PDM Beta realesed testing

[sumanraic001]

Dear Awaysome Proxmox Team,

I have been testing the Proxmox Datacenter Manager (PDM) beta release for months. As we all know, PDM introduces powerful capabilities to monitor and manage multiple clusters from a single dashboard. To further enhance its usability within enterprise infrastructures, I would like to propose the following feature improvements:

1. Support for Adding PBS Servers by Cluster
   Allow administrators to add Proxmox Backup Server (PBS) instances automatically after adding a remote cluster or node.
   
   
2. Centralized Management of All Connected PBS Instances
   Provide the ability to manage all remote or linked PBS servers directly from a single PDM node.
   
   
3. Integration of PBS Sync Features within PDM
   Since PBS already supports backup retention and Remote Sync (PULL/PUSH), integrating these features into the PDM interface would significantly streamline backup coordination across environments.
   
   
4. Built-in Disaster Recovery Mechanisms
   Introduce native DR features such as automated failover and failback/recovery workflows within the PDM dashboard.
   

In many enterprise environments, organizations rely on third-party solutions such as Veeam to fulfill their RTO and business continuity requirements. Incorporating the enhancements above would position Proxmox PDM as a highly competitive and comprehensive opensource alternative.

While options like ZFS replication and PBS Sync are available, they often require advanced scripting and deeper administrative effort. Providing these functionalities directly in the WebUI especially capabilities such as VM replication to a dedicated DR site would greatly increase the value and adoption of PDM in production environments.

Regards,
Suman Rai

 

[robertlukan]

I agree with your points, especially I would like to have DR mechanisms inside the PDM. Especially, having option for failover between Ceph clusters. Currently I am considering scripting it on my own.

 

[sumanraic001]

I agree with your points, especially I would like to have DR mechanisms inside the PDM. Especially, having option for failover between Ceph clusters. Currently I am considering scripting it on my own.

Yes @robertlukan you are correct,. However, the enter-cluster VM migration feature already exists in PDM, and it would be highly beneficial if the Proxmox team could expand on this capability, particularly by integrating more advanced functionality such as replication and, most importantly, enhanced disaster recovery options.

 

[UdoB]

Your ideas look really interesting!

The recommended place for Bugs and also for Feature Requests is over there: https://bugzilla.proxmox.com/enter_bug.cgi?product=pdm

While several Proxmox staff members do regularly use this forum (thank you for that!), that one is considered to be watched by the developers more attentive.

 

[Johannes S]

1. Support for Adding PBS Servers by Cluster
   Allow administrators to add Proxmox Backup Server (PBS) instances automatically after adding a remote cluster or node.

PBS is in general not clustered at all and the PDM doesn't need a cluster to work. There is already support for adding pbs servers via cli:

Enable Proxmox Backup Server Integration, CLI only for now.

https://pve.proxmox.com/wiki/Proxmox_Datacenter_Manager_Roadmap

Here somebody managed to use this: https://forum.proxmox.com/threads/add-pbs-to-pdm-by-cli-howto.171811/

I see one problem though: At the moment you can seperate the PBS from your PVE to achieve higher security: You can configure PBS permissions that your PVE hosts are only allowed to add backups to it but not remove or otherwise alter them. Likewise you can configure your local PBS , that another (remote) PBS can do a pull-sync to pull the backups from your local PBS but also not remove or alter them. In this scenario your local PBS doesn't need to have any access rights on the remote PBS and you can even configure the firewall on the remote PBS that it can't be accessed from your local architecture. The result is, that a bad actor/ransomware could completly wipe your local infrastructure without doing any harm to the backups on your offsite PBS: https://pbs.proxmox.com/docs/storage.html#ransomware-protection-recovery

Now to manage PBS from the DatacenterManager (PDM) you need to give the PDM permissions to do everything you otherwise would do on your PBS from the PDC. With other words: If an attacker manage to take over the PDM he can also wreak havoc on your backups.

So I'm actually not convinced that integrating PBS managment in PDC is a good idea. I might be wrong though and are happy to get corrected

 

[dcsapak]

Now to manage PBS from the DatacenterManager (PDM) you need to give the PDM permissions to do everything you otherwise would do on your PBS from the PDC. With other words: If an attacker manage to take over the PDM he can also wreak havoc on your backups.

So I'm actually not convinced that integrating PBS managment in PDC is a good idea. I might be wrong though and are happy to get corrected

You can also opt to only given the Datacenter Manager a token with limited access rights, e.g. audit only.
PDM will not be able to *do* anything, but you can still monitor it and get quick access with a link.

 

[Johannes S]

You can also opt to only given the Datacenter Manager a token with limited access rights, e.g. audit only.

Thanks for the pointer regarding the permissions. This indeed reduces the attack surface Still I think it's even more secure to limit access to the offsite PBS with iptables or some other firewall, that the PBS can only pull backups from the local pbs but nobody can access it (except an admin via wireguard or some other vpn). Of course, in the end, everyone has to decide for themselves what compromises they are willing to make between paranoia and convenience. I just wanted to point out, that having every PBS in the DatacenterManager to have comfortable management might not be the smart idea, people think it to be

 

[sumanraic001]

PBS is in general not clustered at all and the PDM doesn't need a cluster to work. There is already support for adding pbs servers via cli:



Here somebody managed to use this: https://forum.proxmox.com/threads/add-pbs-to-pdm-by-cli-howto.171811/

I see one problem though: At the moment you can seperate the PBS from your PVE to achieve higher security: You can configure PBS permissions that your PVE hosts are only allowed to add backups to it but not remove or otherwise alter them. Likewise you can configure your local PBS , that another (remote) PBS can do a pull-sync to pull the backups from your local PBS but also not remove or alter them. In this scenario your local PBS doesn't need to have any access rights on the remote PBS and you can even configure the firewall on the remote PBS that it can't be accessed from your local architecture. The result is, that a bad actor/ransomware could completly wipe your local infrastructure without doing any harm to the backups on your offsite PBS: https://pbs.proxmox.com/docs/storage.html#ransomware-protection-recovery

Now to manage PBS from the DatacenterManager (PDM) you need to give the PDM permissions to do everything you otherwise would do on your PBS from the PDC. With other words: If an attacker manage to take over the PDM he can also wreak havoc on your backups.

So I'm actually not convinced that integrating PBS managment in PDC is a good idea. I might be wrong though and are happy to get corrected

Can we achieve the following using the CLI?

When adding Backup Storage to a host or cluster, we currently verify access using a username, password, and fingerprint. I would like the following functionality to be available in PDM:

1. Automatic PBS and Storage Association
After a user adds hosts in PDM, the system should allow the user to select the associated PBS instance and the storage mounted on the Proxmox VE host. The system must validate and allow the user to define the relationship between the PBS instance and the backup storage.


2. Centralized Backup Management
A unified dashboard should allow users to configure, manage, and schedule backup jobs in one place.


3. Live VM Replication Across Sites
Users should be able to perform live replication of virtual machines.
To clarify: this is not referring to in-cluster replication or ZFS/Ceph-level replication. The requirement is to support live, cross-site replication of critical VMs—such as domain controllers—so that the secondary instance remains continuously synchronized. In the event of a production site failure, the DR site should automatically be able to assume operations using the replicated VM.


4. Disaster Recovery (DR) Site Configuration
Users should be able to create or add a standby cluster (DR site) or host where critical workloads—such as DC, DNS, and other essential services—can be replicated and maintained in a ready-to-activate state.


5. Failover, Failback, and Recovery
Users should be able to easily migrate or recover critical virtual machines from the DR site back to the production environment once it is operational again.


6. Leverage Existing PBS Capabilities
All the above should make use of the existing features and capabilities of Proxmox Backup Server.



Additionally, since Proxmox is actively developing a platform like PDM, it would be highly beneficial to enhance its capabilities to incorporate PBS-driven DR concepts. Integrating backup, replication, and disaster recovery workflows more tightly into the platform would significantly strengthen its overall value.

If the intention is to keep PDM limited to a narrow set of features, then there is no further feedback from my side.

 

[Johannes S]

Can we achieve the following using the CLI?

No, since the PBS integration is still in it's early stages. And please note that I'm just a enduser myself, so I might have strong opinions but in the end the developers have to decide what they implement or not. I would however appreciate if you don't do a fullquote just to reiterate your points. I needed some time to realise that most of your post didn't contained anything new.

Imho your best course of action would be to file a feature request with your suggestions on bugzilla.proxmox.com and then see what the developers think of it

 

[sumanraic001]

PBS is in general not clustered at all and the PDM doesn't need a cluster to work. There is already support for adding pbs servers via cli:



Here somebody managed to use this: https://forum.proxmox.com/threads/add-pbs-to-pdm-by-cli-howto.171811/

I see one problem though: At the moment you can seperate the PBS from your PVE to achieve higher security: You can configure PBS permissions that your PVE hosts are only allowed to add backups to it but not remove or otherwise alter them. Likewise you can configure your local PBS , that another (remote) PBS can do a pull-sync to pull the backups from your local PBS but also not remove or alter them. In this scenario your local PBS doesn't need to have any access rights on the remote PBS and you can even configure the firewall on the remote PBS that it can't be accessed from your local architecture. The result is, that a bad actor/ransomware could completly wipe your local infrastructure without doing any harm to the backups on your offsite PBS: https://pbs.proxmox.com/docs/storage.html#ransomware-protection-recovery

Now to manage PBS from the DatacenterManager (PDM) you need to give the PDM permissions to do everything you otherwise would do on your PBS from the PDC. With other words: If an attacker manage to take over the PDM he can also wreak havoc on your backups.

So I'm actually not convinced that integrating PBS managment in PDC is a good idea. I might be wrong though and are happy to get corrected

No, since the PBS integration is still in it's early stages. And please note that I'm just a enduser myself, so I might have strong opinions but in the end the developers have to decide what they implement or not. I would however appreciate if you don't do a fullquote just to reiterate your points. I needed some time to realise that most of your post didn't contained anything new.

Imho your best course of action would be to file a feature request with your suggestions on bugzilla.proxmox.com and then see what the developers think of it

Yes, I’ve already posted this in Bugzilla. In enterprise environments, when proposing a migration from other virtualization platforms to Proxmox, RTO and Business Continuity are key concerns. While these needs can be met through scripts or third-party tools, my request comes as a Proxmox enthusiast hoping to see these capabilities integrated natively.