In the management interface of the appliance, create a backup schedule for generating new backup archives of VMware Cloud Director Availability. Connect and authenticate to an external server using Secure File Transfer Protocol (SFTP) for scheduled uploads of the backup archives as files for future restore to that moment in time.

This procedure is applicable to any the following VMware Cloud Director Availability appliance roles:

  • Cloud Director Replication Management Appliance
  • Cloud Director Combined Appliance
  • On-Premises to Cloud Director Replication Appliance
  • vCenter Replication Management Appliance
  • On-Premises to Cloud vCenter Replication Appliance

You schedule the backup generation of VMware Cloud Director Availability only by using the management interface of the appliance. The scheduled backup archives contain the following information from each appliance in the site:

  • Configuration files
  • Public certificate
  • Keystore
  • Database dump
In the backup archive, this information is stored as multiple .enc appliance backup files. When generating the backup, you provide a password that encrypts the .enc appliance backup files to preserve any sensitive information.

A backup file does not contain:

  • The appliance root user password.
  • Any previous backup archives.
  • Any support bundles.
  • The NTP time server configuration.
  • Enable SSH state.
  • The network configuration provided in the OVF wizard during appliance deployment.
  • Static routes configured on appliances with multiple network interface cards (NICs).
Note: After evacuating a datastore, all backups taken priorly cannot restore the replications. For information about datastore evacuation, see Evacuate the replications data from a datastore.

Prerequisites

  • Verify that VMware Cloud Director Availability 4.6 or later is installed for configuring the backups interval and its retention period.

    Alternatively, for information about backing up the appliances to their local internal storage, see Back Up All Appliances in the Cloud and for all the remaining appliance roles, see Back Up the Appliance.

  • Verify that the SFTP server is available and is reachable from VMware Cloud Director Availability.
  • Verify that before taking a backup, all VMware Cloud Director Availability services are operational. As exception, unreachable Replicator Service instances without incoming replications do not prevent generating a backup. The scheduled backup generation fails when any other of the services cannot be reached or is not operational.
  • Verify that the free disk space value in the bottom of the System health page shows at least 40% amount of free space for each of the VMware Cloud Director Availability appliances in the site. The scheduled backup generation fails when there is insufficient storage.

Procedure

  1. Log in to the management interface of the VMware Cloud Director Availability appliance.
    1. In a Web browser, go to https://Appliance-IP-Address/ui/admin.
    2. Select Appliance login or SSO login and enter the root or the single sign-on user credentials.
    3. Click Login.
  2. In the left pane, click Backup Archives.
  3. On the Scheduled backup archives tab, configure or edit the backup schedule.
    • When Backup schedule shows Unconfigured, click Configure schedule.
    • Alternatively, when Backup schedule shows Configured, click Edit configuration.
  4. Complete the wizard.
    1. On the Server authentication page, configure the following details then click Next.
      Option Description

      Server location

      		 Enter sftp://FQDN-or-IP-address:port/destination_folder/subfolder, where the /destination_folder/subfolder path is relative to the root / directory on the server.
      Note: When changing this address to a new server, the backup retention only applies to the newly configured server. No retention applies to any backups stored on the previously configured server.

      Authentication method
      • Select Authenticate using server credentials and enter both Server user name and Server password.
      • Alternatively, select Authenticate using public key and enter Server user name, click Click to copy public key then paste appending it to the authorized_keys file in the server.

      Server user name

      		 Enter the user for the backup server.

      Server password

      		 After selecting Authenticate using server credentials, enter the password for the backup server user.
      Test connection Click to establish a connection with the server, then verify and accept its SSH public key.
    2. On the Settings page, configure the backup interval, encryption, and retention then click Next.
      Option Description

      Delay backup start time

      		 Activate this toggle to enter Start time of the backup schedule.

      Backup interval

      		 Enter the time interval between each two scheduled backups. The minimum is 30 minutes and the maximum is 1 week. By default, the backup interval is 30 minutes.
      Encryption password Enter a password to protect the contents of the backup archive. The password that you must enter must contain a minimum of eight characters and must consist of:
      • At least one lowercase letter.
      • At least one uppercase letter.
      • At least one number.
      • At least one special character, such as & # % .

      Confirm Password

      		Confirm the same password to protect the contents of the backup archive.
      Retention
      • Select Retain all backups to never automatically delete any externally stored backups.
      • Alternatively, select Specify the number of backups to retain to automatically delete backups past the configured Number of retained backups. By default, the appliance keeps 10 backups on the external server. The retention period is 5 hour(s).
    3. On the Summary page, verify the selected settings then click Finish.
    The Backup schedule section shows Configured and displays:
    • SFTP server location
    • Authentication method
    • Backup server user name
    • Encryption password
    • Backup interval
    • Number of retained backups
    • Start time
    • Next backup run time
    • Number of retained backups
    In the Scheduled backup tasks table you see a Generate scheduled backup archive task progressing.
  5. (Optional) To modify the backup schedule, click Edit configuration then complete the Edit Backup Schedule wizard.
    On the Server location page, to select the Untrust the old SFTP server check box and remove the established trust with the previously configured SFTP server, first remove the old SFTP server from the list of trusted SSH hosts by going to Settings > Security settings > Trusted SSH hosts > Remove.

    Alternatively, when using key-based authentication, copy the new public key and paste appending it to the authorized_keys file in the SFTP server.

    This trust is listed on the Settings page, under Security settings by expanding the Trusted SSH hosts section where you can also optionally click Copy or Regenerate for the SSH public key, or optionally click Add and in the Add SSH host window enter Host and Port then verify and accept the SSH server public key.

Results

At the scheduled time, VMware Cloud Director Availability starts backing up then uploads the backup files directly to the SFTP server.

What to do next

  • You can later download one of the scheduled backup files directly from the SFTP server for restoring VMware Cloud Director Availability to that moment in time. For information about restoring from a backup archive, see Restore the appliances in the cloud.
  • To manually delete backup files, delete them directly from the SFTP server. This action has no effect on the scheduled backup task in the user interface.

  • To automatically delete the oldest backups from the SFTP server, configure Retention as shown in step 4.