Proxmox Backup Server Architecture and Operating Principles

Posted on by Rico

Proxmox Backup Server: Architecture and Operating Principles

Posted on: January 3, 2026

๐Ÿ”ฐ Introduction

In modern virtualization and cloud environments, backup is not merely a data protection measure โ€”
itโ€™s the backbone of business continuity and disaster recovery.

Traditional backup methods (full + differential) often lead to storage waste, redundant data, and slow restores.
Proxmox Backup Server (PBS) redefines backup management through a modern, efficient architecture built on:

  • Incremental backup
  • Data deduplication
  • Compression and encryption
  • Integrity verification

Together, these features enable PBS to achieve space efficiency, high security, and fast restore performance,
while maintaining end-to-end data reliability.

๐Ÿงฉ 1. Architectural Overview

System Architecture Diagram

          โ”Œโ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”
          โ”‚      Proxmox VE Cluster       โ”‚
          โ”‚ (VMs / CTs / Hosts / Nodes)   โ”‚
          โ””โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”ฌโ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”˜
                        โ”‚
                Incremental Backup
                        โ”‚
          โ”Œโ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”
          โ”‚     Proxmox Backup Server     โ”‚
          โ”‚  (Datastore + Verifier + API) โ”‚
          โ””โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”ฌโ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”˜
                        โ”‚
               Remote Sync / Cloud Tier
                        โ”‚
          โ”Œโ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”
          โ”‚  Secondary PBS / Object Store โ”‚
          โ””โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”˜

The PBS architecture consists of three layers:
1๏ธโƒฃ Source (Client) โ€“ Proxmox VE, Linux hosts, or PBS clients
2๏ธโƒฃ Backup Server (Core) โ€“ performs deduplication, compression, encryption, and verification
3๏ธโƒฃ Sync Layer (Remote / Cloud) โ€“ replicates data to offsite PBS nodes or object storage

โš™๏ธ 2. Core Operating Principles

1๏ธโƒฃ Incremental Backup

Instead of creating full image backups each time, PBS uses chunk-based incremental backup:

  • Each backup is divided into fixed-size chunks (default 4 MiB).
  • Each chunk is hashed (SHA-256).
  • Only new or changed chunks are uploaded; unchanged chunks are referenced from previous backups.

โœ… This drastically reduces both storage space and network bandwidth usage.

2๏ธโƒฃ Data Deduplication

PBS maintains a global chunk index database across all backups in a datastore.
Identical data blocks across different VMs or backup versions are stored only once.

Benefits:

  • Massive storage savings
  • Fast restores (only referenced chunks are reassembled)

๐Ÿ“ฆ Deduplication is the heart of PBS โ€” enabling terabyte-scale backups with minimal storage overhead.

3๏ธโƒฃ Compression

PBS uses Zstandard (ZSTD) compression by default โ€” striking an excellent balance between speed and ratio.
Data is compressed inline during transmission and storage, without user intervention.

Real-time compression reduces I/O and improves throughput efficiency.

4๏ธโƒฃ Encryption

PBS supports client-side encryption, ensuring end-to-end data protection.

  • Data is encrypted before leaving the source system.
  • The server never sees unencrypted data.
  • AES-256-GCM encryption ensures robust security and authentication.

This makes PBS ideal for offsite or multi-tenant environments.

5๏ธโƒฃ Verification

PBS features built-in Verify Jobs, which periodically validate data integrity through:

  • Snapshot index checks (index.json)
  • Chunk hash verification
  • Datastore consistency validation

If a corrupted or missing chunk is detected, PBS automatically flags it for re-sync or rebuild.

๐Ÿง  3. Backup and Restore Workflows

๐ŸŒ€ Backup Workflow

[Client VM/CT]
   โ†“
Chunk-based backup
   โ†“
[Proxmox VE Backup Daemon (vzdump)]
   โ†“
Network Stream (ZSTD + AES)
   โ†“
[PBS Datastore]
   โ†“
Indexed, deduplicated, stored

Process Summary:
1๏ธโƒฃ The client (VE node or host) initiates a backup task.
2๏ธโƒฃ Data is chunked, compressed, and optionally encrypted.
3๏ธโƒฃ Chunks are transferred and stored in the PBS datastore.
4๏ธโƒฃ Metadata and index files record chunk references for quick future access.

๐Ÿ” Restore Workflow

[PBS Datastore]
   โ†“
Index Lookup + Chunk Mapping
   โ†“
Decompression + Decryption
   โ†“
[Proxmox VE / Host Target]
   โ†“
Rebuild Image / Container

Because PBS restores only the required chunks rather than entire archives,
recovery is significantly faster than traditional image-based methods.

๐Ÿงฎ 4. Data Structure and Storage Layout

PBS stores backups in a structured hierarchy:

/mnt/datastore/
โ””โ”€โ”€ vm-101/
    โ”œโ”€โ”€ 2024-12-25T00:00:00Z/
    โ”‚   โ”œโ”€โ”€ index.json
    โ”‚   โ”œโ”€โ”€ drive-scsi0.img.fidx
    โ”‚   โ””โ”€โ”€ chunks/
    โ”œโ”€โ”€ 2024-12-26T00:00:00Z/
    โ”‚   โ”œโ”€โ”€ index.json
    โ”‚   โ””โ”€โ”€ drive-scsi0.img.fidx
  • index.json โ€“ describes backup structure and chunk mapping
  • .fidx โ€“ per-disk chunk index file
  • chunks/ โ€“ actual deduplicated binary data blocks

PBS supports multiple datastores, each with its own retention and verification schedule.

โ˜๏ธ 5. Remote Sync and Multi-Site Redundancy

PBS includes Sync Jobs, enabling efficient replication to remote PBS servers:

proxmox-backup-manager sync-job create \
--source local-pbs \
--remote remote-pbs@10.0.1.10:8007 \
--store pbs-remote

It can also integrate with Ceph RGW or S3-compatible object storage for cloud backups.

โœ… Only new or changed chunks are transferred โ€” reducing network load and enabling real-time disaster recovery.

๐Ÿ”’ 6. Security and Access Control

PBS shares the same RBAC (Role-Based Access Control) model as Proxmox VE:

  • User, group, and role-based permissions
  • API tokens, LDAP, and 2FA authentication
  • Full audit logging of actions
  • TLS encryption for all data transfers

This ensures both administrative transparency and data security across deployments.

๐Ÿ“Š 7. Performance Optimization Tips

AreaRecommendation
Storage BackendUse ZFS RAIDZ2 or mirrored pools
NetworkMinimum 10 GbE for production workloads
Backup ScheduleDaily incremental + weekly verification
Chunk SizeDefault 4 MiB is optimal for balance
Verification JobsRun full integrity check weekly
Dedup CachePlace index cache on SSD for best performance

โœ… Conclusion

Proxmox Backup Server represents a new generation of open-source backup platforms โ€”
combining speed, reliability, and security through a unified design.

Its chunk-based incremental backup and global deduplication allow PBS to:

  • Minimize redundant data
  • Accelerate restores
  • Protect backups through encryption and verification
  • Seamlessly integrate with ZFS and Ceph for hybrid storage resilience

When combined with Proxmox VE and Proxmox Cluster,
PBS forms a cornerstone of enterprise-grade disaster recovery and data protection strategy.

๐Ÿ’ฌ Coming next:
โ€œProxmox Backup Server Performance Tuning and Optimizationโ€ โ€”
covering multi-thread tuning, ZFS cache adjustments, and automated Verify Job scheduling for production environments.