Before backups can occur, you must configure a backup file server. After a backup file server is configured, you can start a backup at any time, or schedule recurring backups.


  • Verify that the SFTP server is running supported OS and SFTP software. The following table displays the supported and tested software for backup, although other software versions might work.
    Currently supported OS Specifically tested version SFTP software version
    CentOS 7.7 OpenSSH_7.4p1
    RHEL 7.7 OpenSSH_7.4p1
    Ubuntu 18.04 OpenSSH_7.6p1
    Windows Windows Server 2019 Standard OpenSSH_for_Windows_7.7p1
  • Verify that the SFTP server is ready for use and is running SSH and SFTP, using the following commands:
    • $ ssh backup_user@sftp_server
    • $ sftp backup_user@sftp_server
  • Ensure that the directory path exists where you want to store your backups. You cannot use the root directory (/).
  • If you have multiple NSX-T Data Center deployments, you must use a different directory for storing the backup of each deployment.
  • You can take backups using either the IP address or the FQDN of the NSX Manager or Global Manager appliance:
    • If you are using the IP address for backup and restore, do not publish the appliance's FQDN.
    • If you are using FQDN for backup and restore, you must configure and publish the FQDN before starting the backup. Backup and restore only support lowercase FQDN.

      Use this API to publish the NSX Manager or Global Manager FQDN.

      Example request:

      PUT https://<nsx-mgr OR global-mgr>/api/v1/configs/management
        "publish_fqdns": true,
        "_revision": 0

      See the NSX-T Data Center API Guide for API details.


  1. From a browser, log in with admin privileges to the NSX Manager or Global Manager at https://<manager-ip-address>.
  2. Select System > Backup & Restore.
  3. Click Edit under the SFTP Server label to configure your SFTP server.
  4. Enter the IP address or FQDN of the backup file server.
  5. Change the default port if necessary. The default port is 22.
  6. The protocol text box is already filled in.
    SFTP is the only supported protocol.
  7. In the Directory Path text box, enter the absolute directory path where the backups will be stored.
    The directory must already exist and cannot be the root directory ( /). Avoid using path drive letters or spaces in directory names; they are not supported. If the backup file server is a Windows machine, you must use the forward slash when you specify the destination directory. For example, if the backup directory on the Windows machine is c:\SFTP_Root\backup, specify /SFTP_Root/backup as the destination directory.
    The path to the backup directory can contain only the following characters: alphanumerics ( a-z , A-Z, 0-9 ), underscore ( _ ) , plus and minus sign ( + - ), tilde and percent sign ( ~ % ), forward slash ( / ), and period (.).
    The backup process generates a name for the backup file that can be quite long. On a Windows server, the length of the full path name of the backup file can exceed the limit set by Windows and cause backups to fail. To avoid this issue, see the KB article
  8. Enter the user name and password required to log in to the backup file server.
    The first time you configure a file server, you must provide a password. Subsequently, if you reconfigure the file server, and the server IP or FQDN, port, and user name are the same, you do not need to enter the password again.
  9. You can leave the SSH Fingerprint blank and accept or reject the fingerprint provided by the server after you click Save in a later step. If necessary, you can retrieve the SSH fingerprint by using this API: POST /api/v1/cluster/backups?action=retrieve_ssh_fingerprint. Note that only SHA256 hashed ECDSA (256 bit) host key is accepted as a fingerprint.
  10. Enter a passphrase.
    Important: You will need this passphrase to restore a backup. If you forget the passphrase, you cannot restore any backups.
  11. Click Edit under the Schedule label.
    You can schedule recurring backups. You can also trigger backups for configuration changes. You can select both options for recurring backups.When you set up recurring backups, the system automatically backs up the inventory if there is a change in inventory, such as the addition or removal of a Transport Node. This feature is not available for manual backups.

    Inventory backups do not get collected for Global Manager.

    To enable recurring backups:

    1. Click the Recurring Backup toggle.
    2. Click Weekly and set the days and time of the backup, or click Interval and set the interval between backups.
    3. Enabling the Detect NSX configuration change option will trigger an unscheduled full configuration backup when it detects any runtime or non-configuration related changes, or any change in user configuration. For Global Manager, this setting triggers backup if any changes in the database are detected, such as the addition or removal of a Local Manager or Tier-0 gateway or DFW policy.

      You can specify a time interval for detecting database configuration changes. The valid range is 5 minutes to 1,440 minutes (24 hours). This option can potentially generate a large number of backups. Use it with caution.

  12. Click Save.


After you configure a backup file server, you can click Backup Now to manually start a backup at any time. Automatic backups run as scheduled.

You see a progress bar of your in-progress backup.

When the manual or scheduled backup completes, it is listed in the Backup History section of the page. The Last Backup Status label indicates whether the backup was successful and lists the timestamp, node, and cluster details of the appliance backed up. If the backup fails, you can see an error message.

If you need to see a list of available backups but do not have access to an NSX Manager or Global Manager appliance see Listing Available Backups for details.