VMware Cloud Community
EcoBassam
Enthusiast
Enthusiast
‎06-03-2014 04:07 AM

Single vShield Edge backup and restore

Hello,

As far as I know, there is no possibility to backup and restore an individual Edge VM on vShield Manager interface. But it should be possible with PowerCLI scripts with VSM API.

If anyone had already done this, it would be appreciated if he can share this with the community Smiley Happy

Regards,

0 Kudos
4 Replies
amatt240
Enthusiast
Enthusiast
‎06-11-2014 07:14 AM

Depends what you are looking to do. If you want to protect your self from your self/other admins making changes, then vShield Manager currently doesn't maintain a listing of previous versions.

If you want to protect against the loss of a vShield Edge, then all the configs etc.. are stored and deployed in the vShield manager, so backing up the manager is a very important task. There are ID's used in rules and the Edges that will restrict what you can do for restores (see below)

For purposes of DR, backup your vShield manager config, and in the event of a DR situation, you will deploy a new vShield Manager appliance, restore the config, and point it to the restored version of your vCenter. vShield manager is rather tied to one vCenter, so you can't deploy edges to a DR vCenter, or SRM the vShield manager/edges. We are suffering pains through this, and VMware doesn't have much in the way of plans in the future vCNS/NSX. Sadly the use case of shifting vShield Edges and their VM's to alternate locations seemed to be a great surprise to them!

0 Kudos
EcoBassam
Enthusiast
Enthusiast
‎06-13-2014 08:53 AM

Hi amatt,

Thanks for your reply.

My use case is exactly the first one you taleked about an it is a service for Organization admin and not Cloud Admin.

As an Org Admin, I should be able to restore the state of my Edge GW config to a previous state without impacting the other organizations.


0 Kudos
Texiwill
Leadership
Leadership
‎06-16-2014 12:51 PM

Hello,

One approach is to copy the rules out into a safe place. Slow, and painful for larger systems or many Edge's. VSM will not export individual firewalls. However, the tech-support logs for the Edge will contain all the rules as well. You could easily get those logs.

Alternatively, backup the Edge appliance just like you would backup any other VM within your tenancy. An Edge will work even if it looses its connection to VSM. But there is no import rule tools or export short of the support logs.

This would be a very nice addition to VSM and the API and vCloud Director/vCAC to save the data...

Best regards,
Edward L. Haletky
VMware Communities User Moderator, VMware vExpert 2009, 2010, 2011,2012,2013,2014

Author of the books 'VMWare ESX and ESXi in the Enterprise: Planning Deployment Virtualization Servers', Copyright 2011 Pearson Education. 'VMware vSphere and Virtual Infrastructure Security: Securing the Virtual Environment', Copyright 2009 Pearson Education.

Virtualization and Cloud Security Analyst: The Virtualization Practice, LLC -- vSphere Upgrade Saga -- Virtualization Security Round Table Podcast

--
Edward L. Haletky
vExpert XIV: 2009-2023,
VMTN Community Moderator
vSphere Upgrade Saga: https://www.astroarch.com/blogs
GitHub Repo: https://github.com/Texiwill
0 Kudos
dmcdave212
Enthusiast
Enthusiast
‎09-06-2016 02:48 PM

I know this is an old post but it's along the same lines as a question I asked about 3 years ago and only in the last year did I come up with a solution.  These import/export scripts should do the job.

vCloud API and PowerCLI – Import/Export vShield Edge NAT rules
http://www.vscratchpad.com/export-vshield-edge-nat-rules-from-vcloud-director/

vCloud API and PowerCLI – Import/Export vShield Edge FW Rules
http://www.vscratchpad.com/vcloud-api-and-powercli-importexport-vshield-edge-fw-rules/

Dave

0 Kudos