Manual Chapter : Archives

Applies To:

Show Versions Show Versions

BIG-IP AAM

  • 15.0.1, 15.0.0

BIG-IP APM

  • 15.0.1, 15.0.0

BIG-IP Link Controller

  • 15.0.1, 15.0.0

BIG-IP Analytics

  • 15.0.1, 15.0.0

BIG-IP LTM

  • 15.0.1, 15.0.0

BIG-IP AFM

  • 15.0.1, 15.0.0

BIG-IP PEM

  • 15.0.1, 15.0.0

BIG-IP DNS

  • 15.0.1, 15.0.0

BIG-IP ASM

  • 15.0.1, 15.0.0
Manual Chapter

Archives

About archives

When you initially configure the BIG-IP® system using the Setup utility and the BIG-IP Configuration utility, or
tmsh
, the system saves your configuration information. This information includes traffic management elements, such as virtual servers, pools, and profiles. Configuration data also consists of system and network definitions, such as interface properties, self IP addresses, VLANs, and more.
Once you have created the configuration data for the BIG-IP system, you can replicate all of this data in a separate file and then use this data later for these purposes:
Archive for disaster recovery
Using the Archives feature, you can back up the current configuration data, and if necessary, restore the data at a later time. F5 Networks recommends that you use this feature to mitigate the potential loss of BIG-IP system configuration data. To create an archive, you can use the BIG-IP Configuration utility, which stores the configuration data in a file known as a user configuration set, or UCS (
.ucs
) file. You can then use the UCS file to recover from any loss of data, in the unlikely event that you need to do so.
Propagate data to other systems
Using the single configuration file feature, you can quickly propagate the exact configuration of the BIG-IP system to other BIG-IP systems. To create a single configuration file, you export the configuration data to a file known as an SCF (
.scf
) file. You can then use the SCF file to configure another system in one simple operation.
By default, the system stores all archives in the
/var/local/ucs
directory. You can specify a different location, but if you do, the Configuration utility does not display the UCS files when you view the archive list.
Before you replace a version of the BIG-IP system with a newer version, you should always create an
archive
, which is a backup copy of the configuration data. This archive is in the form of a user configuration set, or UCS. Then, if you need to recover that data later, you can restore the data from the archive that you created.
To create, delete, upload, or download an archive, you must have either the Administrator or Resource Administrator role assigned to your user account.

About UCS files

A user configuration set, or UCS (
.ucs
) file, contains the following types of BIG-IP system configuration data:
  • System-specific configuration files
  • Product licenses
  • User accounts and password information
  • Domain name service (DNS) zone files
  • Installed SSL keys and certificates
Each time you back up the configuration data, the BIG-IP system creates a new file with a
.ucs
extension. Each UCS file contains various configuration files needed for the BIG-IP system to operate correctly, as well as the configuration data.

About managing archives using the Configuration utility

When you create a new archive (or UCS file) using the Configuration utility, the BIG-IP® system automatically stores it at a default location, in the
/var/local/ucs
directory. You can create as many separate archives as you need, provided each archive has a unique file name. Also, you can specify that the BIG-IP system store an archive in a directory other than
/var/local/ucs
. In this case, however, the Configuration utility does not include the archive name in the list of archives on the Archives screen.

Create and save an archive using the Configuration utility

You can use the BIG-IP® Configuration utility to create and save archives on the BIG-IP system.
Any UCS file that you create includes the host name of the BIG-IP system as part of the data stored in that file. Later, when you specify this UCS file while restoring configuration data to a BIG-IP system, the host name stored in this UCS file must match the host name of the system to which you are restoring the configuration data. Otherwise, the system does not fully restore the data. Also, if your configuration data includes SSL keys and certificates, make sure to store the archive file in a secure environment.
  1. Force the source device to the offline state.
    1. On the Main menu, click
      Device Management
      Devices
      .
    2. Click the name of the source.
      The device properties screen opens.
    3. Click
      Force Offline
      .
      The source device changes to the offline state.
      Once the source device changes to the offline state, ensure that traffic passes normally for all active traffic groups on the other devices.
      When
      Force Offline
      is enabled, make sure to manage the system using the management port or console. Connections to self IP addresses are terminated when
      Force Offline
      is enabled.
  2. On the Main tab, click
    System
    Archives
    .
    The Archives screen displays a list of existing UCS files.
  3. Click
    Create
    .
    If the
    Create
    button is unavailable, you do not have permission to create an archive. You must have the Administrator role assigned to your user account.
  4. In the
    File Name
    field, type a unique file name for the archive.
    F5 recommends that the file name match the name of the BIG-IP system. For example, if the name of the BIG-IP system is
    bigip2
    , then the name of the archive file should be
    bigip2.ucs
    .
  5. To encrypt the archive, for the
    Encryption
    setting, select
    Enabled
    .
    If the
    Encryption
    setting is unavailable, you must configure the
    Archive Encryption
    setting located on the Preferences screen.
  6. To include private keys, for the
    Private Keys
    setting, select
    Include
    .
    Make sure to store the archive file in a secure environment.
  7. Click
    Finished
    .

Restore data from an archive using the Configuration utility

In the unlikely event that the BIG-IP® system configuration data becomes corrupted, you can use the Configuration utility to restore data from an archive file. The
/var/local/ucs
directory is the only location on the BIG-IP system in which you can save and restore an archive. If no archive exists in that directory, then you cannot restore configuration data.
The host name stored in the archive file must match the host name of the BIG-IP system that you are restoring; otherwise, the system does not fully restore the data.
  1. On the Main tab, click
    System
    Archives
    .
    The Archives screen displays a list of existing UCS files.
  2. In the File Name column, click the name of the archive that you want to use to restore the configuration data.
    This displays the properties of that archive.
  3. Click
    Restore
    .
    The system displays a progress message.

View a list of existing archives using the Configuration utility

You can use the Configuration utility to view a list of archives that are stored in the default directory,
/var/local/ucs
, on a BIG-IP® system. The Configuration utility displays the UCS file name, creation date, and file size.
  1. On the Main tab, click
    System
    Archives
    .
    The Archives screen displays a list of existing UCS files.

View archive properties using the Configuration utility

You can use the Configuration utility to view the properties of archives that are stored on the BIG-IP® system, including archive name, BIG-IP version, encryption state, creation date, and archive size.
  1. On the Main tab, click
    System
    Archives
    .
    The Archives screen displays a list of existing UCS files.
  2. In the File Name column, click the name of the archive that you want to view.
    This displays the properties of that archive.

Download a copy of an archive to a management workstation

You can use the Configuration utility to download a copy of an archive to a management workstation. This provides an extra level of protection by preserving the configuration data on a remote system. In the unlikely event that you need to restore the data, and a BIG-IP® system event prevents you from accessing the archive in the BIG-IP system directory, you still have a backup copy of the configuration data.
  1. On the Main tab, click
    System
    Archives
    .
    The Archives screen displays a list of existing UCS files.
  2. In the File Name column, click the name of the archive that you want to view.
    This displays the properties of that archive.
  3. For the
    Archive File
    setting, click the
    Download: <filename>.ucs
    button.
    A confirmation screen appears.
  4. Click
    Save
    .
    The BIG-IP system downloads a copy of the UCS file to the system from which you initiated the download.

Upload an archive from a management workstation

If you previously downloaded a copy of an archive to a management workstation, you can upload that archive to the BIG-IP system at any time. This is useful when a BIG-IP system event has occurred that has caused the archive stored on the BIG-IP system to either become unavailable or corrupted.
You can use the Configuration utility to upload a copy of an archive stored on a management workstation.
When you upload a copy of an archive, you must specify the exact path name for the directory in which the downloaded archive copy is stored.
  1. On the Main tab, click
    System
    Archives
    .
    The Archives screen displays a list of existing UCS files.
  2. Click
    Upload
    .
    The Upload screen opens.
  3. For the
    File Name
    setting, click
    Browse
    .
  4. For the
    Options
    setting, select the
    Overwrite existing archive file
    check box if you want the BIG-IP system to overwrite any existing archive file.
    The BIG-IP system overwrites an existing file with the uploaded file only when the name of the archive you are uploading matches the name of an archive on the BIG-IP system.
  5. Click
    Upload
    .
    The specified archive is now uploaded to the
    /var/local/ucs
    directory on the BIG-IP system.

Delete an archive using the Configuration utility

You can use the Configuration utility to delete an archive that is stored in the default UCS directory,
/var/local/ucs
, on the BIG-IP® system.
  1. On the Main tab, click
    System
    Archives
    .
    The Archives screen displays a list of existing UCS files.
  2. Select the archive that you want to delete.
  3. Click
    Delete
    .
    A confirmation screen appears.

About managing archives using tmsh

When you create a new archive using the Traffic Management Shell (
tmsh
), the BIG-IP® system automatically stores it at a default location, in the
/var/local/ucs
directory. You can create as many separate archives as you need, provided each archive has a unique file name. Also, you can specify that the BIG-IP system store an archive in a directory other than
/var/local/ucs
. In this case, however,
tmsh
does not include the archive name when you view a list of existing archives.
For more information about
tmsh
commands and options, see the man pages or the
Traffic Management Shell (tmsh) Reference Guide
.

Create and save an archive using tmsh

You can use
tmsh
to create and save archives (UCS files) on the BIG-IP system.
Any UCS file that you create includes the host name of the BIG-IP system as part of the data stored in that file. Later, when you specify this UCS file while restoring configuration data to a BIG-IP system, the host name stored in this UCS file must match the host name of the system to which you are restoring the configuration data. Otherwise, the system does not fully restore the data. Also, if your configuration data includes SSL keys and certificates, make sure to store the archive file in a secure environment.
  1. Open the TMOS Shell (
    tmsh
    ).
    tmsh
  2. Save the running configuration of the system to a new UCS file, where <filename> is the name of the new UCS file.
    save sys ucs <filename>

View a list of existing archives using tmsh

You can use
tmsh
to view a list of archives that are stored in the default directory,
/var/local/ucs
, on the BIG-IP® system.
  1. Open the TMOS Shell (
    tmsh
    ).
    tmsh
  2. View a list of UCS files stored in
    /var/local/ucs
    .
    show sys ucs
    A list of UCS files displays.

View archive properties using tmsh

You can use
tmsh
to view the properties of archives that are stored on the BIG-IP® system, including archive name, BIG-IP version, encryption state, creation date, and archive size.
  1. Open the TMOS Shell (
    tmsh
    ).
    tmsh
  2. View the properties for all UCS files stored in
    /var/local/ucs
    .
    show sys ucs
    To view properties for a specific UCS file, include the UCS file name in the command sequence.
    The properties for all UCS files displays.

Delete an archive using tmsh

You can use
tmsh
to delete an archive that is stored in the default UCS directory,
/var/local/ucs
, on the BIG-IP® system.
  1. Open the TMOS Shell (
    tmsh
    ).
    tmsh
  2. Delete the specified UCS file.
    delete sys ucs <filename>
    The system deletes the specified UCS file.

Generate a passphrase for the SecureVault master key

To allow the recovery of the data stored in the UCS, the administrator is given the opportunity to specify the passphrase that is used to generate the current master key. If the administrator can specify the correct passphrase the system will generate the current master key, encrypt the master key with the current unit key, and then store the encrypted master key. This allows the system to access the encrypted sensitive data.
  1. Open the TMOS Shell (
    tmsh
    ).
    tmsh
  2. Create a password-protected master key based on a word or phrase of your choosing.
    modify sys crypto master-key prompt-for-password
    You can use this command to manually synchronize several devices without having to copy keys between them.

About backing up and restoring archives using tmsh

After you have created an archive (UCS), you can use secure copy (SCP) to save a copy to a management workstation. This provides an extra level of protection by preserving the configuration data on a remote system. In the unlikely event that you need to restore the data and you are unable to access the archive in the BIG-IP® system directory, you still have a backup copy of the configuration data.
If your configuration data includes SSL keys and certificates, make sure to store the archive file in a secure environment.
Once the UCS is in the
/var/local/ucs
directory, you can load and restore the archive data using
tmsh
.

Load and restore data from an archive using tmsh

In the unlikely event that the BIG-IP® system configuration data becomes corrupted, you can use
tmsh
to load and restore data from an archive file. The
/var/local/ucs
directory is the only location on the BIG-IP system from which you can restore an archive. If no archive exists in that directory, then you cannot restore configuration data.
The host name stored in the archive file must match the host name of the BIG-IP system that you are restoring; otherwise, the system does not fully restore the data.
  1. Open the TMOS Shell (
    tmsh
    ).
    tmsh
  2. Load the configuration contained in a specified UCS file, where <filename> is the name of the UCS file.
    load /sys ucs <filename>
    The UCS is loaded into the running configuration of the system.