During my last couple of NSX projects the backup of the NSX Manager proved to be some kind of a challenge. Using the NSX manager, it is possible to create backups via the FTP or the SFTP transfer protocol, but because we wanted to adhere the NSX hardening recommendations SFTP is preferred transfer protocol. No biggie you would think, except that most of the customers did not possessed the proper SFTP (don’t confuse with FTPS!!) software to support this.
Why is it so important to create a proper backup of the NSX Manager? Well that’s because the backup contains the following components :
I think you now understand why you want to have these settings safely stored away.
So what are our options? On SFTP.net the authors created a list of stand-alone SFTP servers that can be used for this task. For some customers it is difficult to procure these types of software online and rather use “freeware”. Then the next problem arises, some companies won’t use encryption software if it’s not commercial… Yeah I love those discussion with the security guys 🙂 .
OK so just for the sake of it (and I’m not bound by any security guys looking over my shoulders) I’m just going for the NSX Manager SFTP Backup based on FreeFTPd for Windows.
Download the FreeFTPd software and run the installer :
Select a path for the installation :
Select “Full Installation” (funny enough there is no other option than this) :
Select the Start folder :
Deselect the “Create a desktop icon” if you don’t want a cluttered desktop :
Review your settings and select “Install” :
Select “Yes” if you want to generate the private keys automaticly :
And select “Yes” if you want to install FreeFTPd as a service :
Select “Finish” to close the installer.
NOTE: Be absolutely sure to run the FreeFTPd configuration utility as a Administrator (right click “Run as an Administrator”) and have the FreeFTPd service stopped! Otherwise your settings won’t work and the SFTP service won’t be started!
In the configuration utility select “Users” and select “Add” :
Select “Password stored as SHA1 hash” at the “Authorization” field and fill in all the fields and configure a strong password (so no Welcome123!) and select “Apply” :
Quit the FreeFTPd configuration utility (also the one running in your systray!), go the Services Management Console start the FreeFTPd service.
Check if the service is running by using the following command line :
netstat -na | findstr 0.0.0.0:22
It should return something like this :
C:\Users\Administrator>netstat -na | findstr 0.0.0.0:22
TCP 0.0.0.0:22 0.0.0.0:0 LISTENING
NSX Manager SFTP Backup
The configuration of the NSX Manager Backup is quite easy so I’m going though it quite rapidly :
Open the NSX Manager and select “Backup & Restore” and select “Change” beside FTP Server Settings :
Fill in the fields according to your configuration, don’t forget to set the “Transfer Protocol” to SFTP, and select “OK” :
Select “Change” beside “Scheduling” and fill in the settings :
If necessary to exclude object from the backup select “Change” beside “Scheduling” and select the object to exclude from the backup :
Select “Backup” and “Start” to test the backup :
If successful it will look like this in the NSX Manager :
And like this in the specified backup directory :
Backup files rotation
Somehow there is no backup file rotation build in the NSX Manager!?! So if you’re not careful the backup directory can grow quite rapidly and fill up your disk.
That is why I use a simple script that runs on a task schedule and removes the backup files older than the configured days.
forfiles /p "C:\NSXBACKUPDIRECTORY" /s /m * /D -5 /C "cmd /c del @path"
Change the number 5 in the script above to your own retention specification and NSXBACKUPDIRECTORY to your own NSX Manager Backup directory.
PS. And of course don’t forget to backup your server where the SFTP server runs on!