Difference between revisions of "Roadmap"

From Proxmox Backup Server
Jump to navigation Jump to search
 
(17 intermediate revisions by 2 users not shown)
Line 2: Line 2:
  
 
* Proxmox VE host backup
 
* Proxmox VE host backup
* Proxmox Mail Gateway host backup
+
* <s>Backup to one (physical) datastore from multiple  Proxmox VE clusters, avoiding backup naming conflicts</s> (done)
* Encryption configuration improvements
+
* <s>GUI restore improvements (including VMs)</s> (done)
* Backup to one (physical) datastore from multiple  Proxmox VE clusters, avoiding backup naming conflicts
+
* <s>Set manual protection (immutable) flag for backups</s> (done)
* Updates via GUI, xterm.js host console
+
* Transforming the single prune configuration of a datastore to allowing multiple jobs, whith namespace support.
* GUI restore improvements
+
* Importer for existing vzdump archives into Proxmox Backup Server
* Documentation improvements
+
* LDAP/AD Authentication
* Add comments to backups
+
* Backup clients for other operating systems
* Set manual protection (immutable) flag for backups
 
 
* ...
 
* ...
  
 
= Release History =
 
= Release History =
 +
See also [https://forum.proxmox.com/forums/announcements.7/ Announcement forum]
 +
 +
== Proxmox Backup Server 2.2 ==
 +
'''Released 18. May 2022'''
 +
* Based on Debian Bullseye (11.3)
 +
* Kernel 5.15
 +
* ZFS 2.1.4
 +
 +
'''Changelog Overview'''
 +
 +
* Enhancements in the web interface (GUI):
 +
** Add "Group Filter" tab to the "Add" and "Edit" windows of sync and tape-backup jobs
 +
** Allow configuration of the default language used in the web interface
 +
** Add Markdown aware panel for recording structured notes, and support multi-line comments in the node configuration file.
 +
** Hide RRD chart for IO delay, if no `io_ticks` are returned
 +
** Improved translations, among others:
 +
*** Arabic
 +
*** French
 +
*** German
 +
*** Japan
 +
*** Polish
 +
*** Turkish
 +
 +
* Datastore Backup Namespaces:
 +
** Implement backup namespaces for datastores.
 +
*: Namespaces allow for the reuse of a single chunk store deduplication domain for multiple sources, while avoiding naming conflicts and enabling more fine-grained access control.
 +
** Add support for syncing a source namespace into any target namespace.
 +
*: With the <code>max-depth</code> setting, you can control how deep the recursion on finding groups to sync should go.
 +
** Add support for namespaces in current Proxmox VE 7.2, the following versions form the baseline:
 +
*: pve-manager >= 7.2-4, libpve-storage-perl >= 7.2-4, pve-container >= 4.2-1, qemu-server >= 7.2-3, pve-qemu-kvm >= 6.2.0-7
 +
 +
* Maintenance Mode and Active Operations Tracking:
 +
** Implement read-only and offline maintenance modes for a datastore.
 +
*: Track whether each datastore access is a write or read operation, so that Proxmox Backup Server can gracefully enter the respective mode, by allowing conflicting operations that started before the maintenance mode to finish.
 +
*: Once enabled, depending on the mode, new reads and/or writes to the datastore are blocked, allowing an administrator to safely execute maintenance tasks, for example, on the underlying storage.
 +
 
 +
* General backend improvements:
 +
** Improve memory footprint
 +
*** Improve interaction with the glibc system allocator to dramatically decrease peak and overall RSS memory usage
 +
**: The glibc allocator has a misguided heuristic to detect transient allocations, which will only start to use <code>mmap</code> in allocation sizes above 32 MiB.
 +
**: This means that relatively large allocations end up on the heap, where cleanup and returning memory to the OS is harder to do and easier to be blocked by small, long-living allocations at the top (end) of the heap.
 +
**: By reducing the threshold for switching from the cached heap to the kernel provided mmap to 128 KiB, we can lower peak RSS usage by a factor of 10, or even 20 in some scenarios. 
 +
**: See [https://git.proxmox.com/?p=proxmox-backup.git;a=commitdiff;h=d91a0f9fc90aecabc4f359d968f716a14562ce78 the git commit for more details].
 +
*** Optimize LRU caches
 +
** Add streaming interfaces for some API endpoints, such as the task-log list or snapshot list.
 +
**: This can remove the need to collect large lists into intermediate memory buffers.
 +
** Transform all access to group or snapshot lists to efficient, lazy iterators.
 +
** Improve IO access pattern for some scenarios, like TFA with high user and login count.
 +
** Disable SSL/TLS renegotiation in the API daemon.
 +
** For zpools created via the API, set the `relatime=on` flag by default.
 +
** Allow for the disabling of inode-sorting for chunk iteration.
 +
*: While inode-sorting benefits read performance on block devices with higher latency (for example, spinning disks), it also requires extra work to get the metadata needed for sorting, so it's a trade-off. For setups that have either very slow or very fast metadata IO, the benefits may turn into a net cost.
 +
** Add dry-run option for the <code>proxmox-backup-client</code> backup CLI command.
 +
** Verify: Allow one to enforce verification when manually verifying a datastore or namespace through the web interface
 +
** Improve reload behavior of the proxmox-backup-proxy API daemon
 +
*: Close acceptor for new incoming connections immediately on shutdown to avoid connection resets during the wait for running tasks to finish.
 +
 +
* Improvements on file restore
 +
** Add support for zstd-compressed tar archive download, in addition to the existing zip download option.
 +
*: The tar archive supports more file types (for example, hard links and device nodes), and zstd allows for fast, efficient, and effective compression.
 +
** Add language encoding flag (EFS) to files when creating a zip archive, if an entry is valid UTF-8.
 +
*: This improves the handling of non-ASCII code point extraction under Windows.
 +
** Allow up to 25s for the file-restore VM to have scanned all possible filesystems in a backup.
 +
** Improve IO access in the file-restore-for-block-backup VM's internal driver, and start disk initialization in parallel to staring the API listening task.
 +
*: On average the restore-tool should be waiting more compared to the previous 12s "worst" case wait time.
 +
** Avoid automatically pre-mounting ZFS pools.
 +
*: The upfront time-cost can be too large to pay initially, for example, if there are many subvolumes present. Thus, only mount on demand.
 +
 +
== Proxmox Backup Server 2.1 ==
 +
'''Released 23. November 2021'''
 +
* Based on Debian Bullseye (11.1)
 +
* Kernel 5.13
 +
* ZFS 2.1
 +
 +
'''Changelog Overview'''
 +
 +
* Enhancements in the web interface (GUI):
 +
** Add traffic control management panel in the web interface.
 +
** Load and usage graphs now have much higher resolution.
 +
** Display the next media label for a tape backup job.
 +
** Improved translations, among others:
 +
*** Arabic
 +
*** Basque
 +
*** Brazilian Portuguese
 +
*** French
 +
*** German
 +
*** Simplified Chinese
 +
*** Traditional Chinese
 +
*** Turkish
 +
 +
* Enhancements in Backup Management
 +
** Support flexible traffic-control bandwidth limits:
 +
*: Implement a token bucket filter (TBF) for limiting incoming (for example, backup) and outgoing (for example, restore) traffic from a set of networks.
 +
*: Limits can be configured such that they get applied only during specific time-frames.
 +
** Support for protected backups, which will not be pruned and cannot be removed manually, without first removing the protected flag.
 +
** Support <code>group-filter</code> for sync jobs and tape-backup jobs:
 +
*: For such a job, you can specify if you want to process only a specific type (<code>ct</code>, <code>vm</code>, <code>host</code>), a specific group or a regex that matches the group-ID.
 +
*: Multiple such filters can be applied per job. They act cumulatively.
 +
 +
* Enhance existing OpenID Connect (OIDC) support:
 +
** Add support for configuring an arbitrary username claim.
 +
** Allow setting the requested scopes for user information requests. The default remains the same (<code>profile</code> and <code>email</code>).
 +
** The prompt behavior is now unset (previously hard-coded to <code>login</code>) and can be configured to the OIDC specification defined variants or an arbitrary extension.
 +
** You can now configure Authentication Context Class Reference (ACR) values to be requested on any authentication request.
 +
 +
* Improved Round Robin Database implementation
 +
** Uses a journal to avoid data loss;
 +
** Uses much higher resolution:
 +
*** per-day:    1 min (previously 30 min)
 +
*** per-month:  30 min (previously 12 hours)
 +
*** per-year:    6 h  (previously 1 week)
 +
*** per-decade:  1 week (previously none)
 +
** Stores data for last 10 years;
 +
 +
* Backend
 +
** New debugging tool <code>proxmox-backup-debug</code>
 +
** Improved support for various tape drives and changers
 +
 +
== Proxmox Backup Server 2.0 ==
 +
'''Released 13. July 2021'''
 +
* Based on Debian Bullseye (11)
 +
* Kernel 5.11
 +
* ZFS 2.0
 +
 +
'''Changelog Overview'''
 +
 +
* Tape Backup:
 +
** Matured from technology preview to the first stable release
 +
** Improve restore flexibility, allowing you to select multiple snapshots for one restore job
 +
** Read chunks sorted by inode on backup, to leverage improved read speed on slow spinning disks with increased sequential access
 +
 +
* Backend:
 +
** Support for Single-Sign-On (SSO) with the new OpenID Connect access realm type
 +
**: You can integrate external authorization servers, either using existing public services or your own identity and access management solution, for example, Keycloak or LemonLDAP::NG.
 +
** ACME/Let's Encrypt integration with stand-alone and DNS Plugins, for easy deployment of trusted certificates
 +
** Improved caching for <code>proxmox-backup-client map</code>
 +
** Single file-restore support for VMs that use ZFS or LVM internally
 +
** Support setting an HTTP proxy for package updates and subscription check requests
  
See also [https://forum.proxmox.com/forums/announcements.7/ Announcement forum]
+
* Enhancements in the web interface (GUI):
 +
** Make dashboard status panel more detailed, showing, among other things, uptime, Kernel version, CPU info and a high level repository status overview.
 +
** New Repository management panel in the <code>Administration</code> tab shows an in-depth status and a list of all configured repositories.
 +
**: Basic repository management, for example, activating or deactivating a repository, is also supported.
 +
** ACME/Let's Encrypt GUI integration
 +
** Support setting comments on a backup group
 +
** Updated ExtJS JavaScript framework to latest GPL release 7.0
 +
** Improved translations, including:
 +
*** Arabic
 +
*** French
 +
*** German
 +
*** Japanese
 +
*** Polish
 +
*** Turkish
 +
 
 +
* Installer:
 +
** Rework the installer environment to use <code>switch_root</code> instead of <code>chroot</code>, when transitioning from initrd to the actual installer.
 +
**: This improves module and firmware loading, and slightly reduces memory usage during installation.
 +
** Automatically detect HiDPI screens, and increase console font and GUI scaling accordingly. This improves UX for workstations with Proxmox VE (for example, for passthrough).
 +
** Improve ISO detection:
 +
*** Support ISOs backed by devices using USB Attached SCSI (UAS), which modern USB3 flash drives often do.
 +
*** Linearly increase the delay of subsequent scans for a device with an ISO image, bringing the total check time from 20s to 45s. This allows for the detection of very slow devices, while continuing faster in general.
 +
** Use <code>zstd</code> compression for the initrd image and the squashfs images.
 +
** Update to busybox 1.33.1 as the core-utils provider.
 +
 
 +
<div id="2.0-known-issues"></div>
 +
'''Known Issues'''
 +
 
 +
* '''Network''': Due to the updated systemd version, and for most upgrades, the newer kernel version (5.4 to 5.11), some network interfaces might change upon reboot:
 +
** Some may change their name. For example, due to newly supported functions, a change from <code>enp33s0f0</code> to <code>enp33s0f0np0</code> could occur.
 +
**: We observed such changes with high-speed Mellanox models.
 +
** [https://sources.debian.org/src/bridge-utils/1.7-1/debian/NEWS/#L3-L23 Bridge MAC address selection has changed in Debian Bullseye] - it is now generated based on the interface name and the <code>machine-id (5)</code> of the system.
 +
**: Note that by default, Proxmox Backup Server does not uses a Linux Bridge for networking, so most setups are unaffected.
 +
 
 +
'''Upgrade from 1.1'''
 +
 
 +
See [[Upgrade from 1.1 to 2.x]]
 +
 
 +
== Proxmox Backup Server 1.1 ==
 +
'''Released 15. April 2021'''
 +
* Based on Debian Buster (10.9)
 +
* Kernel 5.4.106
 +
* ZFS 2.0
 +
 
 +
* Tape Backup (Technology Preview)
 +
** Tape technology has stood the test of time, when it comes to highly reliable, economic and flexible long-term storage of large amounts of data. Key advantages being:
 +
*** the inherent offline nature of the stored data - mitigating crypto-locker attacks;
 +
*** the portability of the tapes - making them ideal for off-site archiving;
 +
*** the existence of WORM (write once read many) tapes - a key requirement for compliance with data integrity regulations in certain environments;
 +
*** the low cost per storage unit;
 +
** Tape backup jobs back up datastores to a media pool, and multiple datastores can be backed up to the same media pool. Choose to write all snapshots of a datastore or only the latest snapshot per group to the media set.
 +
** Tape restore jobs restore the content of a media set to one or more datastores - this enables operators to restore multiple datastores from a media set, even if the system does not have the free disk space required in a single datastore (potentially multiple 100 TB).
 +
** Flexible retention policies (e.g., always recycle tapes, never recycle tapes, recycle tapes after a particular calendar event).
 +
** New user space tape driver written in Rust.
 +
** Support for tape encryption using the hardware encryption feature of the LTO tape drive.
 +
** Support for tape autoloaders - by rewriting the <code>mtx</code> tool in Rust (now <code>pmtx</code>), most autoloaders supported by other tape-backup solutions available on Linux will work with Proxmox Backup Server.
 +
** For stand-alone tape drives without an attached changer, users are notified via e-mail about necessary (load/unload) operations.
 +
** The configuration of all necessary components, jobs, and schedules can be carried out comfortably via the web interface.
 +
** The Proxmox LTO Barcode Label Generator, a small web-app, can be used to generate and print barcode labels for the tapes on standard adhesive label sheets. These help to identify the tapes in an autoloader.
 +
 
 +
* Two-factor authentication (TFA) for the web interface
 +
** The web interface can now be configured to use TFA with one or more of the following implementations:
 +
*** Time-base One-Time Password (TOTP), for clients like FreeOTP, Google Authenticator, etc.
 +
*** WebAuthn, a general standard for authentication. This is implemented by various security devices, like hardware keys or by the trusted platform modules (TPM) of a computer or smartphone.
 +
*** Recovery keys for single use (as backup, should you lose your authenticators).
 +
** The activation and configuration of TFA can be done by the users themselves or by an administrator.
 +
** TFA is complemented by the existing, token-based authentication for granting automated access to Proxmox Backup Server resources, for example, when configuring a Proxmox Backup Server storage in a Proxmox VE setup.
 +
 
 +
* HTTP compression via Content-Encoding
 +
** Responses from the Proxmox Backup Server API can get quite large, but in general can be compressed well. By adding support for deflate Content-Encoding, bandwidth is saved and response times are improved, especially over bandwidth constricted links.
 +
 
 +
* Compression of file-level ZIP archive downloads
 +
** Downloading a directory from a file-level backup will now produce a compressed ZIP archive, reducing bandwidth and local space required.
 +
 
 +
* Notable enhancements and bug fixes
 +
** Improved handling of POSIX ACL entries on files.
 +
** Improved hand-over to new process when upgrading the Proxmox Backup Server packages.
 +
** Use the local filesystem to handle synchronization, in order to avoid issues with locking on remote filesystems (CIFS/NFS).
 +
** Changed HTTP timeouts to work more robustly, even over high latency and low bandwidth links, which are not uncommon for remote backup sites.
 +
** Better error-handling during garbage-collection, coping with the case when there's no space left on a datastore filesystem.
 +
** Improved UX when using a GPG master key.
 +
** Verification: Sort chunks by their inode to speed-up access on a storage with slow random-IO, for example, spinning disks.
 +
== Proxmox Backup Server 1.0 ==
 +
'''Released 11. November 2020'''
 +
* Based on Debian Buster (10.6)
 +
* Kernel 5.4 LTS
 +
* ZFS 0.8.4
 +
 
 +
* Backup & Restore (core functionality):
 +
** Deduplication<br />Periodic backups produce large amounts of duplicate data. The deduplication layer avoids redundancy and minimizes the used storage space. Deduplication is performed per datastore.
 +
** Incremental backups<br />Changes between backups are typically small. Reading and sending only the delta reduces the storage and network impact of backups.
 +
** Data Integrity<br />The built in SHA-256 checksum algorithm ensures the accuracy and consistency of your backups.
 +
** Compression <br />The ultra-fast Zstandard compression is able to compress several gigabytes of data per second.
 +
** Encryption <br /> Backups can be encrypted on the client-side using AES-256 in Galois/Counter mode. This authenticated encryption mode provides very high performance on modern hardware.
 +
** Verification <br />Backups on disk can be verified with the stored SHA-256 checksums to protect against corruption and bitrot. This can be scheduled periodically including regular re-verification.
 +
** Remote Sync<br />It is possible to efficiently synchronize data from remote sites. Only deltas containing new data are transferred. Optimized and tested for high-latency links.
 +
** Performance<br />The whole software stack is written in Rust, to provide high speed and memory efficiency.
 +
** Open Source<br />Proxmox Backup Server is free and open-source software. The source code is licensed under GNU AGPL, v3.
 +
** And of course - Backups can be restored comfortably!
 +
* Proxmox VE Integration
 +
** Support for incremental, deduplicated backups of qemu virtual machines (supporting QEMU dirty bitmaps) and containers.
 +
** Simply configurable as a Storage Backend on Proxmox VE
 +
** Granular restore:
 +
*** Mapping for QEMU virtual disks to loop back block devices
 +
*** File-level restore of container backups
 +
** Current backup state is preserved across migrations inside Proxmox VE
 +
* Enterprise support<br />With the release of version 1.0, support subscriptions for Proxmox Backup Server are available, providing access to the stable Enterprise Repository (recommended for production use) and to technical support from the Proxmox team.
 +
* Web interface<br />Manage Proxmox backups with the integrated, web-based user interface.
 +
** Start operations from within the views in which they are relevant
 +
** Widgets in the GUI provide useful popups when you hoover over (e.g., individual states in the task summary, on the dashboard)
 +
** Improved and mature user experience in the GUI - many features known from other Proxmox products were ported to the new Rust code-base to provide the same level of comfort during daily work:
 +
*** Online reference documentation for the current version, available in the GUI via the Help button
 +
*** System console via xterm.js
 +
*** System updates and changelogs
 +
*** Display of the system's journal
 +
* Scheduling
 +
** Management and scheduling of maintenance tasks provides all the settings necessary to just configure it once and not have to think about it
 +
** Scheduling based on the flexible systemd-time specification
 +
* E-mail notifications for scheduled background tasks (verification, pruning, garbage collection, sync jobs).
 +
* Vastly improved user interface
 +
* Sensible encryption-key handling
 +
** Proxmox Backup Server encryption keys are stored as simple json files, and can be easily stored off-site for disaster recover purposes
 +
** They can also be exported as QR-codes for printing on paper and storing off-line
 +
* Flexible Access Control:
 +
** Support for fine-grained ACLs for separate users on different objects (datastores, remotes, system configuration)
 +
** Token based authentication with reduced privileges:<br />A user can create tokens with a subset of their privileges, instead of having to store their password on a client
 +
 
 +
== Proxmox Backup Server Beta (2nd ISO release) ==
 +
 
 +
'''Released 5. October 2020'''
 +
 
 +
* Beta Release
 +
* Update to recent package versions with many fixes and feature additions
 +
* Based on Debian 10.6 Buster
 +
* Updated kernel (5.4) and include latest security fixes
  
 
== Proxmox Backup Server Beta ==
 
== Proxmox Backup Server Beta ==

Latest revision as of 11:56, 18 May 2022

Roadmap

  • Proxmox VE host backup
  • Backup to one (physical) datastore from multiple Proxmox VE clusters, avoiding backup naming conflicts (done)
  • GUI restore improvements (including VMs) (done)
  • Set manual protection (immutable) flag for backups (done)
  • Transforming the single prune configuration of a datastore to allowing multiple jobs, whith namespace support.
  • Importer for existing vzdump archives into Proxmox Backup Server
  • LDAP/AD Authentication
  • Backup clients for other operating systems
  • ...

Release History

See also Announcement forum

Proxmox Backup Server 2.2

Released 18. May 2022

  • Based on Debian Bullseye (11.3)
  • Kernel 5.15
  • ZFS 2.1.4

Changelog Overview

  • Enhancements in the web interface (GUI):
    • Add "Group Filter" tab to the "Add" and "Edit" windows of sync and tape-backup jobs
    • Allow configuration of the default language used in the web interface
    • Add Markdown aware panel for recording structured notes, and support multi-line comments in the node configuration file.
    • Hide RRD chart for IO delay, if no `io_ticks` are returned
    • Improved translations, among others:
      • Arabic
      • French
      • German
      • Japan
      • Polish
      • Turkish
  • Datastore Backup Namespaces:
    • Implement backup namespaces for datastores.
    Namespaces allow for the reuse of a single chunk store deduplication domain for multiple sources, while avoiding naming conflicts and enabling more fine-grained access control.
    • Add support for syncing a source namespace into any target namespace.
    With the max-depth setting, you can control how deep the recursion on finding groups to sync should go.
    • Add support for namespaces in current Proxmox VE 7.2, the following versions form the baseline:
    pve-manager >= 7.2-4, libpve-storage-perl >= 7.2-4, pve-container >= 4.2-1, qemu-server >= 7.2-3, pve-qemu-kvm >= 6.2.0-7
  • Maintenance Mode and Active Operations Tracking:
    • Implement read-only and offline maintenance modes for a datastore.
    Track whether each datastore access is a write or read operation, so that Proxmox Backup Server can gracefully enter the respective mode, by allowing conflicting operations that started before the maintenance mode to finish.
    Once enabled, depending on the mode, new reads and/or writes to the datastore are blocked, allowing an administrator to safely execute maintenance tasks, for example, on the underlying storage.
  • General backend improvements:
    • Improve memory footprint
      • Improve interaction with the glibc system allocator to dramatically decrease peak and overall RSS memory usage
      The glibc allocator has a misguided heuristic to detect transient allocations, which will only start to use mmap in allocation sizes above 32 MiB.
      This means that relatively large allocations end up on the heap, where cleanup and returning memory to the OS is harder to do and easier to be blocked by small, long-living allocations at the top (end) of the heap.
      By reducing the threshold for switching from the cached heap to the kernel provided mmap to 128 KiB, we can lower peak RSS usage by a factor of 10, or even 20 in some scenarios.
      See the git commit for more details.
      • Optimize LRU caches
    • Add streaming interfaces for some API endpoints, such as the task-log list or snapshot list.
      This can remove the need to collect large lists into intermediate memory buffers.
    • Transform all access to group or snapshot lists to efficient, lazy iterators.
    • Improve IO access pattern for some scenarios, like TFA with high user and login count.
    • Disable SSL/TLS renegotiation in the API daemon.
    • For zpools created via the API, set the `relatime=on` flag by default.
    • Allow for the disabling of inode-sorting for chunk iteration.
    While inode-sorting benefits read performance on block devices with higher latency (for example, spinning disks), it also requires extra work to get the metadata needed for sorting, so it's a trade-off. For setups that have either very slow or very fast metadata IO, the benefits may turn into a net cost.
    • Add dry-run option for the proxmox-backup-client backup CLI command.
    • Verify: Allow one to enforce verification when manually verifying a datastore or namespace through the web interface
    • Improve reload behavior of the proxmox-backup-proxy API daemon
    Close acceptor for new incoming connections immediately on shutdown to avoid connection resets during the wait for running tasks to finish.
  • Improvements on file restore
    • Add support for zstd-compressed tar archive download, in addition to the existing zip download option.
    The tar archive supports more file types (for example, hard links and device nodes), and zstd allows for fast, efficient, and effective compression.
    • Add language encoding flag (EFS) to files when creating a zip archive, if an entry is valid UTF-8.
    This improves the handling of non-ASCII code point extraction under Windows.
    • Allow up to 25s for the file-restore VM to have scanned all possible filesystems in a backup.
    • Improve IO access in the file-restore-for-block-backup VM's internal driver, and start disk initialization in parallel to staring the API listening task.
    On average the restore-tool should be waiting more compared to the previous 12s "worst" case wait time.
    • Avoid automatically pre-mounting ZFS pools.
    The upfront time-cost can be too large to pay initially, for example, if there are many subvolumes present. Thus, only mount on demand.

Proxmox Backup Server 2.1

Released 23. November 2021

  • Based on Debian Bullseye (11.1)
  • Kernel 5.13
  • ZFS 2.1

Changelog Overview

  • Enhancements in the web interface (GUI):
    • Add traffic control management panel in the web interface.
    • Load and usage graphs now have much higher resolution.
    • Display the next media label for a tape backup job.
    • Improved translations, among others:
      • Arabic
      • Basque
      • Brazilian Portuguese
      • French
      • German
      • Simplified Chinese
      • Traditional Chinese
      • Turkish
  • Enhancements in Backup Management
    • Support flexible traffic-control bandwidth limits:
    Implement a token bucket filter (TBF) for limiting incoming (for example, backup) and outgoing (for example, restore) traffic from a set of networks.
    Limits can be configured such that they get applied only during specific time-frames.
    • Support for protected backups, which will not be pruned and cannot be removed manually, without first removing the protected flag.
    • Support group-filter for sync jobs and tape-backup jobs:
    For such a job, you can specify if you want to process only a specific type (ct, vm, host), a specific group or a regex that matches the group-ID.
    Multiple such filters can be applied per job. They act cumulatively.
  • Enhance existing OpenID Connect (OIDC) support:
    • Add support for configuring an arbitrary username claim.
    • Allow setting the requested scopes for user information requests. The default remains the same (profile and email).
    • The prompt behavior is now unset (previously hard-coded to login) and can be configured to the OIDC specification defined variants or an arbitrary extension.
    • You can now configure Authentication Context Class Reference (ACR) values to be requested on any authentication request.
  • Improved Round Robin Database implementation
    • Uses a journal to avoid data loss;
    • Uses much higher resolution:
      • per-day: 1 min (previously 30 min)
      • per-month: 30 min (previously 12 hours)
      • per-year: 6 h (previously 1 week)
      • per-decade: 1 week (previously none)
    • Stores data for last 10 years;
  • Backend
    • New debugging tool proxmox-backup-debug
    • Improved support for various tape drives and changers

Proxmox Backup Server 2.0

Released 13. July 2021

  • Based on Debian Bullseye (11)
  • Kernel 5.11
  • ZFS 2.0

Changelog Overview

  • Tape Backup:
    • Matured from technology preview to the first stable release
    • Improve restore flexibility, allowing you to select multiple snapshots for one restore job
    • Read chunks sorted by inode on backup, to leverage improved read speed on slow spinning disks with increased sequential access
  • Backend:
    • Support for Single-Sign-On (SSO) with the new OpenID Connect access realm type
      You can integrate external authorization servers, either using existing public services or your own identity and access management solution, for example, Keycloak or LemonLDAP::NG.
    • ACME/Let's Encrypt integration with stand-alone and DNS Plugins, for easy deployment of trusted certificates
    • Improved caching for proxmox-backup-client map
    • Single file-restore support for VMs that use ZFS or LVM internally
    • Support setting an HTTP proxy for package updates and subscription check requests
  • Enhancements in the web interface (GUI):
    • Make dashboard status panel more detailed, showing, among other things, uptime, Kernel version, CPU info and a high level repository status overview.
    • New Repository management panel in the Administration tab shows an in-depth status and a list of all configured repositories.
      Basic repository management, for example, activating or deactivating a repository, is also supported.
    • ACME/Let's Encrypt GUI integration
    • Support setting comments on a backup group
    • Updated ExtJS JavaScript framework to latest GPL release 7.0
    • Improved translations, including:
      • Arabic
      • French
      • German
      • Japanese
      • Polish
      • Turkish
  • Installer:
    • Rework the installer environment to use switch_root instead of chroot, when transitioning from initrd to the actual installer.
      This improves module and firmware loading, and slightly reduces memory usage during installation.
    • Automatically detect HiDPI screens, and increase console font and GUI scaling accordingly. This improves UX for workstations with Proxmox VE (for example, for passthrough).
    • Improve ISO detection:
      • Support ISOs backed by devices using USB Attached SCSI (UAS), which modern USB3 flash drives often do.
      • Linearly increase the delay of subsequent scans for a device with an ISO image, bringing the total check time from 20s to 45s. This allows for the detection of very slow devices, while continuing faster in general.
    • Use zstd compression for the initrd image and the squashfs images.
    • Update to busybox 1.33.1 as the core-utils provider.

Known Issues

  • Network: Due to the updated systemd version, and for most upgrades, the newer kernel version (5.4 to 5.11), some network interfaces might change upon reboot:
    • Some may change their name. For example, due to newly supported functions, a change from enp33s0f0 to enp33s0f0np0 could occur.
      We observed such changes with high-speed Mellanox models.
    • Bridge MAC address selection has changed in Debian Bullseye - it is now generated based on the interface name and the machine-id (5) of the system.
      Note that by default, Proxmox Backup Server does not uses a Linux Bridge for networking, so most setups are unaffected.

Upgrade from 1.1

See Upgrade from 1.1 to 2.x

Proxmox Backup Server 1.1

Released 15. April 2021

  • Based on Debian Buster (10.9)
  • Kernel 5.4.106
  • ZFS 2.0
  • Tape Backup (Technology Preview)
    • Tape technology has stood the test of time, when it comes to highly reliable, economic and flexible long-term storage of large amounts of data. Key advantages being:
      • the inherent offline nature of the stored data - mitigating crypto-locker attacks;
      • the portability of the tapes - making them ideal for off-site archiving;
      • the existence of WORM (write once read many) tapes - a key requirement for compliance with data integrity regulations in certain environments;
      • the low cost per storage unit;
    • Tape backup jobs back up datastores to a media pool, and multiple datastores can be backed up to the same media pool. Choose to write all snapshots of a datastore or only the latest snapshot per group to the media set.
    • Tape restore jobs restore the content of a media set to one or more datastores - this enables operators to restore multiple datastores from a media set, even if the system does not have the free disk space required in a single datastore (potentially multiple 100 TB).
    • Flexible retention policies (e.g., always recycle tapes, never recycle tapes, recycle tapes after a particular calendar event).
    • New user space tape driver written in Rust.
    • Support for tape encryption using the hardware encryption feature of the LTO tape drive.
    • Support for tape autoloaders - by rewriting the mtx tool in Rust (now pmtx), most autoloaders supported by other tape-backup solutions available on Linux will work with Proxmox Backup Server.
    • For stand-alone tape drives without an attached changer, users are notified via e-mail about necessary (load/unload) operations.
    • The configuration of all necessary components, jobs, and schedules can be carried out comfortably via the web interface.
    • The Proxmox LTO Barcode Label Generator, a small web-app, can be used to generate and print barcode labels for the tapes on standard adhesive label sheets. These help to identify the tapes in an autoloader.
  • Two-factor authentication (TFA) for the web interface
    • The web interface can now be configured to use TFA with one or more of the following implementations:
      • Time-base One-Time Password (TOTP), for clients like FreeOTP, Google Authenticator, etc.
      • WebAuthn, a general standard for authentication. This is implemented by various security devices, like hardware keys or by the trusted platform modules (TPM) of a computer or smartphone.
      • Recovery keys for single use (as backup, should you lose your authenticators).
    • The activation and configuration of TFA can be done by the users themselves or by an administrator.
    • TFA is complemented by the existing, token-based authentication for granting automated access to Proxmox Backup Server resources, for example, when configuring a Proxmox Backup Server storage in a Proxmox VE setup.
  • HTTP compression via Content-Encoding
    • Responses from the Proxmox Backup Server API can get quite large, but in general can be compressed well. By adding support for deflate Content-Encoding, bandwidth is saved and response times are improved, especially over bandwidth constricted links.
  • Compression of file-level ZIP archive downloads
    • Downloading a directory from a file-level backup will now produce a compressed ZIP archive, reducing bandwidth and local space required.
  • Notable enhancements and bug fixes
    • Improved handling of POSIX ACL entries on files.
    • Improved hand-over to new process when upgrading the Proxmox Backup Server packages.
    • Use the local filesystem to handle synchronization, in order to avoid issues with locking on remote filesystems (CIFS/NFS).
    • Changed HTTP timeouts to work more robustly, even over high latency and low bandwidth links, which are not uncommon for remote backup sites.
    • Better error-handling during garbage-collection, coping with the case when there's no space left on a datastore filesystem.
    • Improved UX when using a GPG master key.
    • Verification: Sort chunks by their inode to speed-up access on a storage with slow random-IO, for example, spinning disks.

Proxmox Backup Server 1.0

Released 11. November 2020

  • Based on Debian Buster (10.6)
  • Kernel 5.4 LTS
  • ZFS 0.8.4
  • Backup & Restore (core functionality):
    • Deduplication
      Periodic backups produce large amounts of duplicate data. The deduplication layer avoids redundancy and minimizes the used storage space. Deduplication is performed per datastore.
    • Incremental backups
      Changes between backups are typically small. Reading and sending only the delta reduces the storage and network impact of backups.
    • Data Integrity
      The built in SHA-256 checksum algorithm ensures the accuracy and consistency of your backups.
    • Compression
      The ultra-fast Zstandard compression is able to compress several gigabytes of data per second.
    • Encryption
      Backups can be encrypted on the client-side using AES-256 in Galois/Counter mode. This authenticated encryption mode provides very high performance on modern hardware.
    • Verification
      Backups on disk can be verified with the stored SHA-256 checksums to protect against corruption and bitrot. This can be scheduled periodically including regular re-verification.
    • Remote Sync
      It is possible to efficiently synchronize data from remote sites. Only deltas containing new data are transferred. Optimized and tested for high-latency links.
    • Performance
      The whole software stack is written in Rust, to provide high speed and memory efficiency.
    • Open Source
      Proxmox Backup Server is free and open-source software. The source code is licensed under GNU AGPL, v3.
    • And of course - Backups can be restored comfortably!
  • Proxmox VE Integration
    • Support for incremental, deduplicated backups of qemu virtual machines (supporting QEMU dirty bitmaps) and containers.
    • Simply configurable as a Storage Backend on Proxmox VE
    • Granular restore:
      • Mapping for QEMU virtual disks to loop back block devices
      • File-level restore of container backups
    • Current backup state is preserved across migrations inside Proxmox VE
  • Enterprise support
    With the release of version 1.0, support subscriptions for Proxmox Backup Server are available, providing access to the stable Enterprise Repository (recommended for production use) and to technical support from the Proxmox team.
  • Web interface
    Manage Proxmox backups with the integrated, web-based user interface.
    • Start operations from within the views in which they are relevant
    • Widgets in the GUI provide useful popups when you hoover over (e.g., individual states in the task summary, on the dashboard)
    • Improved and mature user experience in the GUI - many features known from other Proxmox products were ported to the new Rust code-base to provide the same level of comfort during daily work:
      • Online reference documentation for the current version, available in the GUI via the Help button
      • System console via xterm.js
      • System updates and changelogs
      • Display of the system's journal
  • Scheduling
    • Management and scheduling of maintenance tasks provides all the settings necessary to just configure it once and not have to think about it
    • Scheduling based on the flexible systemd-time specification
  • E-mail notifications for scheduled background tasks (verification, pruning, garbage collection, sync jobs).
  • Vastly improved user interface
  • Sensible encryption-key handling
    • Proxmox Backup Server encryption keys are stored as simple json files, and can be easily stored off-site for disaster recover purposes
    • They can also be exported as QR-codes for printing on paper and storing off-line
  • Flexible Access Control:
    • Support for fine-grained ACLs for separate users on different objects (datastores, remotes, system configuration)
    • Token based authentication with reduced privileges:
      A user can create tokens with a subset of their privileges, instead of having to store their password on a client

Proxmox Backup Server Beta (2nd ISO release)

Released 5. October 2020

  • Beta Release
  • Update to recent package versions with many fixes and feature additions
  • Based on Debian 10.6 Buster
  • Updated kernel (5.4) and include latest security fixes

Proxmox Backup Server Beta

Released 10. July 2020

  • First public beta release
  • Based on Debian Buster (10.4)
  • Kernel 5.4 LTS with ZFS 0.8.4