This is part 13 of 20+ blogs I am writing covering the exam prep guide for the VMware Certified Advanced Professional 6 – Network Virtualisation Deployment (3V0-643)  VCAP6-NV certification.

At the time of writing there is no VCAP Design exam stream, thus you’re automatically granted the new VMware Certified Implementation Expert 6 – Network Virtualisation (VCIX6-NV) certification by successfully passing the VCAP6-NV Deploy exam.

Previous blogs in this series:

Part 1 – Intro
Part 2 – Objective 1.1
Part 3 – Objective 1.2
Part 4 – Objective 1.3
Part 5 – Objective 2.1
Part 6 – Objective 2.2
Part 7 – Objective 2.3
Part 8 – Objective 3.1
Part 9A – Objective 3.2 IPSec VPNs
Part 9B – Objective 3.2 SSL VPNs
Part 9C – Objective 3.2 L2 VPNs
Part 10 – Objective 3.3
Part 11 – Objective 4.1
Part 12 – Objective 4.2

This blogs covers:

Section 5 – Perform Operational Management of a VMware NSX Implementation
Objective 5.1 – Backup and Restore Network Configurations

• Schedule/Backup/Restore NSX Manager data
• Export/Restore vSphere Distributed Switch configuration
• Export/Import Service Composer profiles
• Save/Export/Import/Load Distributed Firewall configurations

 

NSX Manager needs to be backed up so you can recover from failure, corruption or a configuration that has caused an issue. The backup can either be on-demand or scheduled. NSX Manager supports a backup target of either a FTP or SFTP server.

You also need to back up the vCenter Server and Distributed Switches to have a full recovery point. NSX Manager and vCenter Server backups should be taken at similar times to keep them aligned.

When you take a backup of the NSX Manager it backups up the following: the configuration, controllers, logical switching, routing, security, firewall rules and pretty much everything else configured.

Backup NSX Manager Data

Log into the NSX Manager appliance web page.

Click on the Backup and Restore tab.

Under Backups and Restore, for FTP Server Settings click the Change button. Enter the relevant details of your FTP/SFTP server.

Note: To be able to restore NSX Manager data you need these details so make sure you save them!

To carry out an On-Demand NSX Manager backup, click the Backup button.

Click Start to commence the backup.

The backup is complete and you can see the status.

The files created by the backup on the FTP Server have the date and time appended to the file name.

Note: The NSX Backup also looks after Controllers and Edge configurations. Should you have a failed NSX Edge you can redeploy it by clicking on the Edge Services Gateway in the Web Client and selecting Redeploy NSX Edge.

Note: Should you have faulty NSX Controllers, VMware recommend to delete all of 3 of them and redeploy. Once you have redeployed the controllers you want to re-synchronise the controller state, click Actions – Update Controller State. This pushes the VXLAN and routing information from the NSX Manager to the controllers.

 

Schedule a NSX Manager Backup

You can schedule NSX backups either hourly, daily or weekly and have the option to select the time and date depending on the option selected.

Under Scheduling, click the Change button.

Enter the relevant details. I have configured a daily backup at 2355 hours.

 

Restore a NSX Manager Backup

The VMware supported way of restoring NSX Manager data is to deploy a new NSX Manager appliance of the same version and restore the data from the backup. The reason for this is they assume the current appliance is poked.

So, deploy a new NSX Manager appliance.

Log into the NSX Manager appliance Web Page.

Click on the Backup and Restore tab.

Under FTP Server Settings add the details of the FTP/SFTP Server that hosts your NSX Manager backups (same settings as the backup section above).

Once that is configured you will be able to see the available backups to restore from.

Select the backup to restore from and hit the Restore button.

Hit the Yes button to Restore .

You will be logged out of the appliance;  wait and then log back in and the backup should have restored all the content.

 

Export vSphere Distributed Switch Configuration

This is a pretty simple task.

From the Web Client in the Networking section, select your vDS.

Click Actions, then Settings and choose Export Configuration.

Click the OK button to export the vDS configuration.

Choose the location to save the vDS export. It saves it as a .zip file.

 

Restore vSphere Distributed Switch Configuration

Again, pretty simple.

From the Web Client in the Networking section, select your vDS.

Click Actions, then Settings and choose Restore Configuration.

Locate your .zip backup file, click Next then Finish.

 

Export Service Composer Profiles

Another simple process.

Click on Service Composer, then Security Policies.

Select the Security Policy to export, click Actions – Export Configuration.

Give the export a Name and a File Prefix if required. Click Next, Next, Finish to export.

The export contains any parent policies and security groups used by the policy.

Choose a location to save the export. The export has a file extension of .blueprint

 

Import Service Composer Profiles

Click on Service Composer, then Security Policies.

Click the  icon to Import Configuration.

Click Browse to locate and select your .blueprint file. Add the file prefix if required.

It then analyzes and shows you a preview of the policy to be imported.

The Security Policy and all objects are recreated. I also confirm that the Security Groups were recreated (I deleted them prior).

 

Saved Distributed Firewall Configurations

Every time you make a change to the Distributed Firewall, NSX auto-saves a copy of the firewall configuration.

This firewall config can be used at a later point in time to revert/restore should something go pear-shaped.

Auto-saves can also be Exported and then Imported down the track and then Loaded to become the running config.

To view saved configurations click on Firewall, then Saved Configurations.

From this screen you can click an auto-saved config and then Export it.

If you Edit an auto-saved config, you can also tick the box to preserve the configuration.

 

Export Distributed Firewall Configurations

You can either Export the live configuration or Export a saved configuration.

To export the live configuration, from the Firewall section click the  Export icon.

Click Download the save the configuration.

Select where to save the export file. The file generated has a .xml extension.

 

Import Distributed Firewall Configurations

You Import a configuration file that has previously been exported.

Click on Firewall, then Saved Configurations and click the  Import Configuration icon.

Browse to the location of the .xml configuration file. Click OK.

You can now see the configuration file has been imported.

Note: If you want to make this imported configuration the running live config you will now need to Load the config. See the next section.

 

Load Distributed Firewall Configurations

Anytime you want to restore a previous saved or imported configuration you use the Load Saved Configuration   option.

Select the configuration to roll-back to and click Load.

Click Publish Changes to enable the configuration.

 

And that’s it for blog 13, nice and simple this one.

Stay tuned for blog 14 (now available) which is going to cover Objective 5.2:

Monitoring a VMware NSX Implementation

Woohoo, 12 exam objectives down, 9 to go!

Follow me on Twitter or LinkedIn.

Be Social; Please Share.