Post

Create Two Vms In Proxmox 100Nas 101Nasbackup

Posted
By Usman Masood Ashraf
views 6 min read

Create Two VMs In Proxmox: 100Nas and 101Nasbackup – A Homelab Backup Strategy Guide

1. Introduction

Data loss remains one of the most catastrophic failures in IT infrastructure. When a Reddit user recently asked about Proxmox backup strategies, responses ranged from 3-2-1 backup principles to warnings about virtualizing backup systems - highlighting critical gaps in disaster recovery planning. This guide addresses the exact challenge: creating a resilient Proxmox environment with two purpose-built VMs - 100Nas (primary storage) and 101Nasbackup (dedicated backup target) - to implement enterprise-grade data protection in homelab scenarios.

For DevOps engineers and sysadmins managing self-hosted infrastructure, Proxmox VE offers powerful virtualization capabilities, but data protection requires deliberate design. We’ll implement:

  • A TrueNAS-based NAS VM for primary storage
  • A Proxmox Backup Server (PBS) VM for system-level backups
  • ZFS replication between VMs
  • Automated snapshot policies

By article’s end, you’ll have a production-ready architecture implementing 3-2-1 backup principles with open-source tools, suitable for everything from homelabs to small business infrastructure.

2. Understanding the Architecture

Core Components

Proxmox VE (Virtual Environment)
An open-source Type-1 hypervisor based on Debian Linux with KVM/QEMU virtualization and LXC container support. Provides web-based management and API access.

TrueNAS (100Nas VM)
BSD-based network-attached storage platform using ZFS for enterprise-grade data integrity:

  • Checksum verification
  • Automatic repair
  • Instant snapshots
  • Compression/encryption

Proxmox Backup Server (101Nasbackup VM)
Specialized backup solution for Proxmox environments:

  • Incremental backups
  • Deduplication
  • AES-256 encryption
  • Browser-based restore

Why Separate VMs?

FactorCombined Setup RiskSeparate VMs Benefit
Fault IsolationSingle point of failureBackup system remains operational during NAS outages
PerformanceResource contentionDedicated resources for backup operations
SecurityShared attack surfaceBackup VM can be air-gapped when not in use
Recovery ScenariosComplex restore pathsIndependent recovery of backup infrastructure

Real-World Case: A sysadmin virtualized PBS under Proxmox with direct disk passthrough. When the host failed, they restored the PBS VM first using its own backups, then recovered all other VMs - impossible if PBS was on the same storage as production VMs.

3. Prerequisites

Hardware Requirements

ComponentMinimum (Homelab)Recommended (Production)
CPUx64 with VT-x/AMD-V6+ cores with AES-NI
RAM8GB32GB+ ECC
Storage2x HDD (RAID1)SSD boot + HDD ZFS pool + NVMe cache
Network1Gbps NICDual 10Gbps NICs (LACP)

Software Requirements

  • Proxmox VE 8.0+ (fresh installation recommended)
  • TrueNAS SCALE 22.12+ or CORE 13.0+ ISO
  • Proxmox Backup Server 3.0+ ISO
  • Network infrastructure supporting VLAN isolation

Configuration Checklist

  1. Dedicated storage disks (not Proxmox OS disks)
  2. Separate VLANs for storage (VLAN10) and backup (VLAN20)
  3. Static IP assignments reserved in DHCP server
  4. SSH key pairs for secure access
  5. ZFS compatible hardware (HBA in IT mode preferred)

4. Installation & Configuration

Step 1: Create Storage VM (100Nas)

VM Specifications

1
2
3

qm create 100 --name 100Nas --memory 4096 --cores 2 --net0 virtio,bridge=vmbr0,tag=10
qm set 100 --scsihw virtio-scsi-pci --scsi0 local-zfs:32,format=raw
qm set 100 --boot order=scsi0 --serial0 socket

Critical Step: Disk Passthrough
For direct hardware access (recommended for ZFS):

1

qm set 100 -scsi2 /dev/disk/by-id/ata-WDC_WD40EFZX-68AWUN0_WD-WX32DA075X63

Install TrueNAS via Proxmox console:

1
2

qm set 100 --cdrom local:iso/TrueNAS-SCALE-22.12.3.2.iso
qm start 100

Post-Install Configuration

  1. Create ZFS pool named “tank”
  2. Configure SMB share with ACLs:
    1
2
3

    zfs create tank/projects
zfs set acltype=posixacl tank/projects
chmod 775 /mnt/tank/projects
  3. Enable periodic snapshots:
    1
2
3
4
5

    # /etc/truenas/snapshot.yaml
retention_policy:
  hourly: 24
  daily: 7
  weekly: 4

Step 2: Create Backup VM (101Nasbackup)

VM Specifications

1
2
3

qm create 101 --name 101Nasbackup --memory 8192 --cores 4 --net0 virtio,bridge=vmbr0,tag=20
qm set 101 --scsihw virtio-scsi-pci --scsi0 local-zfs:64,format=raw
qm set 101 --serial0 socket --autostart 1

Install Proxmox Backup Server:

1
2

qm set 101 --cdrom local:iso/proxmox-backup-server_3.0-2.iso
qm start 101

Initial PBS Setup

  1. Create datastore on dedicated disk:
    1
2
3

    proxmox-backup-manager datastore create nasbackup \
  --disk /dev/sdb \
  --max-depth 3
  2. Configure privileged backup user:
    1
2
3
4
5

    proxmox-backup-manager user create backupadmin@pbs \
  --comment "Backup Administrator"
proxmox-backup-manager acl update /datastore/nasbackup \
  --role Administrator \
  --user backupadmin@pbs

Step 3: Establish ZFS Replication

On 100Nas (TrueNAS VM)

1
2

zfs create tank/replication
zfs set sync=always tank/replication

On 101Nasbackup (PBS VM)

1
2

zpool create backuppool /dev/sdc
zfs create backuppool/received

Configure SSH-based Replication

1
2
3
4
5

# On 100Nas
ssh-keygen -t ed25519 -f /root/.ssh/replication_key

# On 101Nasbackup
echo "command=\"/usr/bin/zfs receive -F backuppool/received\" $(cat replication_key.pub)" >> ~/.ssh/authorized_keys

Automate with Cron

1
2

# /etc/cron.d/zfs-replicate
0 2 * * * root zfs send -R tank/replication@$(date +\%Y\%m\%d) | ssh backupvm 'zfs receive -F backuppool/received'

5. Advanced Configuration & Optimization

Security Hardening

Network Isolation

1
2
3
4
5
6
7
8
9

# Proxmox firewall rules for backup VLAN
qm set 101 --firewall 1
pvesh set /nodes/$HOSTNAME/firewall/rules \
  --enable 1 \
  --action REJECT \
  --type IN \
  --dest 101 \
  --log nolog \
  --comment "Isolate backup network"

Storage VM Security

1
2
3
4
5
6
7
8
9

# TrueNAS SMB share security
services:
  smb:
    shares:
      - name: projects
        path: /mnt/tank/projects
        acl: true
        rolist: "@readonly"
        valid_users: "@admins"

Performance Tuning

ZFS Optimization for Backup Workloads

1
2
3
4
5

# On 101Nasbackup
zfs set compression=zstd-fast backuppool
zfs set atime=off backuppool
zfs set logbias=throughput backuppool
zfs set primarycache=metadata backuppool

Proxmox Backup Server Settings

1
2
3
4
5
6

# /etc/proxmox-backup/datastore.cfg
[nasbackup]
gc-schedule "0 4 * * *"
prune-schedule "30 4 * * *"
verify-schedule "0 5 * * 6"
lz4: 1

Integration with Proxmox Host

Register PBS in Proxmox VE

1
2

proxmox-backup-client login backupadmin@pbs@pam --password <SECURE_PASSWORD>
proxmox-backup-client repo add local-datastore pbs:nasbackup

Create Backup Jobs

1
2
3
4
5
6
7
8

# /etc/pve/jobs.cfg
backup: vm-backup
  enabled 1
  schedule "0 22 * * 5"
  storage nasbackup
  vmid 100,101
  mode snapshot
  remove 1

6. Daily Operations & Monitoring

Key Maintenance Tasks

Weekly Checks

  1. Verify backup integrity:
    1

    proxmox-backup-client verify --repository nasbackup
  2. Check ZFS pool health:
    1

    zpool status -v
  3. Review replication logs:
    1

    journalctl -u zfs-replicate -S "1 week ago"

Monthly Tasks

  1. Test restore procedure
  2. Update all components:
    1
2

    proxmox-backup-manager update
apt update && apt dist-upgrade
  3. Rotate encryption keys (if used)

Monitoring Setup

Essential Metrics to Track

  • ZFS pool capacity (>80% requires action)
  • Backup success/failure rates
  • Replication latency
  • SMART disk health status

Sample Grafana Query

1
2
3

SELECT mean("usage") FROM "zfs_dataset" 
WHERE "host" = '100Nas' 
GROUP BY time(1h) FILL(null)

7. Troubleshooting Guide

Common Issues & Solutions

Problem: Backup VM unavailable during backup window
Diagnosis:

1
2

qm status 101
systemctl status proxmox-backup-proxy

Fix: Check resource contention - PBS requires minimum 4GB RAM during operations

Problem: ZFS replication fails with “broken pipe”
Diagnosis:

1
2

zfs get received backuppool/received
ssh -v backupvm

Fix: Regenerate SSH keys and verify authorized_keys command restriction

Problem: Slow SMB performance from NAS VM
Diagnosis:

1

mbuffer -s 128k -m 1G | zfs send tank/replication | mbuffer -s 128k -m 1G > /dev/null

Fix: Adjust MTU on VLAN interfaces and enable jumbo frames

8. Conclusion

This architecture achieves:

  • 3-2-1 Compliance: Primary data (100Nas), onsite backup (101Nasbackup), plus optional cloud sync
  • Disaster Recovery: Ability to rebuild entire Proxmox host from PBS backups
  • Performance Isolation: Dedicated resources for backup operations
  • Cost Efficiency: Uses existing Proxmox infrastructure without additional hardware

Next Steps:

  1. Implement offsite replication using Rclone to cloud storage
  2. Configure email/SMS alerts for backup failures
  3. Explore encrypted backups with PBS Client Encryption

Recommended Resources:

This implementation demonstrates that robust data protection is achievable in self-hosted environments through proper Proxmox configuration and open-source tools. By maintaining separation between production storage and backup systems while leveraging ZFS capabilities, homelab users and DevOps teams alike can ensure data durability against both hardware failures and operational errors.

Open Source, Reddit Guides, Docker
homelab sysadmin how-to tools monitoring observability security hardening
This post is licensed under CC BY 4.0 by the author.