As part of the series dedicated to the VMware VCSA Appliance, in this article we are now exploring how to take a VCSA Backup. The VMware virtual Appliance include a Backup utility we can use to protect the entire content and configurations of the vCenter Server Appliance.
In terms of where to store the VCSA Backup files the Appliance offers different protocols including:
- HTTPS
- HTTP
- SCP
- FTPS
- FTP
Ideally the choice should go for the secured transfer protocols above the other ones. And this is exactly what this article is covering. By simply creating a shared folder available through FTPS Protocol (File Transfer Protocol over SSL) on a Synology NAS device.
The steps to reproduce this in our homelab are pretty easy and consist of:
- Creating a user dedicated to Backup/Restore VCSA Backup Files on Synology NAS
- Create a Shared Folder to store Backup files
- Assign Permissions and Advanced settings to the Shared Folder
- Enable FTPS Protocol on Synology NAS
- Run a VCSA Backup job
So let’s start with the first part about configuring the Synology NAS
Step 1: Setup Synology NAS User for VMware VCSA Backup
From the Synology Desktop let’s open the Control Panel and create a User we want to associate to the VCSA Backup. The idea is have a dedicated User which has Read/Write permissions just to the VCSA Backup folder only.
From the User app let’s create a New User. This will be a Local User to the Synology NAS. Eventually we can also add Users from Active Directory, LDAP Server and even use SSO configurations.
As the screenshot is showing we need to provide the User information including name, email and password. Description field is optional but desired when working with lots of Users and Groups.
Since this User has the only purpose of accessing a dedicated folder fore the VCSA Backup, let’s provide the minimum privileges leaving the “users” group selected.
We have not created any dedicated Shared Folder yet so we can leave this part untouched if there are existing Shared Folders.
In the User quota settings we can define the thresholds. Since no selection was made on the previous screen this option is not effective. At least for the “VMStore” folder in this case.
Next is to specify which application permissions will be assigned to the User. In our case we’ll use the FTPS protocol. It is not showing here as not enabled yet.
Synology NAS also offer the ability to throttle speed based on Service type. For now we can leave this with default settings.
And finally the end of wizard shows a quick summary with main details. Let’s review them before committing changes.
Step 2: Creating the Synology Shared Folder to store VCSA Backup
Now that we have created the User on the Synology NAS it’s now time to create the Shared Folder where to store the VCSA Backup files. From the Control Panel let’s navigate to Shared Folder section to create our folder.
A new wizard will start and very easily we can input the desired settings like Name, Description and the Synology Volume where this Shared Folder will be hosted.
Additionally we can also encrypt the content of this folder for extra security. In my case for this homelab I will leave this option disabled. Also for the simple reason this might add extra time encrypting and decrypting content of the folder each time a Backup or Restore occur. In this case Encryption is at-rest.
In the Advanced Settings configurations we also have the option to enable Data Checksum and Folder Quota. Probably something we want to enable for Production environments.
And finally a quick Summary on main settings before proceeding with configuration changes.
As soon as we commit the changes the Synology wizard shows which users we want to give which permission to this Shared Folder. As per previous steps I will assign the “svc-VMwareBackup” the full Read/Write permissions.
Step 3: Enable Synology FTPS Protocol for VCSA Backup
We are now ready to start the FTPS protocol. We can simply do this from the Control Panel > File Services and navigate to the FTP tab as per screenshot below. We can leave the default settings and eventually change them on a later stage. For example by choosing a custom Network Port other than default 21.
Step 4: Create VCSA Backup Job
The Synology NAS is now ready to accept incoming connections on Port 21 using FTPS protocol. Next step is to open the VMware VCSA Appliance and from the main screen in Summary section we can start the VCSA Backup job.
A new wizard starts and as per screenshot below we need to define the Protocol, Location, Port, Username and Password. If required we can also encrypt the Backup Data. So in this case Encryption is on-flight.
One more thing I have noticed is that the target Backup Folder must be empty. Otherwise there will be an error showing this issue.
Your question might be: We have just created a new Shared Folder and it is empty, right? Why is the VCSA Backup wizard complaining?
Simply because the Shared Folder is “not” empty. There is one file called “desktop.ini” So the VCSA Backup wizard is correct! We can create a subfolder “VCSA” in my case where to store the VCSA Backup.
In the next screen we can select the Backup type. Default is type “1” which includes everything. Type “2” does not include S.E.A.T. (Stats, Event, Alarms, Tasks). This is interesting for example when scripting the VCSA Backup with PowerCLI and others.
SEAT tends to grow very big over time but we can always redirect such logs to an external Syslog Server like the one running on Synology.
And a final screen to review the main settings for the VCSA Backup Job.
At this point the VCSA Backup job is starting. It might take some time depending on the environment. I would also suggest to run the VCSA Backup regularly as it offer the benefit of having multiple point in time restores plus the transaction logs truncated.
Which make the built-in database more efficient and both Web UI more responsive when loading lots of data for big environments.
The VCSA Backup job is now completed.
If we browse the Shared Folder location we can see the actual content of the VCSA Backup. When we open the single archive files we also get a sense of what is currenlty included in the Backup file.
And this pretty much concludes a quick view on how to use Synology NAS to store VCSA Backup files. In this instance the process is manual. In separate articles we’ll cover how to run automatic VCSA Backup jobs and how to restore from Backups.
Good job on the delivery of setting up the VCSA backups on Synology. Keep up the good work. I have never worked on Synology and needed that input
Hi Gary,
Thanks for your comment and happy to hear it was useful. I’m still using the Synology as a backup target for the VCSA (now on 6.7u3!) and Syslog as well and so far is working great. So highly recommended.
Thanks,
Michele
Wow great article! thanks! Still relevant on our old infra today using 6.7u3 but planning on upgrading to 7 soon.
I got that “dir not empty” issue in the logs after following your instructions, so I also created a new folder called “VCSA” using winscp (connecting as svc_VMwarebackup)
But I’m getting “the Access to the provided location is denied. Check your credentials and permissions”. I (had to use ftp since winscp had a “TLS/SSL protection required” error connecting to FTPS)
How did you create the VCSA directory and are the rights “root”?
Thanks