vCF External Backups using a Windows SFTP Server and the D:\

I was working with a customer who wanted to configure a Windows SFTP server as the backup target for their VCF SDDC backups, and it was a bit of a pain to get working right, although in the end it wasn't too complicated.  So, I'm writing my notes here!

In this environment, the server is not given internet access, so installing the OpenSSH feature took a bit of extra work in Windows.  The key there was to download the FOD ISO from Microsoft and mount that to our VM (not the normal Windows install ISO).  Once that ISO was mounted (as the E:\ drive), I used the following DISM command to install the OpenSSH Server optional feature:

dism /add-capability /online /capabilityname:OpenSSH.Server~~~~0.0.1.0 /source:E:\LanguagesAndOptionalFeatures

That got OpenSSH installed, so I made sure that the service was set to Automatic in Windows and figured that we were good to go!  Not quite...

The server needed some configuration.  The config file is "C:\ProgramData\SSH\sshd_config" and can be opened with Notepad or any other text editor; just make sure that you have an elevated application, otherwise you won't be able to save your changes!

We need to make three configuration changes to make this work smoothly.  First, we'll want to set the default directory to the folder that we're using.  In this case, if we want our backups to go to the D:\SFTP\Backups\ directory, we'll want to change the line that reads:

"Subsystem    sftp    sftp-server.exe"

into:

"Subsystem    sftp    sftp-server.exe -d D:\SFTP"

Next, we'll need to change the root directory to the D:\ drive for this server.  The VCF interface needs you to specify a backup folder, but the way that Windows advertises that folder it's going to effectively need an absolute path, but packaged in SFTP dressings.  If you use WinSCP and connect to the server, you'll see that the path is "/D:/SFTP/Backups" but that presents a problem.  The vCF interface will not allow you to input a ":" character in that field... but fortunately, there's a work-around!  OpenSSH on Windows will treat the standard linux root "/" as the C:\ by default.  In this case, we don't want to use the C:\, but we can edit the config file to give it a new root!

Add this line to the config file (or uncomment the example and change it):

"ChrootDirectory D:\"

That will instruct OpenSSH to treat "/" as a reference to D:\.  That means that you can configure that backup directory as /SFTP/Backups in the vCF interface and it'll all get sorted out on the back-end.

Finally, we'll need to make sure that our user account is allowed to access the server.  I could not figure out a syntax that VCF would accept that allowed me to specify a domain account, so we eventually ended up creating a local account on the SFTP server (for this example, we'll call that account backupUser).  We just need to add a line to the config file that tells the system that that user is allowed to sign in to the server:

"allowedUsers backupUser"

Once those three changes have been put in place (and you've ensured that your folder NTFS permissions are correct for the specified account), you'll just need to restart the OpenSSH SSH Server service so that it will read in the new configuration, and you should be good to go!

Comments

Post a Comment

Sorry guys, I've been getting a lot of spam recently, so I've had to turn on comment moderation. I'll do my best to moderate them swiftly after they're submitted,

Popular posts from this blog

PowerShell Sorting by Multiple Columns

PowerShell's Sort-Object cmdlet is super useful, especially when preparing output for human consumption.  A few people have found my blog while looking for more information about its use, specifically while looking for how to sort by multiple columns (well, properties, technically).  I've never done so (much less written about it), so I hope those folks found answers elsewhere.  But, it got me curious... and it turns out that it's really easy. The Technet article on Sort-Object has the answer directly spelled out: just use commas to create a list of properties to sort by (in order to precedence).  Let's look at some examples!  First, prepare a variable with some good sortable data: $myData = get-eventlog System -newest 25 And then we can get to sorting!  Say you want to sort primarily by EntryType (Warning, Information, Error) and then by Source.  Easy-peasy: $myData | sort EntryType,Source How about if you want it to be in descending order?  Yeah, there&
Read more

Clone a Standard vSwitch from one ESXi Host to Another

One of my customers is standardizing the configurations on their HP C7000 enclosures (they've been set up at various sites by various administrators with varying involvement from the architecture team).  As such, we need to stand up some temporary resources so that we can take down the main enclosure for reconfiguration.  That's fine, we can easily ship a smaller enclosure to each site for temporary compute resources.  Some of the sites are using Standard vSwitches, so we need to be able to quickly copy the networking configuration over from their existing blades to these new, slightly different blades.  As I see it, we had 2 good options: 1) Capture a Host Profile with the desired vSwitch configuration.  Delete every other component of the Host Profile so that only the networking section is applied; design the new ESXi hosts so that the vSwitches'll work with the old vmnic-to-vswitch configurations. 2) Write a script to clone the vSwitch from ones ESXi host to another.
Read more

Deleting Orphaned (AKA Zombie) VMDK Files

A problem that most Virtualization Administrators need to deal with is Orphaned VMDK files (or Zombie VMDK files, as some people call them).  These are Virtual Machine hard drive files that are just hanging out, taking up storage, but are attached to no VMs.  How can this happen?  Well, the most common way is when an administrator needs to delete a VMDK but isn't quite ready to commit... so, after pressing "remove", they select "remove from virtual machine" rather than "remove and delete files".  The intent is always good: "I want to be able to restore this if it turns out to be necessary... so I'll just come back and delete it next week if nothing breaks!"  But, of course, next week something else happens and the file doesn't get deleted.  After a little while, it turns into "which files did I rename, again?" and nothing seems to happen. So, how do you deal with these orphaned files?  Well, a few years ago I found a scrip
Read more