NSX has a lot of moving parts, and a lot of time and effort goes into its configuration, so fortunately it also makes it easy to backup and restore that configuration. I’ll look at how to backup NSX Manager, Service Composer, Distributed Firewall rules and the distributed vSwitch in this post.
I’ll start by looking at NSX Manager.
Backup and Restore NSX Manager Data
NSX Manager holds a lot of important configuration data, so should always be backed up. Fortunately, there is a built in option available to allow for scheduled backups. Rather than logging in through the vSphere Web Client, this option is available by logging directly in to the web interface of the NSX Manager:
From here you can configure where to send backups (via FTP, or SFTP):
Once the connectivity/backup locations are set then you can run a manual backup by clicking the ‘Backup’ Button. You can also schedule backups using the schedule settings. These can be Weekly, Daily or Hourly:
The last thing you can configure here are the exclusions. You can choose to exclude certain logs from the backup file:
To restore a configuration, simply select relevant backup from the backups history table and then click the ‘Restore’ button. You’ll be prompted for confirmation, and warned that the NSX Manager appliance will need to restart.
Backup and Restore Service Composer Configuration
After configuring security policies in service composer (link to service composer article), you should back them up. This is done through the vSphere Web Client, by going to ‘Networks and Security’ and then ‘Service Composer’:
On the ‘Actions’ menu, click ‘Export Configuration’. You ‘ll first be prompted to name the export:
Next, select the policies that you want to export:
On the next screen, click Finish – you’ll then be prompted to save the export.
To import a previously exported configuration, click the ‘Import Configuration’ button:
Export and Import Distributed Firewall Settings/Rules
If you make use of the distributed firewall to protect your virtual machines and NSX environment, then you will want to backup it’s configuration. To do so, head over to ‘Networking and Security’ in the vSphere Web Client, then select ‘Firewall’:
Once there, click the ‘Export Configuration’ button, highlighted above, to create an export of the current distributed firewall configuration. There will be a prompt to download the firewall configuration:
Click download, then specify a location to save the file to. To restore a configuration, go to the ‘Saved Configurations’ tab, and select Import, then select the previously created export:
Once the export is available in the ‘Saved Configurations’ list, then it can be loaded using the ‘Load Configuration’ button:
Select the export from the list, then click OK. There will be a prompt to confirm the import:
Once done, the changes will need to be published.
Export and Restore dvSwitch Configuration
dvSwitches play a big part in an NSX environment, as they are required to create transport zones. dvSwitches can now be backed up through the vSphere Web Client. To do so, head to the ‘Networking’ page, then select the dvSwitch you wish to back up. Then, on the actions menu, select ‘Export Configuration’:
You’ll then be prompted to export the switch and port groups or just the switch:
Click OK, then save the export file. To restore a dvSwitch configuration, right click the dvSwitch (create a new one if necessary), and click the ‘Restore Configuration’ menu item.