Backup vCenter Server Appliance (VCSA) 6.5 Using PowerShell

A few days ago I was asked to create a  VMware vCenter Server Appliance (VCSA) version 6.5 script using PowerCli. The request was to take a daily backup and send it to a FTPS location in a separate folder per backup. I found that Brian Graf has put together VCSA backup function which was really easy to use so my backup script uses the Backup-VSAToFile function which you can get here. The function allows you to take a FullBackup or SeatBackup meaning same options as when using the VCSA UI (https://vcsa-fwdn:5480)

Grab the script below or from my GitHub Repository to get started with VCSA backups. Just remember to change the information in the “User Defined Variables Section” to match your environment.

Check out the blog post PowerShell Script To Delete Files & Folders to cleanup old backups if your backup destination allows PowerShell interaction.

# Script to backup vCenter Server Appliance
# Author: Magnus Andersson - Sr Staff Solutions Engineer @Nutanix
# Version 1.0
# Created 2017-11-15
# Kudos to Brian Graf for creating the Backup-VCSAToFile function, used in this script, which can be found here Backup-VCSAToFile Function Created By Brian Graf - https://www.brianjgraf.com/2016/11/18/vsphere-6-5-automate-vcsa-backup/
# User Defined Variables Sections Starts Here
# Specify vCenter Server, vCenter Server User name and vCenter Server Password
# Backup location
$bkpdir=get-date -uformat %Y-%m-%d
# Specify backup location user and password
# Specify backup type where Fullbackup is 1 and Seatbackup is 2
# Specify backup password - needed when performing restore
# Specify backup localtion type where you must specify HTTP, HTTPS, SCP, FTP or FTPS
# Specify Backup Comment
$Comment="vCenter Server Appliance vcsa01.vcdx56.local backup"
# User Defined Variables Sections Ends Here
# Import Module VMware.VimAutomation.Cis.Core
Import-module VMware.VimAutomation.Cis.Core
# #--------------------------------------------
# Import Backup-VCSAToFile Function
Function Backup-VCSAToFile {
    param (
        [ValidateSet('FTPS', 'HTTP', 'SCP', 'HTTPS', 'FTP')]
        $LocationType = "FTP",
        $Comment = "Backup job",
    Begin {
        if (!($global:DefaultCisServers)){ 
            [System.Windows.Forms.MessageBox]::Show("It appears you have not created a connection to the CisServer. You will now be prompted to enter your vCenter credentials to continue" , "Connect to CisServer") | out-null
            $Connection = Connect-CisServer $global:DefaultVIServer 
        } else {
            $Connection = $global:DefaultCisServers
        if ($FullBackup) {$parts = @("common","seat")}
        if ($SeatBackup) {$parts = @("seat")}
        $BackupAPI = Get-CisService com.vmware.appliance.recovery.backup.job
        $CreateSpec = $BackupAPI.Help.create.piece.CreateExample()
        $CreateSpec.parts = $parts
        $CreateSpec.backup_password = $BackupPassword
        $CreateSpec.location_type = $LocationType
        $CreateSpec.location = $Location
        $CreateSpec.location_user = $LocationUser
        $CreateSpec.location_password = $LocationPassword
        $CreateSpec.comment = $Comment
        try {
            $BackupJob = $BackupAPI.create($CreateSpec)
        catch {
            Write-Error $Error[0].exception.Message

        If ($ShowProgress){
            do {
                $BackupAPI.get("$($BackupJob.ID)") | select id, progress, state
                $progress = ($BackupAPI.get("$($BackupJob.ID)").progress)
                Write-Progress -Activity "Backing up VCSA"  -Status $BackupAPI.get("$($BackupJob.ID)").state -PercentComplete ($BackupAPI.get("$($BackupJob.ID)").progress) -CurrentOperation "$progress% Complete"
                start-sleep -seconds 5
            } until ($BackupAPI.get("$($BackupJob.ID)").progress -eq 100 -or $BackupAPI.get("$($BackupJob.ID)").state -ne "INPROGRESS")

            $BackupAPI.get("$($BackupJob.ID)") | select id, progress, state
        Else {
            $BackupJob | select id, progress, state
    End {}
# Create passwords
# Connect to vCenter Server Appliance
Connect-CisServer -Server $vcsa -User $vcsauser -Password $vcsapasswd 
# Start the backup
If ($BackupType -eq 1) {
	Backup-VCSAToFile -BackupPassword $BackupPassword -LocationType $LocationType -Location $bkpLocation -LocationUser $LocationUser -LocationPassword $locationPassword -Comment $Comment -Fullbackup -ShowProgress
	Else {
	Backup-VCSAToFile -BackupPassword $BackupPassword -LocationType $LocationType -Location $bkpLocation -LocationUser $LocationUser -LocationPassword $locationPassword -Comment $Comment -Seatbackup -ShowProgress
# Disconnect from vCenter Server Appliance
disconnect-CisServer $vcsa -confirm:$false

Heads up!

During my tests I found out that I had to use a Single Sign On (SSO) defined user in my case meaning vcsabkpuser@vsphere.local and I could not use a domain based user e.g. vcsabkpuser@vcdx56.local even if the user was added to the SSO Administrators group.

32 pings

Skip to comment form

Comments have been disabled.