I had some fun and games setting this up, so I thought i'd blog the process for others in case its useful. Firstly, configuring working backups of your VCSA is critical, and should be your first layer of recovery, given its covered by VMware support.
Protocols supported for backup for VCSA 8.0 at time of writing are FTP, FTPS, HTTP, HTTPS, SFTP, NFS, or SMB. In this guide i'm going to be setting up SFTP on a Synology NAS for my homelab. I have already installed vCenter 8.02 and am configuring vCenter backups via the VAMI interface. Lets walk through the steps.
Enable SFTP
Log into your Synology Diskstation UI
Go to Control Panel > File Services
Click on the FTP Tab, scroll down, and tick the box next to SFTP.
Note the default port is 22. You may wish to change this (security by obscurity) in a production environment, but in my homelab, i'm going to leave this on port 22
Configure a user for SFTP
This is an optional step, and not required. I am recommending this step as best practise (ie to use a dedicated account only for the service it is required, and with no other permissions), but you can of course use an existing account if required
Click Control Panel > User & Group > Create
Enter details as shown below, then click Next
Join Groups - Accept the defaults (to add the user to the Users group only) and click Next
Assign shared folder permissions - Configure the permissions such that your new sftp_user account only has access to the VCSA Backups folder
Edit: Ah I later realized on this step i'd already created the VCSABackup folder, so you'll have to set all to no access, complete the remaining steps, then come back to this step and configure VCSABackups for the user to Read/Write.
Assign User Quota - Skip this unless you specifically need to configure this
Assign application permissions - Here i have set all Application permissions to deny, except for SFTP. Configure as shown, then click Next
Set user speed limit - Skip this unless you specifically need to configure it, Click Next
Confirm Settings - Click Done
Create the share on your Synology NAS
Go to Shared Folder, and Click Create to add a new shared folder
Set up basic information - Here I enter the name of the share and a description. I've left all other settings at their defaults, Click Next
Encryption - Here the wizard offers to configure Encryption for your backups. This is my homelab setup, so i'm going to skip this and click Next
Confirm Settings - Click Next
Configure User Permissions - here i've selected Local Users, and given my sftp_user account Read/Write access to the share. I've also added it to my Admin accounts for convenience. I've set no access for the other accounts that don't need it. Once done, Click Apply.
Note You can additionally click the drop down list and configure Local Groups and System Accounts if needed, but this isn't required, and I left those on their default settings.
Click Apply, and your new share appears in the list
That's all the config that is required on the Synology NAS. Now lets go to the VAMI
Creating the backup schedule on the vCenter VAMI
Log into your vCenter/VCSA Management interface via the url https://vcenter-url:5480
Click Backup, locate the Backup Schedule section, and click Edit at top right
You should see the screen below
Here i have entered the path to my Synology along with the share i created. I have also changed the schedule to my preferred time and also configured it to only keep 7 backups. Once done click Save.
To test the backup, Click Backup Now. Below you can see the results of my Manual Test, along with the scheduled job that ran a few minutes later
Lets browse to the VCSA Backups share after a few days of backups, and see what it looks like! Each backup folder is given the name of the vcenter being backed up. Here my vcenter is called vc01.homelab, and you can see a list of backup folders has now appeared. The first one listed with the "M" prefix was my Manual test, the remainder, prefixed with an "S" are Scheduled backups. I think the 13th is missing as i shut my lab down on that day.
If we select the most recent backup and browse to see what's in it, here you see a bunch of zip files along with a json file that contains more specific information about the VCSA appliance such as TCP/IP configuration, deployment size and so on
That's it, hope this guide helped you. Any questions, feel free to ask in the comments below!
Comments