vCenter

Automating File-Based Backups of vCenter Server Appliance

Did you know the vCenter Server Appliance (VCSA) has file-based backup options?

This ability was actually released in vSphere 6.5. However, there was one feature in particular that was missing: a scheduler. I’m happy to say that as part of vSphere 6.7, the VCSA received a backup scheduler!

Recently, my teammate, Emad Younis released a couple cool walkthroughs to the vSphere Central site to manage file-based backup and restore actions. Under the covers, both of these actions are served up by vSphere’s RESTful APIs and therefore PowerCLI can also be used to automate these actions! One other benefit of using the API, you don’t have to hand out the root credentials. Users with the ‘SystemConfiguration.Administrators’ permission are able to perform all of the following tasks through the API and PowerCLI!

To perform a file-based backup with PowerCLI, we’ll need to make use of the CIS module. Since the CIS module is a low-level module, let’s see a couple examples of this in action.

Create a File-Based Backup

Let’s first start with the process to perform a backup.

First step, log in to the CIS Service for the VCSA:

Next, we need to find the appropriate service to perform a backup:

File-Based Backup Example: Listing CIS Services

Based on the output, we will want the ‘com.vmware.appliance.recovery.backup.job’ service. We will store that into a variable so we can easily interact with that specific service. To see the method we are going to use, take that variable and pipe it to ‘Get-Member’.

File-Based Backup Example - Working with the CIS Service

As part of the respose, we’ll see two important items. First, the ‘create’ method which we’ll use to actually create the backup job. Second, the ‘Help’ property. We can use ‘Help’ to help us form the input for the backup job with the following command:

We can now fill in each of the parameters with information for our environment. There are a couple caveats here. First, the ‘parts’ parameter is expecting an input of an array type. Second, each of the password parameters require a special type in order to be accepted.

Finally, having input all of our information, we can create the backup job!

File-Based Backup Example: Creating Backup Job

We can combine this into a nice script as follows:

Create a Scheduled File-Based Backup

Let’s now take a look at creating a scheduled backup job with PowerCLI.

Following a similar process to the last task, we will want to use one of the services we found previously called: com.vmware.appliance.recovery.backup.schedules

This time, we see two inputs are required. First, the schedule ID. Second, the specification which is similar to the prior example. The ‘Help’ property will be quite useful to create both specifications.

Much like the prior example, this one too has some caveats. The Schedule ID input can be a string of your choosing. For reference, performing this process in the UI creates a default ID of ‘default’. The scheduling recurrence configuration can be done in many ways through the ‘days’ property. If a daily backup is desired, there’s no need for any input and it can be left ‘unset’. If a specific day/s are desired, the input has to be of an array type.

Here’s a script which can be used to create a scheduled file-based backup:

Afterwards, if you log into the VCSA Appliance Management Interface (VAMI), your backup schedule should look much like the following:
File-Based Backup Example: Creating a Backup Schedule

Summary

The ability to create file-based backups of your vCenter Server is a function that is only available to the VCSA. This function is made possible by a set of RESTful APIs which PowerCLI can also consume, with the additional benefit of not being reliant on the root account! This blog post walked through examples of creating a file-based backup job and creating a scheduled file-based backup job.

More information about VCSA file-based backup can be found on the vSphere Central site: vCenter Server Appliance 6.7 File-Based Backup

Let us know in the comments how you’re automating your VCSA backups!

Comments

15 comments have been added so far

  1. Is it possible to restrict the permissions of the user that connects to the REST API to limit the actions that the script will be allowed to do (ie only allow backup API calls on /rest/appliance/recovery/backup/*)

  2. I guess I’m wondering why you wouldn’t just use a scheduled snapshot to protect the VCSA? Can you explain this use case?

    1. Snapshots alone aren’t adequate enough protection to be considered a backup.

      Some examples:
      Snapshots have a dependency on the current storage system. If you lose the storage, you lose the VM and the snapshots too.
      Snapshots have a dependency on the current set of VMDKs. If there’s corruption at the VM disk level, you’ll also lose the VM and the snapshots too.
      Snapshots log changes to the disk and therefore have an impact on performance, especially if you keep them for long periods of time or maintain multiple snapshots.
      Snapshots lock certain changes to a VM, example: disk size. If you have a VM with an active snapshot, you can’t increase any disk space for that VM.

  3. i am getting this error when I execute the script. I used administrator@vsphere.local account to connect to vcsa Please help.

    A server error occurred: ‘com.vmware.vapi.std.errors.unauthorized’: Unable to
    authorize user (Server error id: ‘vapi.security.authorization.invalid’). Check
    $Error[0].Exception.ServerError for more details.
    At D:\vmware\vcsa\vcsabackup\backupjob.ps1:22 char:1
    + $backupJobSvc.create($backupSpec)
    + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo : OperationStopped: (:) [], CisServerException
    + FullyQualifiedErrorId : VMware.VimAutomation.Cis.Core.Types.V1.CisServer
    Exception

  4. hi.

    i also have the below since upgrades:-

    A server error occurred: ‘com.vmware.vapi.std.errors.unauthorized’: Unable to
    authorize user (Server error id: ‘vapi.security.authorization.invalid’).

    any fixes?

    1. There’s two options:
      Option 1 – Update
      The most recent update of vSphere 6.5 and vSphere 6.7 Update 1 both have the update to correct this issue.

      Option 2 – Workaround
      Restart the applmgmt service and try again: service-control –stop applmgmt, service-control –start applmgmt
      Restart the vAPI endpoint service and try again: service-control –stop vmware-vapi-endpoint, service-control –start vmware-vapi-endpoint
      Restart the VCSA and try again

  5. C:\Windows\system32> $backupSpec.parts = @(“common”)
    $backupSpec.location_type = “FTP”
    The property ‘parts’ cannot be found on this object. Verify that the property exists and can be set.
    At line:1 char:1
    + $backupSpec.parts = @(“common”)
    + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo : InvalidOperation: (:) [], RuntimeException
    + FullyQualifiedErrorId : PropertyAssignmentException

    The property ‘location_type’ cannot be found on this object. Verify that the property exists and can be set.
    At line:2 char:1
    + $backupSpec.location_type = “FTP”
    + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo : InvalidOperation: (:) [], RuntimeException
    + FullyQualifiedErrorId : PropertyAssignmentException

    1. I’ve the same problem:
      C:\Windows\system32> $backupSpec.parts = @(“common”)
      $backupSpec.location_type = “FTP”
      The property ‘parts’ cannot be found on this object. Verify that the property exists and can be set.
      At line:1 char:1
      + $backupSpec.parts = @(“common”)
      + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
      + CategoryInfo : InvalidOperation: (:) [], RuntimeException
      + FullyQualifiedErrorId : PropertyAssignmentException

      The property ‘location_type’ cannot be found on this object. Verify that the property exists and can be set.
      At line:2 char:1
      + $backupSpec.location_type = “FTP”
      + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
      + CategoryInfo : InvalidOperation: (:) [], RuntimeException
      + FullyQualifiedErrorId : PropertyAssignmentException

      Any idea how to fix it?

  6. Thats all stuff can be done over appliance management portal (Port 5480) but concern is with Backup job status. We still have to check manually for all backup jobs status on daily basis. Making corn jobs are not authentic way and is just work around to send email alerts on every successful backup. I can see in Vcenter 7.0 which is showing the last file backup date and time but not sure how to get it via command.

    Seeking for a solution to get the last file backup job status. This way we can setup a daily alert over email or SNMP so that whenever any job get failed will send alerts.

Leave a Reply

Your email address will not be published. Required fields are marked *