Before backups can occur, you must configure a backup file server. After a backup file server is configured, you can start a backup at any time, or schedule recurring backups.


  • Verify that the SFTP server is running a supported OS.
    Currently supported OS Specifically tested version
    CentOS 7.7
    RHEL 7.7
    Ubuntu 18.04
    Windows Windows Server 2019 Standard
  • Verify that the SFTP server is ready for use and is running SSH and SFTP, using the following commands:
    • $ ssh backup_user@sftp_server
    • $ sftp backup_user@sftp_server
  • Ensure that the directory path exists where you want to store your backups. You cannot use the root directory (/).
  • If you have multiple NSX-T Data Center deployments, you must use a different directory for storing the backup of each deployment.
  • You can take backups using either the IP address or the FQDN of the NSX Manager or Global Manager appliance:
    • If you are using the IP address for backup and restore, do not publish the appliance's FQDN.
    • If you are using FQDN for backup and restore, you must configure and publish the FQDN before backup. Note that only lowercase FQDN is supported for backup and restore.

      Use this API to publish the NSX Manager or Global Manager FQDN.

      Example request:

      PUT https://<nsx-mgr OR global-mgr>/api/v1/configs/management
        "publish_fqdns": true,
        "_revision": 0

      See the NSX-T Data Center API Guide for API details.


  1. From a browser, log in with admin privileges to the NSX Manager or Global Manager at https://<manager-ip-address>.
  2. Select System > Backup & Restore.
  3. Click Edit under the SFTP Server label to configure your SFTP server.
  4. Enter the IP address or FQDN of the backup file server.
  5. Change the default port if necessary. The default port is 22.
  6. The protocol text box is already filled in.
    SFTP is the only supported protocol.
  7. In the Directory Path text box, enter the absolute directory path where the backups will be stored.
    The directory must already exist and cannot be the root directory ( /). If the backup file server is a Windows machine, you still use the forward slash when you specify the destination directory. For example, if the backup directory on the Windows machine is c:\SFTP_Root\backup, specify /SFTP_Root/backup as the destination directory.
    Note: The backup process will generate a name for the backup file that can be quite long. On a Windows server, the length of the full path name of the backup file can exceed the limit set by Windows and cause backups to fail. To avoid this issue, see the KB article
  8. Enter the user name and password required to log in to the backup file server.
    The first time you configure a file server, you must provide a password. Subsequently, if you reconfigure the file server, and the server IP or FQDN, port, and user name are the same, you do not need to enter the password again.
  9. You can leave the SSH Fingerprint blank and accept or reject the fingerprint provided by the server after you click Save in a later step. If necessary, you can retrieve the SSH fingerprint by using this API: POST /api/v1/cluster/backups?action=retrieve_ssh_fingerprint. Note that only SHA256 hashed ECDSA (256 bit, 384 bit, 521 bit) host key is accepted as a fingerprint.
  10. Enter a passphrase.
    Important: You will need this passphrase to restore a backup. If you forget the passphrase, you cannot restore any backups.
  11. Click Edit under the Schedule label.
    You can schedule recurring backups. You can also trigger backups for configuration changes. You can select both options for recurring backups.
    Note: When you set up recurring backups, the system automatically backs up the inventory if there is a change in inventory, such as the addition or removal of a Transport Node. This feature is not available for manual backups.

    Inventory backups do not get collected for Global Manager.

    To enable recurring backups:

    1. Click the Recurring Backup toggle.
    2. Click Weekly and set the days and time of the backup, or click Interval and set the interval between backups.
    3. Enabling the Detect NSX configuration change option will trigger an unscheduled full configuration backup when it detects any runtime or non-configuration related changes, or any change in user configuration. . For Global Manager, this setting triggers backup if any changes in the database are detected, such as the addition or removal of a Local Manager or Tier-0 gateway or DFW policy.
      You can specify a time interval for detecting database configuration changes. The valid range is 5 minutes to 1,440 minutes (24 hours).
      Note: This option can potentially generate a large number of backups. Use it with caution.
  12. Click Save.


After you configure a backup file server, you can click Backup Now to manually start a backup at any time. Automatic backups run as scheduled.

You see a progress bar of your in-progress backup.

When the manual or scheduled backup completes, it is listed in the Backup History section of the page. The Last Backup Status label indicates whether the backup was successful and lists the timestamp, node, and cluster details of the appliance backed up. If the backup fails, you can see an error message.

If you need to see a list of available backups but do not have access to an NSX Manager or Global Manager appliance see Listing Available Backups for details.