Did you know the vCenter Server Appliance (VCSA) has file-based backup options?
This ability was actually released in vSphere 6.5. However, there was one feature in particular that was missing: a scheduler. I’m happy to say that as part of vSphere 6.7, the VCSA received a backup scheduler!
Recently, my teammate, Emad Younis released a couple cool walkthroughs to the vSphere Central site to manage file-based backup and restore actions. Under the covers, both of these actions are served up by vSphere’s RESTful APIs and therefore PowerCLI can also be used to automate these actions! One other benefit of using the API, you don’t have to hand out the root credentials. Users with the ‘SystemConfiguration.Administrators’ permission are able to perform all of the following tasks through the API and PowerCLI!
To perform a file-based backup with PowerCLI, we’ll need to make use of the CIS module. Since the CIS module is a low-level module, let’s see a couple examples of this in action.
Create a File-Based Backup
Let’s first start with the process to perform a backup.
First step, log in to the CIS Service for the VCSA:
|
1 |
Connect-CisServer -Server vcsa01.corp.local |
Next, we need to find the appropriate service to perform a backup:
|
1 |
Get-CisService -Name *backup* |
Based on the output, we will want the ‘com.vmware.appliance.recovery.backup.job’ service. We will store that into a variable so we can easily interact with that specific service. To see the method we are going to use, take that variable and pipe it to ‘Get-Member’.
|
1 2 |
$backupJobSvc = Get-CisService -Name com.vmware.appliance.recovery.backup.job $backupJobSvc | Get-Member |
As part of the respose, we’ll see two important items. First, the ‘create’ method which we’ll use to actually create the backup job. Second, the ‘Help’ property. We can use ‘Help’ to help us form the input for the backup job with the following command:
|
1 |
$backupJobSvc.Help.create.piece |
We can now fill in each of the parameters with information for our environment. There are a couple caveats here. First, the ‘parts’ parameter is expecting an input of an array type. Second, each of the password parameters require a special type in order to be accepted.
|
1 2 3 4 5 6 |
$backupSpec.parts = @("common") $backupSpec.location_type = "FTP" $backupSpec.location = "ftp01.corp.local" $backupSpec.location_user = "backup" [VMware.VimAutomation.Cis.Core.Types.V1.Secret]$backupSpec.location_password = "VMware1!" $backupSpec.comment = "PowerCLI Backup Job" |
Finally, having input all of our information, we can create the backup job!
|
1 |
$backupJob = $backupJobSvc.create($backupSpec) |
We can combine this into a nice script as follows:
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 |
# Login to the CIS Service of the desired VCSA Connect-CisServer -Server vcsa01.corp.local # Store the Backup Job Service into a variable $backupJobSvc = Get-CisService -Name com.vmware.appliance.recovery.backup.job # Create a specification based on the Help response $backupSpec = $backupJobSvc.Help.create.piece.CreateExample() # Fill in each input parameter, as needed $backupSpec.parts = @("common") $backupSpec.location_type = "FTP" $backupSpec.location = "ftp01.corp.local" $backupSpec.location_user = "backup" [VMware.VimAutomation.Cis.Core.Types.V1.Secret]$backupSpec.location_password = "VMware1!" $backupSpec.comment = "PowerCLI Backup Job" # Create the backup job $backupJobSvc.create($backupSpec) |
Create a Scheduled File-Based Backup
Let’s now take a look at creating a scheduled backup job with PowerCLI.
Following a similar process to the last task, we will want to use one of the services we found previously called: com.vmware.appliance.recovery.backup.schedules
This time, we see two inputs are required. First, the schedule ID. Second, the specification which is similar to the prior example. The ‘Help’ property will be quite useful to create both specifications.
Much like the prior example, this one too has some caveats. The Schedule ID input can be a string of your choosing. For reference, performing this process in the UI creates a default ID of ‘default’. The scheduling recurrence configuration can be done in many ways through the ‘days’ property. If a daily backup is desired, there’s no need for any input and it can be left ‘unset’. If a specific day/s are desired, the input has to be of an array type.
Here’s a script which can be used to create a scheduled file-based backup:
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 |
# Store the Backup Job Service into a variable $backupSchedSvc = Get-CisService -Name com.vmware.appliance.recovery.backup.schedules # Create a Schedule ID specification based on the Help response $schedSpec = $backupSchedSvc.Help.create.schedule.Create() $schedSpec = 'weekly' # Create a specification based on the Help response $backupSchedSpec = $backupSchedSvc.Help.create.spec.Create() $backupSchedSpec.parts = @("common") $backupSchedSpec.location = "ftp://ftp01.corp.local" $backupSchedSpec.location_user = "backup" [VMware.VimAutomation.Cis.Core.Types.V1.Secret]$backupSchedSpec.location_password = "VMware1!" $backupSchedSpec.enable = $true $recurSpec = $backupSchedSvc.Help.create.spec.recurrence_info.Create() $recurSpec.days = @("Sunday") $recurSpec.minute = '59' $recurSpec.hour = '23' $backupSchedSpec.recurrence_info = $recurSpec $retentSpec = $backupschedsvc.help.create.spec.retention_info.Create() $retentSpec.max_count = '5' $backupSchedSpec.retention_info = $retentSpec # Create the backup job $backupSchedSvc.create($schedSpec, $backupSchedSpec) |
Afterwards, if you log into the VCSA Appliance Management Interface (VAMI), your backup schedule should look much like the following:
Summary
The ability to create file-based backups of your vCenter Server is a function that is only available to the VCSA. This function is made possible by a set of RESTful APIs which PowerCLI can also consume, with the additional benefit of not being reliant on the root account! This blog post walked through examples of creating a file-based backup job and creating a scheduled file-based backup job.
More information about VCSA file-based backup can be found on the vSphere Central site: vCenter Server Appliance 6.7 File-Based Backup
Let us know in the comments how you’re automating your VCSA backups!
Pingback: Automating File-Based Backups of vCenter Server Appliance – VMPRO.AT – all about virtualization
Check it out all details login information fidn out here.
Check it out all customer survey details online from here.
Will the scheduler by added to VCSA 6.5?
Is it possible to restrict the permissions of the user that connects to the REST API to limit the actions that the script will be allowed to do (ie only allow backup API calls on /rest/appliance/recovery/backup/*)
I guess I’m wondering why you wouldn’t just use a scheduled snapshot to protect the VCSA? Can you explain this use case?
Snapshots alone aren’t adequate enough protection to be considered a backup.
Some examples:
Snapshots have a dependency on the current storage system. If you lose the storage, you lose the VM and the snapshots too.
Snapshots have a dependency on the current set of VMDKs. If there’s corruption at the VM disk level, you’ll also lose the VM and the snapshots too.
Snapshots log changes to the disk and therefore have an impact on performance, especially if you keep them for long periods of time or maintain multiple snapshots.
Snapshots lock certain changes to a VM, example: disk size. If you have a VM with an active snapshot, you can’t increase any disk space for that VM.
really help in taking VCSA backup
i am getting this error when I execute the script. I used administrator@vsphere.local account to connect to vcsa Please help.
A server error occurred: ‘com.vmware.vapi.std.errors.unauthorized’: Unable to
authorize user (Server error id: ‘vapi.security.authorization.invalid’). Check
$Error[0].Exception.ServerError for more details.
At D:\vmware\vcsa\vcsabackup\backupjob.ps1:22 char:1
+ $backupJobSvc.create($backupSpec)
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : OperationStopped: (:) [], CisServerException
+ FullyQualifiedErrorId : VMware.VimAutomation.Cis.Core.Types.V1.CisServer
Exception
Hello Kyle ,
please is this script can be used to backup the vcsa with external PSC ?
Yes, this can be used against PSCs and VCSAs.
hi.
i also have the below since upgrades:-
A server error occurred: ‘com.vmware.vapi.std.errors.unauthorized’: Unable to
authorize user (Server error id: ‘vapi.security.authorization.invalid’).
any fixes?
There’s two options:
Option 1 – Update
The most recent update of vSphere 6.5 and vSphere 6.7 Update 1 both have the update to correct this issue.
Option 2 – Workaround
Restart the applmgmt service and try again: service-control –stop applmgmt, service-control –start applmgmt
Restart the vAPI endpoint service and try again: service-control –stop vmware-vapi-endpoint, service-control –start vmware-vapi-endpoint
Restart the VCSA and try again