top of page
Mark

Configure VCSA backups using SFTP on a Synology NAS

Updated: Mar 9

I had some fun and games setting this up, so I thought i'd blog the process for others in case its useful. Firstly, configuring working backups of your VCSA is critical, and should be your first layer of recovery, given its covered by VMware support.


Protocols supported for backup for VCSA 8.0 at time of writing are FTP, FTPS, HTTP, HTTPS, SFTP, NFS, or SMB. In this guide i'm going to be setting up SFTP on a Synology NAS for my homelab. I have already installed vCenter 8.02 and am configuring vCenter backups via the VAMI interface. Lets walk through the steps.


Enable SFTP

  • Log into your Synology Diskstation UI

  • Go to Control Panel > File Services

  • Click on the FTP Tab, scroll down, and tick the box next to SFTP.

    • Note the default port is 22. You may wish to change this (security by obscurity) in a production environment, but in my homelab, i'm going to leave this on port 22


Configure a user for SFTP


This is an optional step, and not required. I am recommending this step as best practise (ie to use a dedicated account only for the service it is required, and with no other permissions), but you can of course use an existing account if required


Click Control Panel > User & Group > Create

Enter details as shown below, then click Next


Join Groups - Accept the defaults (to add the user to the Users group only) and click Next


Assign shared folder permissions - Configure the permissions such that your new sftp_user account only has access to the VCSA Backups folder

Edit: Ah I later realized on this step i'd already created the VCSABackup folder, so you'll have to set all to no access, complete the remaining steps, then come back to this step and configure VCSABackups for the user to Read/Write.


Assign User Quota - Skip this unless you specifically need to configure this


Assign application permissions - Here i have set all Application permissions to deny, except for SFTP. Configure as shown, then click Next


Set user speed limit - Skip this unless you specifically need to configure it, Click Next


Confirm Settings - Click Done


Create the share on your Synology NAS


Go to Shared Folder, and Click Create to add a new shared folder


Set up basic information - Here I enter the name of the share and a description. I've left all other settings at their defaults, Click Next


Encryption - Here the wizard offers to configure Encryption for your backups. This is my homelab setup, so i'm going to skip this and click Next


Confirm Settings - Click Next


Configure User Permissions - here i've selected Local Users, and given my sftp_user account Read/Write access to the share. I've also added it to my Admin accounts for convenience. I've set no access for the other accounts that don't need it. Once done, Click Apply.


Note You can additionally click the drop down list and configure Local Groups and System Accounts if needed, but this isn't required, and I left those on their default settings.


Click Apply, and your new share appears in the list










That's all the config that is required on the Synology NAS. Now lets go to the VAMI


Creating the backup schedule on the vCenter VAMI


  • Log into your vCenter/VCSA Management interface via the url https://vcenter-url:5480

  • Click Backup, locate the Backup Schedule section, and click Edit at top right

  • You should see the screen below


Here i have entered the path to my Synology along with the share i created. I have also changed the schedule to my preferred time and also configured it to only keep 7 backups. Once done click Save.


To test the backup, Click Backup Now. Below you can see the results of my Manual Test, along with the scheduled job that ran a few minutes later



Lets browse to the VCSA Backups share after a few days of backups, and see what it looks like! Each backup folder is given the name of the vcenter being backed up. Here my vcenter is called vc01.homelab, and you can see a list of backup folders has now appeared. The first one listed with the "M" prefix was my Manual test, the remainder, prefixed with an "S" are Scheduled backups. I think the 13th is missing as i shut my lab down on that day.


If we select the most recent backup and browse to see what's in it, here you see a bunch of zip files along with a json file that contains more specific information about the VCSA appliance such as TCP/IP configuration, deployment size and so on


That's it, hope this guide helped you. Any questions, feel free to ask in the comments below!

19 views0 comments

Recent Posts

See All

Comments


bottom of page