VCF 4.0 – file-based backup configuration via API

To configure a file-based backup schedule for the SDDC Manager VM you must use the Cloud Foundation API because it’s not possible to configure it via GUI.

BUT, before you can use the VMware Cloud Foundation API to configure a backup schedule, you must enable the feature creating properties file ( in the /home/vcf directory on SDDC Manager VM. If you forget to perform this step backup schedule details will not change (mark on red).

So first create properties file following steps (as describe in VCF 4.0 Release Notes):

  1. SSH in to the SDDC Manager VM using the vcf user account.
  2. Enter su to switch to the root user.
  3. Create a properties file ( in the /home/vcf directory:
    vi /home/vcf/
  4. Add the following text to the file and save it:
  5. Change the file permissions to readable, writable, and executable:
    chmod -R 777
  6. Restart the operations manager service:
    systemctl restart operationsmanager.service

And now quick look at Cloud Foundation API call body json structure (more details about options can be found here):

    "backupLocations": [ {
        "directoryPath": "/backup/vcf",
        "password": "P@ssw0rd",
        "port": 22,
        "protocol": "SFTP",
        "server": "",
        "sshFingerprint": "SHA256:TqK0ckO4gFSdOvEOCc12S3XXXXXXXXXX",
        "username": "backupUsername"
    } ],
    "backupSchedules": [ {
        "daysOfWeek": [ "MONDAY","TUESDAY","WEDNESDAY","FRIDAY" ],
        "frequency": "WEEKLY",
        "hourOfDay": "23",
        "minuteOfHour": "00",
        "resourceType": "SDDC_MANAGER"
    } ],
    "encryption": {
        "passphrase": "S0m3P@ssphr4s3"

NOTE!!! Unfortunately, backup schedules details provided in Cloud Foundation API request (such as backup days of week or backup frequency) are not propagated into NSX-T Manager. So to configure NSX-T backup intervals you must use NSX-T API separately.

You can check it in GUI: SFTP server details configured correctly but default backup schedule configuration didn’t change…

Also, you can check this running curl command:

curl -k 'https://<NSX-T_IP_OR_FQDN>/api/v1/cluster/backups/config' -u admin

And quick look at example NSX-T API call body json structure:

NOTE!!! SHA-256 fingerprint of ECDSA key of the SFTP server is required.

  "backup_enabled": true,
  "backup_schedule": {
    "resource_type": "WeeklyBackupSchedule",
    "days_of_week": [
    "hour_of_day": "23",
    "minute_of_day": "00"
  "remote_file_server": {
    "server": "",
    "port": "22",
    "protocol": {
      "protocol_name": "sftp",
      "ssh_fingerprint": "SHA256:BxTr54H4gFSdOvEOCc12S3XXXXXXXXXXXXXX",
      "authentication_scheme": {
        "scheme_name": "PASSWORD",
        "username": "next",
        "password": "P@ssw0rd"
    "directory_path": "/backup/vcf"
  "passphrase": "S0m3P@ssphr4s3",
  "inventory_summary_interval": "3600"

That’s it. Questions, suggestions – just ping me 😉