NimbusBackup by RDEM Systems - Proxmox backup and secure storage solutions in Europe
    🇫🇷Contact
    S3 object storage · immutable

    Immutable S3 object backup, truly offsite

    S3 is the universal protocol: almost every tool can write to it. The Nimbus Backup Gateway exposes an S3-compatible target, then protects your objects with Proxmox Backup Server (Primary PBS → AirGap → LTO). A France-hosted alternative to Backblaze B2 / Wasabi, with a real immutability chain behind the bucket.

    Request a quote15-min technical call
    S3-compatible rclone / restic Dedicated VPN Immutable PBS AirGap LTO WORM Hosted in France

    S3, the common denominator of backup

    rclone, restic, your applications' native tools, SQL exports: almost everything can write to an S3-compatible target. That is why S3 is the most versatile ingestion path when a source speaks neither rsync nor a NAS protocol. You keep your client and your protocol; the Gateway provides the target, and Nimbus turns it into a truly immutable backup. Not sure S3 is the right path for your source? See the guide choose the right backup method.

    rclone restic → S3 aws-cli S3-compatible apps

    The recommended path: S3 client → MinIO Gateway

    The Gateway exposes an S3-compatible object endpoint via a MinIO backend. It is an ingestion target reachable through the S3 API — not a multi-region production object store, and we do not advertise S3 features beyond what is validated. The intelligence is in the downstream chain.

    Dedicated access keys

    One S3 key set per source, revocable, allowing only the writing of backup objects.

    Ingestion bucket

    Your PUTs land in the Gateway's buffer zone, sized on your working set.

    Downstream immutability

    The lock is not at the front: it is guaranteed by PBS + AirGap + LTO behind the bucket.

    How it works, step by step

    Four steps, without changing your S3 client.

    1

    Dedicated VPN

    We set up an encrypted tunnel (WireGuard or OpenVPN) between your source and the Gateway. The S3 endpoint is reachable only inside that tunnel: no inbound port, no public exposure of the bucket.

    2

    Your S3 client writes to the Gateway

    rclone, restic, aws-cli or your S3-compatible application push their objects to the Gateway's MinIO endpoint. You keep your tool and the S3 protocol; we provide the target.

    3

    Nimbus replicates multi-PBS + AirGap

    Ingested objects are protected downstream to a Primary PBS — and optionally Secondary PBS, a disconnected AirGap PBS and LTO tape in a vault. Retention and immutability on PBS, Object-Lock / WORM at archival.

    4

    Restore test

    We validate a real restore from the Nimbus chain to guarantee your objects are recoverable, then sign off on production.

    From S3 PUT to air-gap

    The object written to the bucket is replicated to an immutable PBS chain, then archived to tape. You compose the chain based on the PBS plan you subscribe to.

    S3 client (rclone / restic / app)
    Nimbus Backup Gateway (S3 / MinIO endpoint)
    Primary PBS (immutable)
    AirGap PBSoptional
    LTO WORM in a vaultoptional

    Multi-PBS architectures (France, Europe, AirGap) are detailed on the PBS plans and AirGap PBS pages. Why two sites? See the field report OVH Strasbourg fire.

    Backblaze B2 / Wasabi alternative: the difference is after the PUT

    With a B2 or Wasabi bucket, your objects live in a single object service. The protocol is the same with us — but what happens after the write is nothing alike:

    Replication to an immutable Primary PBS
    AirGap PBS copy disconnected from the network
    LTO WORM archival in a vault
    Hosting and supervision in France
    Dedicated VPN, bucket never exposed in clear
    Sized on your working set, not per object

    You do not migrate your tooling: you change the S3 destination and gain a full protection chain, instead of an isolated object store.

    What the S3 endpoint is — and is not

    It is

    • An S3-compatible ingestion target (MinIO backend, S3 API)
    • The entry point of an immutable PBS + AirGap + LTO chain
    • Reachable only through a dedicated VPN

    It is not

    • A multi-region production object store
    • A CDN nor a file distribution service
    • A promise of full feature parity with the AWS S3 API

    Full plans, pricing (Cloud from 150EUR excl. tax/month, 2 TB included), capacity and options are on the offsite NAS backup hub. To compare S3 against the other paths for your source, see the protocols matrix. Is the source a NAS? See offsite backup for a Synology NAS or offsite Unraid backup.

    Go further

    Offsite NAS hub

    The Gateway, its protocols and all the offers.

    Protocols matrix

    S3 vs rsync, SFTP, WebDAV by source.

    Choose your method

    The Proxmox / Gateway / Client decision guide.

    Unraid offsite backup

    rsync / restic to an object or file target.

    PBS plans

    The Nimbus Proxmox Backup Server plans.

    AirGap PBS

    A disconnected, out-of-reach copy.

    Frequently asked questions — S3 object backup

    An immutable S3 target, supervised in France

    We connect your S3 client to the Gateway, protect your objects to PBS and validate a restore. A 15-minute technical call, no commitment.

    Request a quote Schedule a call

    Complete your infrastructure

    Managed Proxmox VE

    High-availability hosting for your Proxmox VMs in European datacenters

    24/7 Server Management

    Monitoring, maintenance and on-call support for your infrastructure