Loading...

We've detected that your browser language is Chinese. Would you like to visit our Chinese website? [ Dismiss ]
By: Dylan

 What is vCenter File-Based Backup?

vCenter file-based backup is the native backup mechanism built into the VMware vCenter Server Appliance (VCSA). It backs up the appliance’s core configuration inventory and historical data to a remote location using supported protocols such as SFTP, SMB, FTPS, HTTPS, FTP.

The feature is managed through the VAMI interface on port 5480 and supports scheduled or on-demand backups to remote repositories. For many VMware administrators, this is the fastest way to protect critical vCenter configuration data before a VMware migration, upgrade, or infrastructure maintenance.

What Does vCenter File-Based Backup Actually Protect?

vCenter file-based backup is designed for recovering the vCenter Server Appliance itself, not for protecting production virtual machines. Below table tell what the backup includes and not includes.

Include

Not Include

vCenter configuration

VMware virtual machine data

Inventory

Guest OS files

Roles & permissions

Application-aware backup

Historical data

Granular VM restore

Tasks/events/statistics

Instant VM recovery

So, in this guide, we will walk you through all the configuration and steps for the vCenter Server appliance file-based backup step by step.

How to perform a file-based backup of the vCenter Server

VMware vCenter Server supports three backup methods for protecting the vCenter Server Appliance: configuring scheduled backups, performing manual backups, and automating backups with scripts. Below, we’ll walk through each method step by step.

Method 1. Configure Schedule Backup:

Step 1. Open https://<vcenter-ip>:5480. And log in to the VAMI (vCenter Appliance Management Interface) as root.

Step 2. On the left menu, click “Backup” > “Configure”.

open vCenter file-based backup

Step 3. Configure a backup task as follows:

  • Backup Location: For SMB, use \\server\share\folder. For NFS, the server IP and export path. For SCP/SFTP, hostname:port/folder.
  • Credentials: Enter a username and password. For SSH‑based protocols, key‑based authentication is not supported through the VAMI UI; you must use password auth. If you need key‑only access, switch to CLI automation.
  • Schedule: Configure how often and when the backup should be performed
  • Encryption backup (optional): Set a password to encrypt the backup archive at rest. This password will be required during restore.
  • Number of backups to retain: Choose to retain all backups or select a number of vCenter server backups that will be restored to the backup location.

create schedule vCenter backup

Step 4. Click “Create” to commit the backup creation wizard.

Now you can view the backup task under the Backup Schedule, and you can “Edit”, “Disable” or “Delete” the backup.

And after backup, the backup information will be displayed in the “Activity” section.

Method 2. Perform Manual Backup:

Step 1. In the VAMI (https://<vcenter-fqdn>:5480), log in as root and click “Backup” in the left panel.

Step 2. A dialog box will be opened. Choose between “Use backup location and user name from backup schedule” or “Enter a backup location and user name”.

Note:

  • Use backup location and username from backup schedule: this will run a backup using the protocol server, path, and credentials already defined in your active schedule.
  • Enter a backup location and user name: This will require you to enter new settings and run a manual backup. You might use this when having an upgrade, using a one-off FTP/SCP server temporarily, or test a new target server before committing it to the schedule.

    Step 3. Select backup protocol, repository path, provide credentials, and choose optional data sets.

    Step 4. Click “Start” to run the backup task.

    Method 3. Automating and scripting vCenter Backups (CLI Method)

    The VAMI schedule is simple, but it can’t run more than once a day or tie into external orchestration. The VCSA includes a command‑line utility called dcli that can script backup jobs. You can invoke it directly from the appliance shell or via remote automation.

    Example script to perform an SFTP backup with a timestamped directory and send an email on failure:

    #!/bin/bash
BACKUP_LOCATION="sftp://backup-server.example.com/backups/vcenter/$(date +%Y%m%d_%H%M)"
BACKUP_USER="vcbackup"
BACKUP_PASS="yourpassword"
LOG="/var/log/vcbackup.log"
    
/usr/bin/dcli com vmware appliance recovery backup job create \
  --location-type SFTP \
      --location "$BACKUP_LOCATION" \
  --location-user "$BACKUP_USER" \
      --location-password "$BACKUP_PASS" \
  +username administrator@vsphere.local \
      +password "VC_ADMIN_PASSWORD" \
  > $LOG 2>&1
    
if [ $? -ne 0 ]; then
 echo "vCenter backup failed. Check $LOG" | mail -s "Backup Failure" admin@example.com
fi
    Important: The +username and +password parameters are the vCenter SSO administrator credentials, not the backup storage credentials. The backup storage user/password are supplied via –location-user and –location-password. If the backup storage server requires key‑based authentication, you must pre‑configure SSH keys on the VCSA.

    Deploy this script via a cron job inside the VCSA (edit /etc/cron.d/ or use systemd timers on Photon OS). Restrict permissions on any script containing passwords.

    For SCP, replace SFTP with SCP in the location type. Both protocols use port 22 by default.

    How to Restore vCenter Server from File-based Backup

    Restoration is a two‑stage process that requires a fresh VCSA deployment. Here are the detailed steps.

    Prerequisites Before Restoring vCenter from file-based Backup:✎…
    You will need to deploy the same vCenter version and build number as the backup
    The new appliance should have the same FQDN and IP (or you will need to edit network config post‑restore).
    The backup file need to be accessible from the new VCSA via the same protocol used during backup.
    If an encryption password was set during backup, you will need it during restore.

    Stage 1: Deploy new vCenter Server appliance

    Step 1. Mount the vCenter Server Appliance ISO and start the installation. Click “Restore

    click restore vCenter Server Appliance Installer

    Step 2. Click the “Next” button when you see the Introduction page.

    Step 3. Accept the license agreement and click “Next”.

    Step 4. Enter the backup details: “Location or IP/hostname”, “User name”, and “Password” and click “Next”.

    Enter-backup-details-restore-backup-vcenter

    Step 5. The Browse Files wizard will be launched. It allows you to view and select any available backup files. Select what you want to restore and “Select”.

    Step 6. Review the backup information and specify the appliance deployment target settings.

    Step 7. Follow the prompts to “select folder” and “Select compute resource”, “set up target appliance VM”, “select deployment size”, “Select datastore”, “Configure network settings”.

    Step 8. Review the settings and click “Finish”.

    finish restore vCenter restore file-based backup

    Wait for the whole to get finished, when you see “You have successfully deployed the vCenter Server” click the “Continue” button.

    continue restore file based backup

    Provide the backup location and credentials. The installer validates the backup’s integrity and pulls in the configuration.

    Stage 2: Restore backup to new vCenter Appliance.

    Step 1. On the introduction page, click “Next”.

    Step 2. Check Backup details and click “Next”.

    Step 3. In the Single Sign-On configuration page, enter single Sign-on user name and password and click “Next”.

    single sign-on configuration restore vCenter appliance

    Step 3. Review the settings and click “FINISH”. You may get a warning that you can’t parse or stop the restore from completing. Click “OK” to continue.

    Is File-Based Backup enough for VMware Security?

    Native file-based backup is an important part of VMware infrastructure protection because it enables recovery of the vCenter Server Appliance configuration and inventory. However, it should not be considered a complete VMware backup strategy for production environments because it does not protect VM workloads, applications, or ransomware recovery scenarios.

    In production environments, organizations usually combine native VCSA file-based backup with dedicated VMware backup software to achieve complete infrastructure protection. For example, the enterprise backup platform – i2Backup. This is an image-level VMware backup solution provided by Information2 Software (Info2soft).

    i2Backup provides:

    • Incremental backups with changed block tracking, so only data that has changed since the last backup moves across the network.
    • Agentless Backup: It allows you to back up all virtual machines easily without installing any agent on the guest VM.
    • Instant VM recovery, which mounts a VM directly from the backup repository and runs it while the full restore processes in the background—useful when RTO is measured in minutes.
    • Role-based Access Control: Offers a security model that restricts system access to authorized users based on their assigned roles within an organization
    • Immutable backup copies, meaning that once data is written, it cannot be altered or deleted by ransomware that compromises the production side.

    You can click the button below to get a 60-day free trial:

    FREE Trial for 60-Day

    Troubleshooting the 6 Most Common Backup Failures

    1. “Unable to connect to the remote server”

    This is the catch‑all error. From the VCSA shell (ssh root@vcenter), manually test connectivity:

    • For SCP/SFTP: sftp -P <port> <user>@<server> and try to put a test file.
    • For SMB: smbclient -U <user> //server/share -c ‘ls’
      Often the issue is a firewall, DNS resolution failure, or the service not listening on the expected interface. Also verify that the remote server is not enforcing key‑only authentication.

    2. Access denied on SMB shares

      SMB shares require that the VCSA’s credentials have both share‑level and filesystem (NTFS) write permissions. The appliance negotiates SMB 2.0 or 3.0; older Samba servers that only speak SMB 1.0 will silently fail. Force SMB 3.0 on the target if possible.

      3. Backup stops due to disk space

      File‑based backups can be large, especially with historical data. The remote filesystem may have quotas or limited free space. Ensure the target has at least 1.5 times the estimated size (VAMI provides an approximate size during test). For very large inventories, historical data can push the backup beyond 20 GB.

      4. Scheduled backup runs but produces no files

      Check that the vCenter appliance’s time is synchronised (NTP). A clock skew >5 minutes can cause the scheduler to skip because the job appears “in the past.” Also, verify the backup job isn’t silently failing and leaving a stale lock file on the target.

      5. Backup file appears corrupted during restore

      Transfers over unencrypted protocols can be interrupted without detection. Always use FTPS, SCP, SFTP, or HTTPS if the backup travels across any switch. To validate a backup bundle, perform a test-restore in an isolated sandbox—there is no standalone validation utility.

      6. File-based backup of the vCenter Server has not been created

      This VAMI message appears when a scheduled backup job silently fails to start, leaving no backup file on the target. Manual backups often still succeed, which is a clue that the schedule engine itself is at fault. Three root causes account for most occurrences:

      • Expired applmgmt service account password. The internal Single Sign‑On principal vmware-applmgmtservice has a 90‑day password policy. A known defect in vCenter 8.0 builds prior to Update 3h prevents the scheduler from resetting this expired password automatically, causing scheduled jobs to fail authentication while manual backups—which use a different code path—work normally. Restarting the Appliance Management Service from the VAMI Services tab or via service-control –restart applmgmt from the shell forces a password reset and allows the next scheduled run to proceed. Upgrading to 8.0 U3h or later provides a permanent fix.
      • Stale or incompatible metadata after a vCenter upgrade. If a pre‑upgrade backup left behind a backup-metadata.json file that records a different vCenter build number, the scheduler may refuse to initialize a new backup chain because it perceives a version mismatch. Manual backups bypass this validation step. Renaming or deleting the stale metadata file on the backup server forces the scheduler to create a fresh index on its next run.
      • Credentials changed on the backup server. If the storage target password was rotated and the VAMI schedule still holds the old credentials, scheduled jobs fail while manual runs may appear to work if a different, updated set of credentials is entered interactively. Update the stored credentials in the VAMI schedule and run a manual backup to confirm the fix.

      If none of these apply, examine the scheduler log directly from the VCSA shell:

      grep -i "error\|fail" /var/log/vmware/applmgmt/backupScheduler.log | tail -20

      This will surface the specific fault that prevented the backup from being created.

      FAQ about backup vCenter Appliance backup

      1. Question: What does a vCenter file-based backup include?

      Answer: Answer describing inventory, configuration, historical data, certificates, and what is excluded.

      2. Question: Can I restore individual VMs from a file-based backup?

      Answer: No. File‑based backup restores the entire vCenter Server configuration and inventory in an all‑or‑nothing operation. It does not back up virtual machine data (VMDK files, VM configuration), so you cannot recover individual VMs or their files from it. To protect VMs themselves, you need image‑based backup solution like Info2soft’s i2Backup.

      3. Which protocol should I use for vCenter file-based backup?

      For production environments, choose an encrypted protocol. SCP is the built‑in SSH‑based option in vSphere 8.0, while SFTP (also SSH‑based) is available from vSphere 7.0 and becomes the standard in later versions.

      Both encrypt credentials and data in transit, and run on port 22. FTPS with explicit TLS is a secure alternative if you already have an FTP infrastructure, but note that only explicit mode is supported.

      HTTPS can work if the web server has WebDAV enabled and uses trusted certificates. Avoid plain FTP and HTTP entirely.

      For Windows shops that must use SMB, ensure SMB 3.0 encryption is enabled. NFS is fast on trusted networks but offers no transport encryption, so restrict it to isolated management LANs.

      4. Is vCenter file-based backup deprecated?

      Clarification that it remains supported in vSphere 8.x alongside image‑based backup.

      5. When to Use File-Based Backup vs. Image-Based Backup

      File‑based backup:

      • Small environments (up to about 50 hosts) where the vCenter inventory changes slowly and a nightly backup is good enough.
      • Test and lab deployments where you want to snapshot the configuration before making risky changes.
      • Pre‑patch safety net: Take a file‑based backup immediately before upgrading vCenter, so you can roll back the appliance if the upgrade breaks.
      • Migration aid: Moving a vCenter to new hardware? A file‑based backup lets you restore the same identity onto a fresh VCSA.

      For anything beyond that, consider image‑based backup. vSphere 7 Update 3 and later introduced native vCenter image‑based backup.

       Image‑based backup:

      • Captures the entire VCSA VM, including the OS, PostgreSQL database, and all data, at a storage level.
      • Offers much faster restore times (no VCSA redeployment needed).
      • Can be replicated off‑site using your backup infrastructure.
      • Is better suited for RPOs under 24 hours.

      If you have a standard VMware‑aware backup product (Veeam, Commvault, Rubrik, etc.), image‑based backup is usually the preferred path. The file‑based method is a built‑in, zero‑cost option for those without such tools, or as a secondary “configuration only” backup in addition to image‑level protection.

      Conclusion

      vCenter file-based backup is a reliable way to protect critical vCenter configuration and management data. It is especially useful for upgrade preparation, operational recovery, and restoring the VMware management plane after failures.

      However, it does not protect VMware workloads or provide broader disaster recovery capabilities. For production environments, many organizations combine native VCSA backup with a dedicated VMware backup solution like i2Backup to improve workload protection, ransomware resilience, and recovery flexibility. Besides VMware, i2Backup also supports other VM platforms, you can use it to backup Hyper-V, OpenStack, ZStack, etc.

      Dylan
      Dylan is a data protection specialist and a senior content writer at Information2 with more than 6 years of experience. His passion for writing and sharing data protection solutions such as data backup, replication, high availability and other technology information.

      More Related Articles

      Top 6 VMware Cloud Backup Solutions and Strategies
      VMware cloud backup now is important for ransomware protection, disaster recovery. Read in this article, we will introduce 6 most common VMware Cloud backup solutions and help you find the best one fit your environment.
      Read Article
      Hyper-V vs VMware: Which Is Better in 2026?
      This guide compares VMware vSphere and Microsoft Hyper-V from architecture, performance, ecosystem, cost, and operational perspectives. Learn the key differences between VMware and Hyper-V, understand desktop vs enterprise virtualization, and discover how businesses are adopting hybrid virtualization strategies to reduce infrastructure costs in 2026.
      Read Article
      How to Fix VMware Tools Error 21009 | 10 Proven Fixes
      VMware Tools Error 21009 is a common failure that halts VMware Tools upgrades or installation. This guide breaks down 10 actionable, step-by-step fixes for the vmware tools vix error 21009 in Windows and Linux.
      Read Article
      [5 Ways] How to Fix vCenter “No Healthy Upstream” 503 Error
      Encountering the vCenter "503 No healthy upstream" error? This technical guide breaks down the top five root causes—from certificate expiration to disk exhaustion—and provides a step-by-step CLI roadmap to restore your vSphere services and resolve the vCenter no healthy upstream issue.
      Read Article
      Table of Contents:
      Stay Updated on Latest Tips
      Subscribe to our newsletter for the latest insights, news, exclusive content. You can unsubscribe at any time.
      Subscribe
      Ready to Enhance Business Data Security?
      Start a 60-day free trial or view demo to see how Info2soft protects enterprise data.
      Free Trial Contact Sales
      Table of Contents:
      Subscribe to Our Newsletter
      Subscribe
      {{ country.name }}
      Please fill out the form and submit it, our customer service representative will contact you soon.
      By submitting this form, I confirm that I have read and agree to the Privacy Notice.
      {{ isSubmitting ? 'Submitting...' : 'Submit' }}