Backup vmware when master and vcenter are on seperate networks ?

is it possible to set up backup for a vSphere environnement when there is no connection between the master server and the vcenter server ?

The master server is a clustered linux virtual machine that resides on a different virtual environnement,

The vcenter server is not reacheable from outside the virtual environnement that it manages, ie it has a private network.

Thank you !


No vCenter communication means no VM policies at all - you'll be treating each and every one of those VMs as if they were physical boxes. Since VMs tend to breed like rabbits it's just going to get more and more painful to manage things as time goes on until eventually you run into everyone's favorite question, "Why wasn't this critical server we never told you about backed up ? " 

Also, if that environment really needs to be that blocked off odds are you're looking at firewalls between your backup environment & the VMs anyway, right ? And I'm sure they've built them large enough to be able to handle all of the backup traffic you'll be sending across them without crashing or maxing their networks ? =) 

If that environment really requires backups you need to have some architecture conversions with the teams involved (VM, Security, network) to determine what they're prepared to deal with. The options appear to be : 

1) Run client-based backups of all the VMs. Note that you won't get a backup of the vCenter this way unless your Media Server can talk to the vCenter (since you already said your Master can't communicate this may or may not work either). You're also talking about LAN vs. SAN speeds for the backups. 

2) Drop a Master and/or Media Server into the dedicated network too, along with storage of some kind (disk or tape) for the backups. Note this could mean a single point of failure (the ESX hosting the Master+however many VMs in that environment), meaning if it dies you have to recover the Master first before you can start recovering the other VMs. It would also make it more difficult to create multiple copies of disk-based images since you wouldn't be able to talk with Media Servers outside the environment. You'd see SAN backup speeds at least though. 

3) Set up communication between your Master and that vCenter somehow (firewall holes or another network drop on the Master/Media). You'd then be able to setup VM policies, run SAN-based backups of the VMs to a Media Server, etc. 

Option #3 is the "right" way to do things but if you're already in this position convincing people of this is going to be an uphill battle I'm afraid, sorry; you'll probably end up with option #1. 

Best of luck. 

Do you have a backup or Media server that communicate with the vCenter over the port TCp 443? if yes you can configure the vmware snapshot backups even you do not have commucation from master servers. only limitation is you can not use query builder in the policy ( query builder in policy needs communication with master server)

refer below section in doc

  • To backup and restore VMWare:
    • Backup host to vCenter requires TCP port 443.
    • If using query builder (VIP), master server to vCenter requires TCP port 443.
    • If using the nbd transport type, backup host to ESX host requires TCP port 902.


when you add Vcenter in master server credentials, ensure to select backup host under "validate using backup host' and choose the host with port 443 communicaiton.