top of page
  • Mark

Configure VCSA backups using SFTP on a Synology NAS

Updated: Mar 9

I had some fun and games setting this up, so I thought i'd blog the process for others in case its useful. Firstly, configuring working backups of your VCSA is critical, and should be your first layer of recovery, given its covered by VMware support.

Protocols supported for backup for VCSA 8.0 at time of writing are FTP, FTPS, HTTP, HTTPS, SFTP, NFS, or SMB. In this guide i'm going to be setting up SFTP on a Synology NAS for my homelab. I have already installed vCenter 8.02 and am configuring vCenter backups via the VAMI interface. Lets walk through the steps.

Enable SFTP

  • Log into your Synology Diskstation UI

  • Go to Control Panel > File Services

  • Click on the FTP Tab, scroll down, and tick the box next to SFTP.

    • Note the default port is 22. You may wish to change this (security by obscurity) in a production environment, but in my homelab, i'm going to leave this on port 22

Configure a user for SFTP

This is an optional step, and not required. I am recommending this step as best practise (ie to use a dedicated account only for the service it is required, and with no other permissions), but you can of course use an existing account if required

Click Control Panel > User & Group > Create

Enter details as shown below, then click Next

Join Groups - Accept the defaults (to add the user to the Users group only) and click Next

Assign shared folder permissions - Configure the permissions such that your new sftp_user account only has access to the VCSA Backups folder

Edit: Ah I later realized on this step i'd already created the VCSABackup folder, so you'll have to set all to no access, complete the remaining steps, then come back to this step and configure VCSABackups for the user to Read/Write.

Assign User Quota - Skip this unless you specifically need to configure this

Assign application permissions - Here i have set all Application permissions to deny, except for SFTP. Configure as shown, then click Next

Set user speed limit - Skip this unless you specifically need to configure it, Click Next

Confirm Settings - Click Done

Create the share on your Synology NAS

Go to Shared Folder, and Click Create to add a new shared folder

Set up basic information - Here I enter the name of the share and a description. I've left all other settings at their defaults, Click Next

Encryption - Here the wizard offers to configure Encryption for your backups. This is my homelab setup, so i'm going to skip this and click Next

Confirm Settings - Click Next

Configure User Permissions - here i've selected Local Users, and given my sftp_user account Read/Write access to the share. I've also added it to my Admin accounts for convenience. I've set no access for the other accounts that don't need it. Once done, Click Apply.

Note You can additionally click the drop down list and configure Local Groups and System Accounts if needed, but this isn't required, and I left those on their default settings.

Click Apply, and your new share appears in the list

That's all the config that is required on the Synology NAS. Now lets go to the VAMI

Creating the backup schedule on the vCenter VAMI

  • Log into your vCenter/VCSA Management interface via the url https://vcenter-url:5480

  • Click Backup, locate the Backup Schedule section, and click Edit at top right

  • You should see the screen below

Here i have entered the path to my Synology along with the share i created. I have also changed the schedule to my preferred time and also configured it to only keep 7 backups. Once done click Save.

To test the backup, Click Backup Now. Below you can see the results of my Manual Test, along with the scheduled job that ran a few minutes later

Lets browse to the VCSA Backups share after a few days of backups, and see what it looks like! Each backup folder is given the name of the vcenter being backed up. Here my vcenter is called vc01.homelab, and you can see a list of backup folders has now appeared. The first one listed with the "M" prefix was my Manual test, the remainder, prefixed with an "S" are Scheduled backups. I think the 13th is missing as i shut my lab down on that day.

If we select the most recent backup and browse to see what's in it, here you see a bunch of zip files along with a json file that contains more specific information about the VCSA appliance such as TCP/IP configuration, deployment size and so on

That's it, hope this guide helped you. Any questions, feel free to ask in the comments below!

19 views0 comments

Recent Posts

See All

Why core count is so important under Broadcom

In the new Broadcom licensing model, you must license a minimum of 16 cores per socket, then additionally, license every core above that number. Therefore it seems clear that switching to 16 core proc

Copying a VM between 2 x ESXi Hosts

Why would i want to do this? You may need to do this if you are working with standalone ESXi hosts with no vCenter, or if you just like playing around in your Homelab. Figuring out how to solve such p


bottom of page