I'm doing a tabletop review of our off-site backup strategy and have run into a snag.
We have an on-prem PBS for frequent (daily/weekly) backups and convenient recoveries (runs as a VM on our proxmox cluster). This works fine, however, for all the reasons...
We also have an off-site PBS (also running on a proxmox cluster) that is remote-synced to the on-prem. It performs sync operations over the weekend. The off-site PBS is located at my house where we have 60Mbps down and 10Mbps up. The 60Mbps downstream did take several weeks to perform initial synchronizations, but now, differential data backups only take 10-20 hours or so per week. Not bad...
Unfortunately, If I ever had to recover from this remote, the 10Mbit upstream the other way would not work. It would take months to move the data back the other way.
We encrypt all of our backups and store the encryption key in a totally separate system environment for recovery. I've noticed that the option to download the VM data through the web interface is greyed out on the encrypted files. This puts a bit of a snag into what would have been an easy way to download VM data to an external drive and just physically deliver it to the office where we could recover it?
Physically bringing my cluster to work isn't practical.
I think the best way would be to connect an external drive to one of my cluster nodes at home, mount it as a storage location, and then use the backup feature on Proxmox VE to copy the entire PBS server to the external drive, then "recover" that backup on the cluster at work, then configure it as a backup location and inject the encryption keys, then begin recovering the VM's from the "recovered" PBS VM.
Does that seem like the best way?
Currently, this would work, as the total size of the off-site PBS server is only ~10TB. It would "fit" on a big HDD. My concern, is that this method requires a destination drive large enough to hold the entire PBS VM as a single backup file. Eventually, it might not fit on a single huge drive and then the process may get a bit too complicated for a time sensitive re-build.
Why can't I download the encrypted fidx files? Is this by design?
greyed out download links...
Thanks!
We have an on-prem PBS for frequent (daily/weekly) backups and convenient recoveries (runs as a VM on our proxmox cluster). This works fine, however, for all the reasons...
We also have an off-site PBS (also running on a proxmox cluster) that is remote-synced to the on-prem. It performs sync operations over the weekend. The off-site PBS is located at my house where we have 60Mbps down and 10Mbps up. The 60Mbps downstream did take several weeks to perform initial synchronizations, but now, differential data backups only take 10-20 hours or so per week. Not bad...
Unfortunately, If I ever had to recover from this remote, the 10Mbit upstream the other way would not work. It would take months to move the data back the other way.
We encrypt all of our backups and store the encryption key in a totally separate system environment for recovery. I've noticed that the option to download the VM data through the web interface is greyed out on the encrypted files. This puts a bit of a snag into what would have been an easy way to download VM data to an external drive and just physically deliver it to the office where we could recover it?
Physically bringing my cluster to work isn't practical.
I think the best way would be to connect an external drive to one of my cluster nodes at home, mount it as a storage location, and then use the backup feature on Proxmox VE to copy the entire PBS server to the external drive, then "recover" that backup on the cluster at work, then configure it as a backup location and inject the encryption keys, then begin recovering the VM's from the "recovered" PBS VM.
Does that seem like the best way?
Currently, this would work, as the total size of the off-site PBS server is only ~10TB. It would "fit" on a big HDD. My concern, is that this method requires a destination drive large enough to hold the entire PBS VM as a single backup file. Eventually, it might not fit on a single huge drive and then the process may get a bit too complicated for a time sensitive re-build.
Why can't I download the encrypted fidx files? Is this by design?
greyed out download links...
Thanks!
