Qu'est-ce qu'un backup immuable ?

Un backup immuable est une sauvegarde dont les données ne peuvent être ni modifiées ni supprimées pendant une période définie (WORM — Write Once, Read Many). Même un administrateur avec un accès root ne peut pas effacer les snapshots durant leur période de rétention. Les ransomwares ne peuvent pas chiffrer des sauvegardes immuables.

TrueNAS ZFS protège-t-il vraiment contre les ransomwares ?

Oui. ZFS crée des snapshots atomiques à intervalles définis (toutes les heures, quotidiennement). Ces snapshots sont read-only et ne peuvent être supprimés que selon la politique de rétention configurée. Même si le réseau est compromis, les snapshots restent intacts — restauration possible en minutes.

Quelle est la règle 3-2-1-1 ?

3 copies de données, sur 2 médias différents, dont 1 hors site, dont 1 immuable (air-gapped ou WORM). Convergent déploie cette architecture : données primaires sur TrueNAS local + réplication chiffrée vers site secondaire + snapshot immuable résistant aux ransomwares.

💾 TrueNAS ZFS · Proxmox Backup Server · 3-2-1-1 Rule

Backup Immuable
Anti-Ransomware Immutable Anti-Ransomware
Backup

TrueNAS ZFS + Proxmox Backup Server deployed by Convergent. Tamper-proof snapshots, AES-256 encrypted off-site replication, guaranteed restoration after ransomware attack. Native 3-2-1-1 rule implementation.

Design my backup plan TrueNAS details

94%of ransomware attacks
target backups first

<15 minFull VM restoration
from ZFS snapshot

AES-256Data encryption
at rest + in transit

3-2-1-1Backup rule
gold standard

Why immutable backup is essential

94% of modern ransomware attacks target backups first. A conventional backup encrypted by ransomware = inevitable ransom. An immutable backup = guaranteed restoration.

🔒

Tamper-proof ZFS snapshots

ZFS snapshots are atomic read-only. Even root cannot delete them during the retention period. Ransomware cannot encrypt or erase them — guaranteed restoration.

🌍

Encrypted off-site replication

AES-256 encrypted ZFS send/receive to secondary site (Tunis datacenter or private cloud). Automatic scheduling: hourly, daily, weekly. Configurable RPO.

⚡

Fast restoration <15 min

Granular restoration: single file, folder, full VM or disk snapshot. Proxmox Backup Server enables live restoration without service interruption.

📊

3-2-1-1 Rule

3 copies · 2 different media · 1 off-site · 1 immutable. Convergent designs and deploys this complete architecture: primary TrueNAS + off-site replica + immutable snapshot.

🏛️

Regulatory compliance

GDPR: guaranteed retention and deletion. PCI-DSS: logs and card data protected. ISO 27001 A.12.3: documented and tested backup plan. Compliance reports generated automatically.

🔧

Unified management

Modern TrueNAS SCALE interface. Native Proxmox Backup Server integration. Email/SMS alerts on failure. Automatic backup reports. Convergent support included.

Convergent reference architecture

Convergent deploys a complete end-to-end architecture, tested and documented.

1️⃣

Primary site — TrueNAS SCALE

NAS server with RAIDZ2 ZFS pool. Automatic snapshots hourly, daily (30d), weekly (12w). AES-256 at-rest encryption. Disk SMART monitoring.

2️⃣

VM Backup — Proxmox Backup Server

PBS integrated with Proxmox VE. Server-side deduplication and compression (60–80% space reduction). Automatic integrity verification. Fine-grained retention policy.

3️⃣

Secondary site — encrypted replication

Encrypted ZFS send/receive to off-site NAS or private cloud. Bandwidth-optimised via incremental send. Replication monitoring and failure alerts.

Frequently Asked Questions

What is an immutable backup?

An immutable backup is a backup whose data cannot be modified or deleted during a defined period (WORM — Write Once, Read Many). Even an administrator with root access cannot erase snapshots during their retention period. Ransomware cannot encrypt immutable backups.

Does TrueNAS ZFS really protect against ransomware?

Yes. ZFS creates atomic snapshots at defined intervals (hourly, daily). These snapshots are read-only and can only be deleted according to the retention policy. Even if the network is compromised and primary data encrypted, snapshots remain intact and allow full restoration in minutes.

What is the 3-2-1-1 rule?

3 copies of data, on 2 different media, including 1 off-site, including 1 immutable (air-gapped or WORM). This is the gold standard for data protection against ransomware, recommended by CISA, ANSSI and ENISA. Convergent deploys this complete architecture.

How long does restoration take after an attack?

With Proxmox Backup Server, restoring a full VM (100 GB) takes less than 15 minutes from the most recent snapshot. Granular restoration (single file) takes less than 2 minutes. RTO (Recovery Time Objective) is configurable according to your SLA.

Are you ready for the next ransomware?

94% of ransomware-targeted companies had no immutable backup. Convergent designs and deploys your 3-2-1-1 architecture in less than 10 days.

Evaluate my backup strategy Get my free audit

Backup ImmuableAnti-Ransomware Immutable Anti-RansomwareBackup