profit a little bit from having SSDs, but probably even that would have been fine with HDDs.
If you are going to use an ACME, do it first! I did it afterwards only to realize that ACME changes the fingerprint when the cert gets renewed.
It is also easier to just get a real cert, then you don't have to use fingerprints on PVE and can just leave it empty.
Some things about permission I love, others I don't really like.
Love:
You can give PVE only the DatastoreBackup permission and have a ransomware protected backup system by doing so.
Don't like:
I struggled with api tokens and users.
I want to create an api token for PVE1 that has permission to access /datastore/PVE1namespace.
So I naturally assumed just creating a token with permission to /datastore/PVE1namespace is enough.
Instead I have to create a token tied up to a user.
Why is it combined with a user?
So I have to create the user PVE1user and then create the token with permission for /datastore/PVE1namespace.
And that is not enough either, I have to give PVE1user access to /datastore/ so PVE can read it. Which seems rather stupid, since I explicitly told PVE to use PVE1namespace.
Deduplication is pretty poor. Not because of PBS of course.
Looks like Windows just shuffles and changes too many data even during normal usage.
I currently have 18x backups of each VM and my deduplication factor is only 11x.
All in all, I am very happy with PBS!
Unlike PVE, for PBS pricing is a little bit too steep for me. But thankfully that isn't a problem since you let me use the community edition.
Keep up the good work!
Last edited:
