You can backup the CSM appliance manually or set up a recurring backup after you configure a backup server.

You can only restore the CSM appliance from an IP address backup. Do not configure FQDN for the CSM appliance.


  • Verify that you have the SSH fingerprint of the backup file server. Only SHA256 hashed ECDSA key is accepted as a fingerprint. See Find the SSH Fingerprint of a Remote Server.
  • Ensure that the directory path already exists where you want to store your backups. You cannot use the root directory (/).


  1. From your browser, log in with admin privileges to CSM at https://<csm-ip-address>.
  2. Select System > Utilities > Tools.
  3. On the Backup tab, click Configure.
  4. Enter the IP address or host name of the backup file server.
  5. Change the default port if required.
  6. The protocol field is already filled in. Do not change the value.
    SFTP is the only supported protocol.
  7. Enter the username and password required to log in to the backup file server.
    The first time you configure a file server, you must provide a password. Subsequently, if you reconfigure the file server, and the server IP (or hostname), port, and user name are the same, you do not need to enter the password again.
  8. In the Destination Directory field, enter the absolute directory path where the backups will be stored.
    The directory must already exist and cannot be /. If the backup file server is a Windows machine, you still use the forward slash when you specify the destination directory. For example, if the backup directory on the Windows machine is c:\SFTP_Root\backup, specify /SFTP_Root/backup as the destination directory.
    Note: The backup process will generate a name for the backup file that can be quite long. On a Windows server, the length of the full path name of the backup file can exceed the limit set by Windows and cause backups to fail. To avoid this issue, see the KB article
  9. To encrypt the backups, enter an Encryption Passphrase.
    You will need this passphrase to restore a backup. If you forget the passphrase, you cannot restore any backups.
  10. Enter the SSH fingerprint of the server that stores the backups.
    You can leave this blank and accept or reject the fingerprint provided by the server.
  11. Click the Schedule tab.
  12. To enable automatic backups, click the Automatic Backup toggle.
  13. Click Weekly and set the days and time of the backup, or click Interval and set the interval between backups.
  14. Enabling the Detect NSX configuration change option will trigger an unscheduled full configuration backup when it detects any runtime or non-configuration related changes, or any change in user configuration.
    You can specify a time interval for detecting database configuration changes. The valid range is 5 minutes to 1,440 minutes (24 hours).
    Note: This option can potentially generate a large number of backups. Use it with caution.
  15. Click Save.


After you configure a backup file server, you can click Backup Now to start a backup at any time.

If your backup server is getting full, see instructions for removing backups: Remove Old Backups.