Setting up the backup of the NSX-T managers is a fairly simple process and is done via the web UI. what can’t be managed from the UI is the retention period of the backups that has to be done via a script on the SFTP server otherwise the backup server will eventually run out of disk space and then the backups will start having issues.
Backups are obviously important to allow recovery of NSX-T managers in the event of a failure however they are also one of the main supported ways to do site failures with a Multisite deployment. (the other being Site Recovery Manager if you have a stretched L2 management network)
While restoring from backup data plane operations will not be affected however, you will not be able to make configuration changes or vMotion VM’s.
The data that is collected during each backup is.
- Cluster Backup – Includes the desired state of the virtual network.
- Node Backup – Backup of the NSX Manager node.
- Inventory Backup – Includes the set of ESX, KVM hosts and Edge nodes. This information is used during a restore operation to detect and fix discrepancies between the Management Plane’s desired state and these hosts.
When configuring backups there are three types that can be configured and run.
- Manual Backups
Simply log into the UI and click START BACKUP.
- Scheduled Backups
Scheduled backups run based on a user-defined schedule.
- NSX Change Detected Backups
Once scheduled backups are configured you can also configure backups to occur whenever a change is detected. This is done automatically and in addition to the Scheduled backups. This is recommended for multisite deployments to ensure the latest configuration is available at all times.
- You must restore to new appliances running the same version of NSX-T Data Center as the appliances that were backed up.
- If you are using an NSX Manager or Global Manager IP address to restore, you must use the same IP address as in the backup.
- If you are using an NSX Manager or Global Manager FQDN to restore, you must use the same FQDN as in the backup. Note that only lowercase FQDN is supported for backup and restore.
First off you need an SFTP server to backup to, I’m not going to delve into how to configure this there are plenty of blogs which cover that and I wouldn’t be able to do it justice as it’s a bit outside my knowledge area at the moment.
Login to your NSX-T manager web UI and go to System, Lifecycle Management, Backup and Restore. Under SFTP server click Edit then fill out the details for your SFTP server.
Hit SAVE then click ADD to add the fingerprint for the server
Finally click SAVE again.
To configure a scheduled backup click EDIT under Schedule
First enable the Scheduled backup by enabling the slider, you then have a choice of Interval backups with a maximum allowed value of 24 hours.
Or Weekly which can be enbled on all or selected days with a maximum time allowed of 23 hours though if you leave it at 00 it will schedule the backup for midnight.
For multisite deployments make sure you enable the Detect NSX configuration change option and then set an interval the max time allowed here is 59 minutes then click SAVE
A backup should start if not then click START BACKUP
Configuring The Backup Retention
VMware includes a Python script on the NSX-T manager which you can add to you SFTP server to clean up old backups.
I’m going to be adding this and setting up a daily script to remove backups older than 7 days.
First I need to copy the Python script from the NSX-T manager for this I login to the SFTP Server which is running Ubuntu in my case, then I run SCP to copy the file locally.
sudo scp root@<nsx-mgr>:/var/vmware/nsx/file-store/nsx_backup_cleaner.py /sbin/
I now create a wrapper shell script under /etc/cron.daily this will run the nsx_backup_cleaner python script with the additional parameters.
sudo nano /etc/cron.daily/nsx_backup_cleaner.sh
Add the lines below into the script. The -d configures it to run daily and the -k 7 keeps the backups for 7 days. Save the script and exit
#!/bin/sh /sbin/nsx_backup_cleaner.py -d /backup -k 7
Now I just need to make the script executable by running.
sudo chmod +x /etc/cron.daily/nsx_backup_cleaner.sh
And with that we have our backups configured.