VaultSync is built around a simple idea: any source, any target, any direction. That only works because every device, storage platform, and cloud provider is a plugin. Source plugins read data safely (consistent snapshots, change-tracking, zero-copy where available). Target plugins write data durably (encryption, immutability, integrity verification). Mix and match to compose backup, restore, cross-platform migration, bidirectional sync, and HA state-sync.
What VaultSync reads from. Each source plugin handles consistency, change-tracking, and permission scoping appropriate to that platform.
Encrypted per-device backup: photos, contacts, messages, app-data where permitted by the OS. Consent-based, end-to-end encrypted, with per-device restore that works across OS versions.
Agent-based snapshot capture (VSS on Windows, LVM / ZFS / Btrfs on Linux, APFS on macOS). Full-disk images for P2V restore or file-level selective restore.
Read-side integration with each NAS's native snapshot APIs. Incremental-forever snapshots, dataset-level scoping, and BTRFS / ZFS send-stream efficiency where the NAS supports it.
iSCSI / FC / NVMe-oF initiators + native snapshot-API integration per vendor. Off-host backup via snapshot-mount so production I/O is untouched during capture.
libvirt/KVM, Proxmox VE, VMware ESXi, Hyper-V, VirtualBox, Incus — VaultSync consumes workload snapshots from IVMIA, so the same set of hypervisors that orchestrate workloads also back them up, without a second agent.
Volume snapshot + consistency-hook integration. For Kubernetes, coordinates with CSI snapshot providers so stateful workloads (databases, message queues) capture quiesced.
Every network device NIVMIA manages becomes a backup source. Versioned, signed, and restorable configurations for switches, routers, firewalls, and SD-WAN edges — through the same vendor plugins.
Quiesced-snapshot or native-dump plugins depending on engine. Point-in-time restore coordination for Postgres WAL, MySQL binlog, and MSSQL transaction logs.
Where VaultSync writes. Every target supports encryption-at-rest, integrity verification, and immutability / WORM where the target itself does.
Native Blob SDK integration, tier-aware placement, immutability policies (legal-hold and time-based). Multi-region replication awareness for DR.
First-class OCI integration with retention-rule and legal-hold policies. Paired with IVMIA's OCI plugin when full cross-cloud orchestration is required.
Generic S3 target covering every S3-API-compatible endpoint. Object-lock support where the target offers it, lifecycle-policy coordination, multi-endpoint resiliency.
Content-addressed dedupe, encrypted at rest, verified restore. First-class target for Proxmox-heavy estates and mixed environments that want PBS's dedupe efficiency.
Direct-attached or networked filesystem targets. Encryption-at-rest and integrity-checking handled by VaultSync so the underlying storage does not need to be trusted.
Library and drive orchestration, barcode-aware placement, immutable long-retention vaulting for regulated workloads and ransomware-survivable air-gap copies.
Target a remote VaultSync appliance directly — encrypted, resumable, bandwidth-throttled. The primary pattern for DR-site replication and for federated multi-site deployments.
The value of the plugin model is that every source can write to every target. Here are the common compositions.
Any source → any durable target. Scheduled, encrypted, integrity-verified. Automated restore-testing on cadence.
VMware snapshot → Proxmox target; Hyper-V snapshot → libvirt target. Restore a workload to a completely different hypervisor in one operation.
Two sources, treated as peers. Heterogeneous storage staying in step — NAS to cloud, SAN to NAS, site A to site B.
Active source, standby target, continuous replication. VaultSync coordinates the state-sync leg of an assisted-HA topology.
Tape or object-locked cloud target. Ransomware-survivable copy that the production side cannot modify or delete.
Workstation or mobile source → archive target. Verified off-ramp when a user leaves or a device is replaced, with encrypted long-retention hold.
Every source plugin implements capture, verify, stream. Every target plugin implements receive, verify, finalize. Every plugin is signed, versioned, and hot-loadable — so new backends arrive without replacing the appliance. Cross-product coordination (IVMIA workloads, NIVMIA device configs) happens through the plugin manifest, not a side channel.
VaultSync's plugin model is how we keep the promise: any source, any target, any direction, no surprises on restore day.
Back to All Products Talk to Us