VMware Cloud Foundation allows you to register an external SFTP server with SDDC Manager for backing up NSX Managers and the SDDC Manager VM.
It is important to deploy a reliable SFTP server and ensure it is accessible from the VMware Cloud Foundation instance. If the SFTP server is not available when the SDDC Manager VM or an NSX Manager attempts to back up its state, the backup will not be taken, and any recent changes are not backed up until the retries succeed. To ensure that this situation does not occur, it is recommended that you periodically check that backups are successfully taken, and monitoring that the backups for other products are also being successfully taken. If the SFTP server is not available at the time of deploying a workload domain or upgrading NSX, these operations fail.
When you configure an external SFTP server, SDDC Manager saves the SFTP server details, and then configures the SDDC Manager and all existing NSX Managers to use the SFTP server. When subsequent NSX Managers are deployed, SDDC Manager configures them to use this SFTP server as well.
When you configure an external SFTP server, NSX Manager backups are automatically scheduled at regular intervals. You can check and modify the backup interval in the NSX Manager UI. SDDC Manager VM backups are not scheduled automatically. Use the Cloud Foundation API to set a backup schedule for the SDDC Manager VM. See Configure a Backup Schedule for SDDC Manager VM.
To configure an external SFTP server, perform the following steps:
- The external SFTP server must support ECDSA SSH public key.
- Only a user with the ADMIN role can perform this task. See User and Group Management.
- You will need the SHA256 fingerprint of RSA key of the SFTP server.
- In the SDDC Manager dashboard, select Administration > Backup.
- Click Register External.
- Enter the FQDN or IP address of the backup server. Ensure that the server is available for the successful configuration.
- Enter the port number at which the SFTP service is running.
- Select SFTP as the transfer protocol.
- Enter the credentials of the server.
- Enter the backup directory path of the server.
Ensure that the user you specify in step 6 can access the directory path since the backups are saved to this location. It is recommended to provide different directory paths for the different VMware Cloud Foundation instances in case you are using the same SFTP server across all.
- Confirm the fingerprint that is auto populated for the given FQDN or IP address and the port.
- Enter the encryption passphrase which is used for both NSX Manager and SDDC Manager backups.
- Click Save.
- Click Confirm.
- If you have to edit the backup configuration information, perform the following steps:
- On the SDDC Manager dashboard, select Administration > Backup Configuration.
- Click Edit.
- Update the configuration information.
If there is any change in the FQDN/IP address or the backup directory path, if you save the configuration, the existing backups are not copied to the new location. Copy them manually.
- Enter the backup server password and the passphrase.
If you change the passphrase it only applies to future backups. You need to use the old passphrase while restoring previous backups.
- Click Save.
- Click Confirm.