How I back up my VMs

A peek at the architecture and methods I’m using to back up 50+ VMs securely


  • A separate physical server with locally-attached disks
  • Bonded GbE to a core switch that connects to other servers
  • Hyper-V running 50+ VMs

“Air gapping” lite

An advanced ransomware attack that gains domain admin would be devastating. To reduce the window for a complete attack, backups only run during a short window and the server is shut down when not handling backups. The NICs are completely off.

It gracefully shuts itself down via a scheduled task at a specified time. When the backup window is near, the PDU does a “reboot” cycle at midnight and the BIOS is configured to boot whenever AC is restored. The times are slightly modified for Thursday nights when full backups are taken.


I use Nakivo, but I don’t endorse the product. They have a long way to go to get to the same level of Veeam. But it’s a lot cheaper still, so I’m using them for now. Support has been average but not awful.

Veeam: licensing is appalling/rent-seeking and they sacked off their perpetual offering a while ago, too. I’m not running a hedge fund here, just a complex homelab. I won’t pay tens of thousands for backing up a couple VMs.

Windows Server Backup: uses the same VSS technology as the above, but a lot less scalable and granular when I played with it a while ago. Veeam and Nakivo wouldn’t exist if wsbackup was suitable for heavy production setups.

Future improvements

I’m currently building out another “micro site” far away from London. I’ve got a PDU in place already for the “air gap lite” solution and will be buying a server to host backups there shortly.