Before backups can occur, you must configure a backup file server. After a backup file server is configured, you can start a backup at any time, or configure a schedule for automatic backups.


Verify that you have the SSH fingerprint of the backup file server. Only an SHA256 hashed ECDSA (256 bit) key is accepted as a fingerprint. See Find the SSH Fingerprint of a Remote Server.


  1. From your browser, log in with admin privileges to an NSX Manager at https://<nsx-manager-ip-address>.
  2. Select System > Backup & Restore.
  3. Click Edit in the upper right of the page to configure backups.
  4. Enter the IP address or host name of the backup file server.
  5. Change the default port if required.
  6. The protocol field is already filled in. Do not change the value.
    SFTP is the only supported protocol.
  7. Enter the user name and password required to log in to the backup file server.
    The first time you configure a file server, you must provide a password. Subsequently, if you reconfigure the file server, and the server IP (or hostname), port, and user name are the same, you do not need to enter the password again.
  8. In the Destination Directory field, enter the absolute directory path where the backups will be stored.
    The directory must already exist and cannot be /. If you have multiple NSX-T Data Center deployments, you must use a different directory for each deployment. If the backup file server is a Windows machine, you still use the forward slash when you specify the destination directory. For example, if the backup directory on the Windows machine is c:\SFTP_Root\backup, specify /SFTP_Root/backup as the destination directory.
    Note: The backup process will generate a name for the backup file that can be quite long. On a Windows server, the length of the full path name of the backup file can exceed the limit set by Windows and cause backups to fail. To avoid this issue, see the KB article
  9. To encrypt the backups, click the Change Encryption Passphrase toggle and enter the encryption passphrase.
    You will need this passphrase to restore a backup. If you forget the passphrase, you cannot restore any backups.
  10. Enter the SSH fingerprint of the server that stores the backups.
    You can leave this blank and accept or reject the fingerprint provided by the server.
  11. Click the Schedule tab.
  12. To enable automatic backups, click the Automatic Backup toggle.
  13. Click Weekly and set the days and time of the backup, or click Interval and set the interval between backups.
  14. To trigger a backup when the configuration of the network changes, set the Detect NSX configuration change toggle to Enabled.
    You can set the interval between the backups triggered by configuration changes. The default is 5 minutes.
  15. Click Save.


After you configure a backup file server, you can click Backup Now to start a backup at any time.