VMware Cloud Foundation allows you to register an external SFTP server with SDDC Manager for backing up NSX Managers.

Until you register an external SFTP server, the NSX backups are taken on the SFTP server that is built into SDDC Manager. It is recommended that you register an external SFTP server soon after you upgrade or deploy VMware Cloud Foundation. Using an external SFTP server provides better protection against failures because it decouples the NSX backups from the SDDC Manager backups. The built-in SFTP server provides temporary protection against failures and should be used while you are setting up an external SFTP server.

It is important deploy a reliable SFTP server and ensure it is accessible from the VMware Cloud Foundation instance. If the SFTP server is not available when an NSX Manager attempts to back up its state, the backup will not be taken, and any recent changes are not backed up until the retries succeed. To ensure that this situation does not occur, it is recommended that you periodically check that NSX Manager backups are successfully taken, and monitoring that the backups for other products are also being successfully taken. If the SFTP server is not available at the time of deploying a workload domain or upgrading NSX, these operations fail.

When you register an SFTP server with SDDC Manager, it saves the SFTP server details, and then configures all existing NSX Managers to use the SFTP server. Finally, when any subsequent NSX Managers are deployed, SDDC Manager configures them to use this SFTP server as well. When you register the SFTP server, you must also specify a phrase to use to encrypt the NSX Manager backups. Note that this same phrase is also used to encrypt SDDC Manager file-based backups. For more information, see Backing Up and Restoring SDDC Manager. You can use the same UI and API to edit the settings of an already configured SFTP server and encryption phrase.

To configure an external SFTP server for the NSX Manager backup, perform the following steps:
Note: The backup server is available only for NSX Manager whereas the passphrase is available for both SDDC Manager and NSX Manager.

Prerequisites

  • The external SFTP server must support ECDSA SSH public key.
  • You must configure a privileged user and password before you can configure an external SFTP server. See Configure Dual Authentication.

Procedure

  1. In the SDDC Manager dashboard, select Administration > Backup Configuration.
  2. Click +Register External.
  3. Enter the IP address of the backup server. Ensure that the server is available for the successful configuration.
  4. Enter the port number at which the SFTP service is running.
  5. Enter the credentials of the server.
  6. Enter the backup directory path of the server. Ensure that the user you specify in step 5 can access the directory path since the backups are saved to this location. It is recommended to provide different directory paths for the different VMware Cloud Foundation instances in case you are using the same SFTP server across all.
  7. Confirm the fingerprint that is auto populated for the given IP address and the port.
  8. Enter the passphrase which is used for both NSX Managers and SDDC Manager backups.
  9. In the Authentication Credentials section, enter the privileged user credentials.
    The privileged user has access to privileged data. You created this user when you configured dual authentication.
  10. Click Save.
  11. Click Confirm.
  12. If you have to edit the backup configuration information, perform the following steps:
    1. On the SDDC Manager dashboard, select Administration > Backup Configuration.
    2. Click Edit.
    3. Edit the text boxes as per your requirement. If there is any change in the IP address or the backup directory path, if you save the configuration, the existing backups are not copied to the new location. Copy them manually.
    4. Enter the backup server password and the passphrase. If there is any change in the passphrase to the existing, you need to use the old passphrase while restoring previously taken backups.
    5. Enter the privileged user credentials.
    6. Click Save.
    7. Click Confirm.