Manual Chapter :
Archives
Applies To:
Show VersionsBIG-IP AAM
- 14.0.1, 14.0.0
BIG-IP APM
- 14.0.1, 14.0.0
BIG-IP Analytics
- 14.0.1, 14.0.0
BIG-IP LTM
- 14.0.1, 14.0.0
BIG-IP PEM
- 14.0.1, 14.0.0
BIG-IP AFM
- 14.0.1, 14.0.0
BIG-IP DNS
- 14.0.1, 14.0.0
BIG-IP ASM
- 14.0.1, 14.0.0
Archives
About archives
When you initially configure the BIG-IP® system using the
Setup utility and the BIG-IP Configuration utility, or
tmsh
, the system saves your configuration information. This
information includes traffic management elements, such as virtual servers,
pools, and profiles. Configuration data also consists of system and network
definitions, such as interface properties, self IP addresses, VLANs, and
more.Once you have created the configuration data for the BIG-IP system, you can
replicate all of this data in a separate file and then use this data later for
these purposes:
- Archive for disaster recovery
- Using the Archives feature, you can back up the current configuration data, and if necessary, restore the data at a later time. F5 Networks recommends that you use this feature to mitigate the potential loss of BIG-IP system configuration data. To create an archive, you can use the BIG-IP Configuration utility, which stores the configuration data in a file known as a user configuration set, or UCS (.ucs) file. You can then use the UCS file to recover from any loss of data, in the unlikely event that you need to do so.
- Propagate data to other systems
- Using the single configuration file feature, you can quickly propagate the exact configuration of the BIG-IP system to other BIG-IP systems. To create a single configuration file, you export the configuration data to a file known as an SCF (.scf) file. You can then use the SCF file to configure another system in one simple operation.
By default, the system stores all archives in the
/var/local/ucs
directory. You can specify a different
location, but if you do, the BIG-IP® Configuration
utility does not display the UCS files when you view the archive list.Before you replace a version of the BIG-IP system with a newer version, you
should always create an
archive
, which is a backup copy of the
configuration data. This archive is in the form of a user configuration set,
or UCS. Then, if you need to recover that data later, you can restore the data
from the archive that you created.To create, delete,
upload, or download an archive, you must have either the Administrator or
Resource Administrator role assigned to your user account.
About UCS files
A user configuration set, or UCS (
.ucs
) file, contains the
following types of BIG-IP system configuration data:- System-specific configuration files
- Product licenses
- User accounts and password information
- Domain name service (DNS) zone files
- Installed SSL keys and certificates
Each time you back up the configuration data, the BIG-IP system creates a new
file with a
.ucs
extension. Each UCS file contains
various configuration files needed for the BIG-IP system to operate correctly,
as well as the configuration data.About managing archives using the Configuration utility
When you create a new archive (or UCS file) using the Configuration utility,
the BIG-IP® system automatically stores it at a default
location, in the
/var/local/ucs
directory. You can create
as many separate archives as you need, provided each archive has a unique file
name. Also, you can specify that the BIG-IP system store an archive in a
directory other than /var/local/ucs
. In this case,
however, the Configuration utility does not include the archive name in the
list of archives on the Archives screen.Create and save an archive using the Configuration utility
You can use the BIG-IP® Configuration utility to
create and save archives on the BIG-IP system.
Any UCS file that you create includes the host name of
the BIG-IP system as part of the data stored in that file. Later, when you
specify this UCS file while restoring configuration data to a BIG-IP
system, the host name stored in this UCS file must match the host name of
the system to which you are restoring the configuration data. Otherwise,
the system does not fully restore the data. Also, if your configuration
data includes SSL keys and certificates, make sure to store the archive
file in a secure environment.
- Force the source device to the offline state.
- On the Main menu, click.
- Click the name of the source.The device properties screen opens.
- ClickForce Offline.The source device changes to the offline state.Once the source device changes to the offline state, ensure that traffic passes normally for all active traffic groups on the other devices.WhenForce Offlineis enabled, make sure to manage the system using the management port or console. Connections to self IP addresses are terminated whenForce Offlineis enabled.
- On the Main tab, click.The Archives screen displays a list of existing UCS files.
- ClickCreate.If theCreatebutton is unavailable, you do not have permission to create an archive. You must have the Administrator role assigned to your user account.
- In theFile Namefield, type a unique file name for the archive.F5 recommends that the file name match the name of the BIG-IP system. For example, if the name of the BIG-IP system isbigip2, then the name of the archive file should bebigip2.ucs.
- To encrypt the archive, for theEncryptionsetting, selectEnabled.If theEncryptionsetting is unavailable, you must configure theArchive Encryptionsetting located on the Preferences screen.
- To include private keys, for thePrivate Keyssetting, selectInclude.Make sure to store the archive file in a secure environment.
- ClickFinished.
Restore data from an archive using the Configuration utility
In the unlikely event that the BIG-IP® system
configuration data becomes corrupted, you can use the Configuration utility to
restore data from an archive file. The
/var/local/ucs
directory is the only location on the BIG-IP system in which you can save and
restore an archive. If no archive exists in that directory, then you cannot
restore configuration data.
The host name stored in the
archive file must match the host name of the BIG-IP system that you are
restoring; otherwise, the system does not fully restore the data.
- On the Main tab, click.The Archives screen displays a list of existing UCS files.
- In the File Name column, click the name of the archive that you want to use to restore the configuration data.This displays the properties of that archive.
- ClickRestore.The system displays a progress message.
View a list of existing archives using the Configuration utility
You can use the Configuration utility to view a list of archives that are
stored in the default directory,
/var/local/ucs
, on a
BIG-IP® system. The Configuration utility displays the
UCS file name, creation date, and file size.- On the Main tab, click.The Archives screen displays a list of existing UCS files.
View archive properties using the Configuration utility
You can use the Configuration utility to view the properties of archives
that are stored on the BIG-IP® system, including archive
name, BIG-IP version, encryption state, creation date, and archive size.
- On the Main tab, click.The Archives screen displays a list of existing UCS files.
- In the File Name column, click the name of the archive that you want to view.This displays the properties of that archive.
Download a copy of an archive to a management workstation
You can use the Configuration utility to download a copy of an archive
to a management workstation. This provides an extra level of protection
by preserving the configuration data on a remote system. In the unlikely event
that you need to restore the data, and a BIG-IP® system
event prevents you from accessing the archive in the BIG-IP system directory,
you still have a backup copy of the configuration data.
- On the Main tab, click.The Archives screen displays a list of existing UCS files.
- In the File Name column, click the name of the archive that you want to view.This displays the properties of that archive.
- For theArchive Filesetting, click theDownload: <filename>.ucsbutton.A confirmation screen appears.
- ClickSave.The BIG-IP system downloads a copy of the UCS file to the system from which you initiated the download.
Upload an archive from a management workstation
If you previously downloaded a copy of an archive to a management
workstation, you can upload that archive to the BIG-IP®
system at any time. This is useful when a BIG-IP system event has occurred
that has caused the archive stored on the BIG-IP system to either become
unavailable or corrupted.
You can use the Configuration utility to upload a copy of an archive
stored on a management workstation.
When you upload a copy of an archive, you must specify the
exact path name for the directory in which the downloaded archive copy is
stored.
- On the Main tab, click.The Archives screen displays a list of existing UCS files.
- ClickUpload.The Upload screen opens.
- For theFile Namesetting, clickBrowse.
- For theOptionssetting, select theOverwrite existing archive filecheck box if you want the BIG-IP system to overwrite any existing archive file.The BIG-IP system overwrites an existing file with the uploaded file only when the name of the archive you are uploading matches the name of an archive on the BIG-IP system.
- ClickUpload.The specified archive is now uploaded to the/var/local/ucsdirectory on the BIG-IP system.
Delete an archive
using the Configuration utility
You can use the Configuration utility to delete an
archive that is stored in the default UCS directory,
/var/local/ucs
, on the BIG-IP® system.- Open the TMOS Shell (tmsh).tmsh
- Delete the specified archive file.delete sys ucs <filename>The specified UCS file is deleted.
About managing archives using tmsh
When you create a new archive using the Traffic Management Shell
(
tmsh
), the BIG-IP® system
automatically stores it at a default location, in the
/var/local/ucs
directory. You can create as many
separate archives as you need, provided each archive has a unique file name.
Also, you can specify that the BIG-IP system store an archive in a directory
other than /var/local/ucs
. In this case, however,
tmsh
does not include the archive name when you view a
list of existing archives.For more information about
tmsh
commands and options, see
the man pages or the Traffic Management Shell (tmsh) Reference
Guide
.Create and save
an archive using tmsh
You can use
tmsh
to create and save archives (UCS files) on the BIG-IP® system. Any UCS file that you create includes the host name of
the BIG-IP system as part of the data stored in that file. Later, when you
specify this UCS file while restoring configuration data to a BIG-IP
system, the host name stored in this UCS file must match the host name of
the system to which you are restoring the configuration data. Otherwise,
the system does not fully restore the data. Also, if your configuration
data includes SSL keys and certificates, make sure to store the archive
file in a secure environment.
- Open the TMOS Shell (tmsh).tmsh
- Save the running configuration of the system to a new UCS file, where <filename> is the name of the new UCS file.save sys ucs <filename>
View a list of
existing archives using tmsh
You can use
tmsh
to view a list of archives that are stored in the default directory,
/var/local/ucs
, on the BIG-IP® system.- Open the TMOS Shell (tmsh).tmsh
- View a list of UCS files stored in/var/local/ucs.show sys ucsA list of UCS files displays.
View archive
properties using tmsh
You can use
tmsh
to view the properties of archives that are stored on the BIG-IP® system, including archive name, BIG-IP
version, encryption state, creation date, and archive size.- Open the TMOS Shell (tmsh).tmsh
- View the properties for all UCS files stored in/var/local/ucs.show sys ucsTo view properties for a specific UCS file, include the UCS file name in the command sequence.The properties for all UCS files displays.
Delete an archive
using tmsh
You can use
tmsh
to delete an archive that is stored in the default UCS directory,
/var/local/ucs
, on the BIG-IP® system.- Open the TMOS Shell (tmsh).tmsh
- Delete the specified UCS file.delete sys ucs <filename>The system deletes the specified UCS file.
Generate a
passphrase for the SecureVault master key
To allow the recovery of the data stored in the
UCS, the administrator is given the opportunity to specify the passphrase that is used
to generate the current master key. If the administrator can specify the correct
passphrase the system will generate the current master key, encrypt the master key with
the current unit key, and then store the encrypted master key. This allows the system to
access the encrypted sensitive data.
- Open the TMOS Shell (tmsh).tmsh
- Create a password-protected master key based on a word or phrase of your choosing.modify sys crypto master-key prompt-for-passwordYou can use this command to manually synchronize several devices without having to copy keys between them.
About backing up and restoring archives using tmsh
After you have created an archive (UCS), you can use secure copy (SCP) to save
a copy to a management workstation. This provides an extra level of protection
by preserving the configuration data on a remote system. In the unlikely event
that you need to restore the data and you are unable to access the archive in
the BIG-IP® system directory, you still have a backup
copy of the configuration data.
If your configuration data includes SSL keys and
certificates, make sure to store the archive file in a secure environment.
Once the UCS is in the
/var/local/ucs
directory, you can
load and restore the archive data using tmsh
.Load and
restore data from an archive using tmsh
In the unlikely event that the BIG-IP® system configuration data becomes corrupted, you can
use
tmsh
to load and restore data from
an archive file. The /var/local/ucs
directory is the only location on the BIG-IP system from
which you can restore an archive. If no archive exists in that directory, then you
cannot restore configuration data. The host name stored in the
archive file must match the host name of the BIG-IP system that you are
restoring; otherwise, the system does not fully restore the data.
- Open the TMOS Shell (tmsh).tmsh
- Load the configuration contained in a specified UCS file, where <filename> is the name of the UCS file.load ucs <filename>The UCS is loaded into the running configuration of the system.