VMware VCSA Backup on Synology NAS

As part of the series dedicated to the VMware VCSA Appliance, in this article we are now exploring how to take a VCSA Backup. The VMware virtual Appliance include a Backup utility we can use to protect the entire content and configurations of the vCenter Server Appliance.

In terms of where to store the VCSA Backup files the Appliance offers different protocols including:

  • HTTPS
  • HTTP
  • SCP
  • FTPS
  • FTP

Ideally the choice should go for the secured transfer protocols above the other ones. And this is exactly what this article is covering. By simply creating a shared folder available through FTPS Protocol (File Transfer Protocol over SSL) on a Synology NAS device.

The steps to reproduce this in our homelab are pretty easy and consist of:

  1. Creating a user dedicated to Backup/Restore VCSA Backup Files on Synology NAS
  2. Create a Shared Folder to store Backup files
  3. Assign Permissions and Advanced settings to the Shared Folder
  4. Enable FTPS Protocol on Synology NAS
  5. Run a VCSA Backup job

So let’s start with the first part about configuring the Synology NAS

 

Step 1: Setup Synology NAS User for VMware VCSA Backup

From the Synology Desktop let’s open the Control Panel and create a User we want to associate to the VCSA Backup. The idea is have a dedicated User which has Read/Write permissions just to the VCSA Backup folder only.

domalab.com VMware VCSA Backup Synology Control Panel

From the User app let’s create a New User. This will be a Local User to the Synology NAS. Eventually we can also add Users from Active Directory, LDAP Server and even use SSO configurations.

domalab.com VMware VCSA Backup Synology Create User

As the screenshot is showing we need to provide the User information including name, email and password. Description field is optional but desired when working with lots of Users and Groups.

domalab.com VMware VCSA Backup Synology User wizard

Since this User has the only purpose of accessing a dedicated folder fore the VCSA Backup, let’s provide the minimum privileges leaving the “users” group selected.

domalab.com VMware VCSA Backup Synology joins group

We have not created any dedicated Shared Folder yet so we can leave this part untouched if there are existing Shared Folders.

domalab.com VMware VCSA Backup synology folder permissions

In the User quota settings we can define the thresholds. Since no selection was made on the previous screen this option is not effective. At least for the “VMStore” folder in this case.

domalab.com VMware VCSA Backup synology quota setting

Next is to specify which application permissions will be assigned to the User. In our case we’ll use the FTPS protocol. It is not showing here as not enabled yet.

domalab.com VMware VCSA Backup synology application permissions

Synology NAS also offer the ability to throttle speed based on Service type. For now we can leave this with default settings.

domalab.com VMware VCSA Backup synology speed limit

And finally the end of wizard shows a quick summary with main details. Let’s review them before committing changes.

domalab.com VMware VCSA Backup synology wizard summary

 

Step 2: Creating the Synology Shared Folder to store VCSA Backup

Now that we have created the User on the Synology NAS it’s now time to create the Shared Folder where to store the VCSA Backup files. From the Control Panel let’s navigate to Shared Folder section to create our folder.

A new wizard will start and very easily we can input the desired settings like Name, Description and the Synology Volume where this Shared Folder will be hosted.

domalab.com VMware VCSA Backup synology shared folder

Additionally we can also encrypt the content of this folder for extra security. In my case for this homelab I will leave this option disabled. Also for the simple reason this might add extra time encrypting and decrypting content of the folder each time a Backup or Restore occur. In this case Encryption is at-rest.

domalab.com VMware VCSA Backup synology shared folder encrypt

In the Advanced Settings configurations we also have the option to enable Data Checksum and Folder Quota. Probably something we want to enable for Production environments.

domalab.com VMware VCSA Backup shared folder advanced settings

And finally a quick Summary on main settings before proceeding with configuration changes.

domalab.com VMware VCSA Backup synology shared folder summary

As soon as we commit the changes the Synology wizard shows which users we want to give which permission to this Shared Folder. As per previous steps I will assign the “svc-VMwareBackup” the full Read/Write permissions.

domalab.com VMware VCSA Backup synology shared folder edit

 

Step 3: Enable Synology FTPS Protocol for VCSA Backup

We are now ready to start the FTPS protocol. We can simply do this from the Control Panel > File Services and navigate to the FTP tab as per screenshot below. We can leave the default settings and eventually change them on a later stage. For example by choosing a custom Network Port other than default 21.

domalab.com VMware VCSA Backup synology FTPS

 

Step 4: Create VCSA Backup Job

The Synology NAS is now ready to accept incoming connections on Port 21 using FTPS protocol. Next step is to open the VMware VCSA Appliance and from the main screen in Summary section we can start the VCSA Backup job.

domalab.com VMware VCSA Backup

A new wizard starts and as per screenshot below we need to define the Protocol, Location, Port, Username and Password. If required we can also encrypt the Backup Data. So in this case Encryption is on-flight.

One more thing I have noticed is that the target Backup Folder must be empty. Otherwise there will be an error showing this issue.

Your question might be: We have just created a new Shared Folder and it is empty, right? Why is the VCSA Backup wizard complaining?

Simply because the Shared Folder is “not” empty. There is one file called “desktop.ini” So the VCSA Backup wizard is correct! We can create a subfolder “VCSA” in my case where to store the VCSA Backup.

domalab.com VMware VCSA Backup details

In the next screen we can select the Backup type. Default is type “1” which includes everything. Type “2” does not include S.E.A.T. (Stats, Event, Alarms, Tasks). This is interesting for example when scripting the VCSA Backup with PowerCLI and others.

SEAT tends to grow very big over time but we can always redirect such logs to an external Syslog Server like the one running on Synology.

domalab.com VMware VCSA Backup parts

And a final screen to review the main settings for the VCSA Backup Job.

domalab.com VMware VCSA Backup summary

At this point the VCSA Backup job is starting. It might take some time depending on the environment. I would also suggest to run the VCSA Backup regularly as it offer the benefit of having multiple point in time restores plus the transaction logs truncated.

Which make the built-in database more efficient and both Web UI more responsive when loading lots of data for big environments.

domalab.com VMware VCSA Backup progress

The VCSA Backup job is now completed.

domalab.com VMware VCSA Backup successful

If we browse the Shared Folder location we can see the actual content of the VCSA Backup. When we open the single archive files we also get a sense of what is currenlty included in the Backup file.

domalab.com VMware VCSA Backup content

And this pretty much concludes a quick view on how to use Synology NAS to store VCSA Backup files. In this instance the process is manual. In separate articles we’ll cover how to run automatic VCSA Backup jobs and how to restore from Backups.

Michele Domanico

Passionate about Virtualization, Storage, Data Availability and Software Defined Data Center technologies. The aim of Domalab.com is sharing with the Community the knowledge and experience gained with customers, industry leaders and like minded peers. Always open to constructive feedback and new challenges.

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

%d bloggers like this: