Monday, December 21, 2015

NSX Manager Backup and Restore

One of the many advantages, often overlooked, that Software Defined Networks (SDN) have over traditional physical networks is this one: the number of “entities” you need to backup and restore is substantially smaller. The obvious use case for this advantage is during Disaster and Recovery, DR, events.  Another use case is restoring from a failed, and pre-approved of course, change.

In the DC, you may have hundreds of network entities, each with its own set of configuration, which would need to be backed up. You would spend lots of time to back….Who am I kidding? If you are reading this chances are pretty high that you are aware of the challenges of backing up all the devices in your DC. If you don’t, take my word for it when I tell you that it is time-consuming with room for human errors (I am guilty as charge of this last one).

With NSX for vSphere, all of the SDN configuration is stored in two places: NSX Manager and it’s paired vCenter; more specifically, the vSphere Distributed Switches that are backing logical switches in NSX. In this post I will quickly walk you thru the steps to backup NSX Manager and the steps to restore those configs.

Elver’s Opinion: You should backup vCenter’s DB, not just the vDS. For one, NSX Manager references host clusters by their MOID.
To backup NSX Manager follow these steps:

  1. Log into NSX Manager's home page @ https://NSX_MANAGER_FQDN_Or_IP/
  2. Click Manage Appliance Settings --> Backup & Restore.
  3. Add the FTP information. The Username and Password must match at the FTP server (you may also chose to use SFTP). You also need FTP rights to write files. The Pass Phrase secures the backup (you'll need it later to restore NSX Manager).
  4. Feel free to schedule these backups and to exclude non-config stuff like events and logs.
  5. Click Backup, then Start and you are done.       




You will see the backup file listed under Backup history. You may also go to your FTP server and confirm you have the file. The file name format will include the Filename Prefix, the date and time the file was created. This backup includes all NSX Manager configurations, vCenter association and certificates.

Let’s pretend that you need to fallback a change and need to restore the NSX Manager’s config. From the Backup and Restore window, select the backup file you want to restore, and click yes in the Restore from Backup window. You will be logout from NSX Manager.

Log back in to NSX Manager at any time. There will be no progress bar on how the restore is going but it will take about 5 minutes or so before you see this blue strip, with the text System restore completed in the Summary page.



IF you somehow blew NSX Manager out of the water (hey, it happens) and you didn’t backup a copy of the appliance, you may deploy a new NSX Manager appliance using the same NSX version number and whatever management IP you want. You must configure the FTP Server Settings exactly as you had them in the NSX Manager that you lost (except for the username, password and backup directory – those only matter to the (S)FTP Server). DO NOT configure anything else in the new NSX Manager before doing the config restore.

After you enter the FTP Settings, NSX Manager will query the FTP Server and show in the Backup History all configurations that have the Filename Prefix and protected with the Pass Phrase. Then just do a restore as mentioned above. Once the restore is completed, the NSX Manager will have the same configuration, including vCenter association and IP address, as the old (rest in peace) NSX Manager.

.elver

6 comments:

  1. when we deploy a new NSX manager appliance to restore, does the new NSX manager can work with the existing NSX controllers or we need to re-deploy NSX controller ?

    ReplyDelete
    Replies
    1. When you restore the backup, the "new" nsx mgr becomes the "old" nsx mgr; no need to redeploy controllers, edges, dlr, etc...

      Delete
    2. Thank you very much for your confirmation!

      Delete
  2. Thank you so much for the info.
    You're the only one who listed the time to restore estimate.

    ReplyDelete