Manual Chapter :
Best practices for UCS restore operations
Applies To:
Show Versions
BIG-IP LTM
- 17.1.1, 17.1.0, 17.0.0, 16.1.5, 16.1.4, 16.1.3, 16.1.2, 16.1.1, 16.1.0, 16.0.1, 16.0.0, 15.1.8, 15.1.7, 15.1.6, 15.1.5, 15.1.4, 15.1.3, 15.1.2, 15.1.1, 15.1.0, 15.0.1, 15.0.0, 14.1.5, 14.1.4, 14.1.3, 14.1.2, 14.1.0, 14.0.1, 14.0.0, 13.1.5, 13.1.4, 13.1.3, 13.1.1, 13.1.0
BIG-IP DNS
- 17.1.1, 17.1.0, 17.0.0, 16.1.5, 16.1.4, 16.1.3, 16.1.2, 16.1.1, 16.1.0, 16.0.1, 16.0.0, 15.1.8, 15.1.7, 15.1.6, 15.1.5, 15.1.4, 15.1.3, 15.1.2, 15.1.1, 15.1.0, 15.0.1, 15.0.0, 14.1.5, 14.1.4, 14.1.3, 14.1.2, 14.1.0, 14.0.1, 14.0.0, 13.1.5, 13.1.4, 13.1.3, 13.1.1, 13.1.0
Best practices for UCS restore operations
A user configuration set (UCS) is an archive file that contains a
backup of your BIG-IP configuration data. Before you configure a new or replacement
BIG-IP system by restoring a UCS archive, F5 recommends you do the following:
- Store passwords and passphrases securely
- After you encrypt configuration object passwords or passphrases on any BIG-IP system, another system can only decrypt them (during atmsh load configoperation) by using the same master key that you used to encrypt them. F5 recommends that you retain a record of each configuration object password or passphrase in a secure location on a system other than the BIG-IP system that uses the password or passphrase. Doing so makes it possible for you to restore a UCS configuration archive when the original master key is not available.
- Store UCS archives securely
- Make sure that you regularly back up the BIG-IP system configuration and maintain the backup UCS archives in a secure manner. The preferred way to store UCS archives securely (encrypts the entire UCS file):tmsh save sys ucs <ucs name> passphrase <passphrase>. For more information about creating and restoring UCS archives, see the Knowledge Base article K13132: Backing up and restoring BIG-IP configuration files with a UCS archive, athttp://support.f5.com.
- Learn about licensing with respect to UCS archives
- Before installing a UCS archive on a new BIG-IP system, for example a Return Materials Authorization (RMA) device, see the Licensing section of the Knowledge Base article K13132: Backing up and restoring BIG-IP configuration files, athttp://support.f5.com.
- Learn about non-matching hardware platforms
- Before moving a UCS archive from one hardware platform type to another, for example from a Virtual Clustered Multiprocessing (vCMP) guest to a hardware device, see the Knowedge Base article K82540512: Overview of the UCS archive platform-migrate option, athttp://support.f5.com.
