Consistent backups are an important part of any disaster recovery strategy, as they help ensure data recoverability...
in the event of a failure or accidental data deletion. In early versions of vSphere, it was a pain to back up vCenter Server and required more effort than it should. Nowadays, vCenter backup and recovery are easier to use; however, it's still a highly manual process when used out of the box. The best workaround is to automate the backup process. In this article, we'll look at how to do exactly that for vCenter Server Appliance versions 6.5 and above, as well as how to export data.
If you only need to do a quick backup, the best method is to log in to vCSA directly. Notice the backup link in the cluster of buttons in the top right-hand corner of Figure A.
Beyond that, the out-of-the-box -- or, rather, downloadable -- vCenter backup script is simple and lacks the ability to automatically move the backup off the server. If vCSA is corrupted, you'll lose the backup as well and will need to manually purge the older files. To resolve this issue, I use a more advanced backup script developed by VMware's support team. So far as I'm aware, it should be available upon request.
How to automate a backup
To automate a vCenter backup, first, copy and paste the backup script into Notepad or another text editor and save it as "backup.sh" on your local PC. The file's extension needs to be .sh in order to work when transferred to vCSA. The script has several options that you need to fill in, including the following:
Fill in the script with vCenter details and access details to a local File Transfer Protocol (FTP) server that you can use. Next, copy the backup script file to the vCenter host.
If you're using a Windows machine, you can use the WinSCP program -- or session control protocol on a Mac -- to copy the file to the server. You need to place it in a good location; I recommend /usr/. You can also copy and paste the file directly, if you so desire, but proceed with caution.
At this point, you need to make the script executable. Use PuTTY to log in to vCenter as the root user. In vCenter Server 6.5, the user must enable shell by typing shell. However, depending on your configuration/setup, this isn't always necessary. If you used /usr/, like I did, navigate to the directory, and make the file executable with the following command:
chmod +x /usr/backup.sh
At this point, you can use the command shown below to run the script and make sure that everything works as expected:
You should see something similar to Figure B. If all goes according to plan, you can now use crontab to run the backup script at a specific time.
You now have a successful vCenter backup. If you encounter any errors, take a look at the backup.log, which can be found in the same folder as the batch file.
Run backup as a separate user
There's only one problem: It's a security and audit risk to run the system as root. For this reason, I recommend that you run the backup as a separate user. To do so, simply exit out of the Secure Shell client and reconnect. Rather than type shell to gain access to the shell, enter the following command -- note that I assume the user will be called "backupuser" and that there are double dashes for the switches:
localaccounts.user.add --role operator --username backupuser –password
This command will prompt you to enter a password to complete the new user addition. You'll need to make a few modifications before you can use an alternative user. Once you've made these modifications, type shell again to get back into the Bash shell.
There's a service in vCSA called cron that schedules all tasks on behalf of the administrator, including running this script. By default, only the root user has the ability to use cron. Enter the following command to add a new backupuser account, and enable them to execute tasks with cron:
echo "backupuser" >>/etc/crontab.allow
Once you've added the user to the crontab, set up the backup script to run automatically with the crontab command. As the root user, you can edit the cron file for the backupuser by using the -u flag to specify which user to modify.
crontab -u backupuser -e
This opens the cron editor for the current user. To enable interactive mode, add the following by pressing the "I" key.
30 11 * * * ./usr/backup.sh
Type ":" followed by "wq" -- for "write quit" -- and hit Enter to exit and save changes. Use crontab –l to show the crontab and ensure the cron entry looks correct. Finally, test the cron job to make sure it works as expected, at the time you specified. The end result should be a backup file on your FTP server. For security purposes, you shouldn't use root to run the script; using a different user also makes auditing easier.
The whole script should now work automatically. Don't forget to test your backups periodically to make sure they can be properly restored; an untested vCenter backup is an accident waiting to happen.