Skip to content
IsoVault

Offsite Proxmox backups without exposing PBS.

For Proxmox admins, MSPs, and SREs who want encrypted offsite copies, Zero Trust access, and fast restores—no public ingress required.

Get Started View Pricing Talk to us
Cloudflare Tunnel Deduped PBS storage Key ownership 99.9% target uptime

Why IsoVault

  • Keep PBS private-by-default with egress-only firewall rules and Cloudflare Zero Trust policies.
  • Own your keys: client-side encryption with optional server-side management and rotation—no escrow.
  • Recover fast: Proxmox-native deduplication keeps transfer sizes small and restores quick.

PBS protects more than Proxmox

PBS can back up Linux systems—not just Proxmox nodes. This is the real market opportunity.

  • Proxmox VE VMs: full + incremental backups, block-level dedupe, ZSTD compression.
  • LXC containers: same workflow, very fast.
  • Any Linux server: use proxmox-backup-client to back up directories, app folders, home dirs, /etc configs, DB dumps, or whole disks (chunked).

Onboard Ubuntu, Debian, Rocky, Alma, RHEL, Fedora, headless Linux boxes, Raspberry Pi/ARM—no Proxmox install required. A Debian PBS becomes a universal backup destination.

How it works

  1. Deploy an IsoVault-provided PBS (managed) or connect your existing PBS.
  2. Create a Cloudflare Tunnel from PBS to a private endpoint and lock it with identity-aware access.
  3. Install the IsoVault CLI or Docker image, authenticate with a scoped token, and run your first backup.
  4. Schedule recurring backups and automated restore checks to validate integrity.

Outcome: encrypted, offsite Proxmox backups with RPO measured in hours and restores that stay behind Zero Trust.

What you get

  • Encrypted snapshots, incremental transfers, and regional storage options.
  • Scoped tokens per repo/namespace, MFA through Cloudflare Access, and audit-friendly logs.
  • Operational help: onboarding assistance, runbooks, and priority email support.

Feature highlights

Zero Trust edge

Cloudflare Tunnel with identity policies keeps PBS reachable only to authorized users and jobs.

Key ownership

Client-side encryption by default; rotate keys without rehydrating data, no key escrow.

Managed resilience

Deduplicated storage, retention policies, optional immutability windows, and checksum verification.

Fast onboarding

One-line installer, Docker image, and copy-paste examples to run your first backup in minutes.

Observability

Job logs, alerts for failed backups, and simple status views for fresh/aged snapshots.

Support & SLA

Email support included; priority/SLA options available for production installs.

Start a backup Request a demo