F5 Logo MyF5
Search
  1. MyF5 Home
  2. Backup File Management
Manual Chapter : Backup File Management

Applies To:

Show Versions Show Versions

BIG-IQ Centralized Management

  • 7.1.0
Manual Chapter

Backup File Management

How do I manage backups for BIG-IP configurations?

The configuration details of managed devices (including the BIG-IQ system itself) are kept in a compressed user configuration set (UCS) file. The UCS file has all of the information you need to restore a device's configuration, including:
  • System-specific configuration files
  • License
  • User account and password information
  • SSL certificates and keys
You can create a backup of a device's UCS file so that you can easily recover, or download, a configuration for a managed device. You can also compare configuration files within a UCS backup between the same (or different) BIG-IP devices, for troubleshooting or to mirror certain configuration options.
To manage backups for BIG-IP configurations, you must have either administrative or special backup role privileges. For more information about see
Create user with backup management access
.
Before you proceed, keep in mind that there are several different ways to make backups of your data. Each of these methods backs up different things and is documented separately.
To back up the entire configuration of a managed BIG-IP device, you create a compressed user configuration set (UCS).
This workflow is discussed in this guide.
DCD snapshots back up the alert, event, and analytics data collected by your DCDs.
Refer to
Managing Data Collection Device Snapshots
 in the
Setting up and Configuring a BIG-IQ Centralized Management Solution
 article on
support.f5.com
 for details.
Configuration snapshots back up the settings for configuration objects that reside on your managed BIG-IP devices.
Refer to
Managing Configuration Object Snapshots
 in the
Managing BIG-IP Devices from BIG-IQ
article on
support.f5.com
 for details.
To back up the entire configuration of a BIG-IQ system, you create a compressed user configuration set (UCS).
Refer to
Managing BIG-IQ UCS Backup and Restore
 in the
Setting up and Configuring a BIG-IQ Centralized Management Solution
article on
support.f5.com
 for details.

Create users with backup download permissions

You must have administrative access to your BIG-IQ Centralized Management system to edit user access. For more information about user access, see
Assigning Role-Based User Access to a BIG-IP Application from BIG-IQ
 at
support.f5.com
.
When managing BIG-IP backups, a non-administrative user must have a Device Manager/Device Viewer role with backup download permissions. The following process specifies how to configure a user with backup management access privileges.
  1. At the top of the screen, click
    System
    .
  2. On the left, click
    ROLE MANAGEMENT
    Role Types
    .
  3. Near the top of the screen, click the
    Add
     button.
  4. From the General Properties area, provide a name for this role type.
    A description is optional.
  5. From the
    Select Service
     list (on your left, at the center of the screen), select
    Device
    .
    The
    Object Type
     list provides device roles.
  6. From the
    Object Type
     list, select the check box next to
    Backup Download
    , and click the
    Add Selected
     button.
  7. Click
    Save&Close
    .
  8. On the left, click
    ROLE MANAGEMENT
    Resource Groups
    .
  9. Near the top of the screen, click the
    Add
     button.
  10. From the General Properties area, provide a name for this resource group.
    A description is optional.
  11. From the
    Select Service
     list (on your left, at the center of the screen), select
    Device
    .
    The
    Select Object Type
     drop down list displays to the right of your selected service.
  12. From the
    Select Object Type
     list, select
    Backup Download
    , and click the
    Add Selected
     button.
  13. Click
    Save&Close
    .
  14. On the left, click
    ROLE MANAGEMENT
    Roles
    .
  15. Near the top of the screen, click the
    Add
     button.
  16. From the General Properties area, add a role name.
    A description is optional.
  17. From the
    Role Type
     list, select the role type created in step 7.
  18. From the Resource Group
    Available
     list , select resource group created in step 13, and move your selection to the
    Selected
     list..
  19. Click
    Save&Close
    .
  20. On the left, click
    USER MANAGEMENT
    Users
    .
  21. Near the top of the screen, click the
    Add
     button.
  22. In the
    User Name
     field, type the name for this user.
  23. In the
    Full Name
     field, type a name to identify the individual with this type of user access.
    The full name can contain a combination of letters, symbols, numbers and spaces.
  24. In the
    Password
     and
    Confirm Password
     fields, type the password for this new user.
    You can change the password any time.
  25. From the Roles
    Available
     list, select the role created in step 16, and move your selection to the
    Selected
     list.
  26. From the Roles
    Available
     list, select the role
    Device Manager
     or
    Device viewer
    , and move your selection to the
    Selected
     list.
  27. Click
    Save&Close
    .
You have now created Device Manager or Device Viewer role with device backup management privileges. Once this user signs in with their credentials, they will be able to manage all device backup task.

Back up a device's current configuration

You must be logged into BIG-IQ as a an administrator or have user access with backup download permission.
Creating a backup (in the form of a UCS file) for all devices in your network (including the BIG-IQ system itself) allows you to easily restore a configuration if a system becomes unstable. It's a good idea to create a system backup on a regular basis and immediately before you perform a software upgrade or make significant configuration changes.
  1. At the top of the screen, click
    Devices
    .
  2. On the left, click
    BIG-IP DEVICES
    .
  3. Select the check box next to each device you want to create a backup for, click the
    More
     button and select
    Back Up Now
    .
  4. Click the
    More
     button and select
    Back Up Now
  5. Type a name to identify this backup, and an optional description for it.
  6. If you want to include the SSL private keys in the backup file, select the
    Include Private Keys
     check box.
    If you save a copy of the SSL private key, you can reinstall it if the original one becomes corrupt.
  7. To encrypt the backup file, select the
    Encrypt Backup Files
     check box, and type and verify the passphrase.
  8. Use the
    Local Retention Policy
     setting to specify how long you want to keep the backup file on BIG-IQ.
    • To delete the copies of the backup after a certain number of days, select
      Delete local backup copy
       and specify the number of days to keep the backup copy before deleting it.
    • To keep copies of the backups indefinitely, select
      Never Delete
      .
  9. To keep copies of backups remotely on a SCP or SFTP server:
    1. For the
      Archive
       setting, select the
      Store archive copy of backup
       check box.
    2. For the
      Location
       setting, select
      SCP
       or
      SFTP
      .
    3. In the
      IP Address
      field, type the IP address of the remote server where you want to store the archives.
    4. In the
      User Name
       and
      Password
       fields, type the credentials to access this server.
    5. In the
      Directory
       field, type the name of the directory where you want to store the archives on the remote server.
    Storing a backup remotely means you can restore data to a BIG-IP device even if you can't access the archive in the BIG-IQ system directory.
    If you configure BIG-IQ to save backup files to a remote server and that server is unavailable during a scheduled backup, BIG-IQ ignores the local retention policy and retains the local copy of the backup file. This ensures that a backup is always available. To remove those local backups, you must delete them.
    Archived copies of backups are kept permanently on the remote server you specify. If you want to clear space on the remote server, you have to manually delete the backups.
  10. Click the
    Start
     button at the bottom of the screen.
After the backup is created, it appears in the Backup Files list and you can restore a managed BIG-IP device. When BIG-IQ creates a backup, it saves it in the following format:
backup name_device name_time of backup.ucs

Set up a UCS backup schedule

It is important to create a UCS backup for your managed devices on a regularly scheduled basis, so that you can easily restore a recent configuration if necessary.
  1. At the top of the screen, click
    Devices
    .
  2. On the left, click
    BACKUP & RESTORE
    Backup Schedules
    .
  3. Near the top of the screen, click the
    Create
     button.
  4. Type a name to identify this backup, and an optional description for it.
  5. If you want to include the SSL private keys in the backup file, select the
    Include Private Keys
     check box.
    If you save a copy of the SSL private key, you can reinstall it if the original one becomes corrupt.
  6. To encrypt the backup file, select the
    Encrypt Backup Files
     check box, and type and verify the passphrase.
  7. Use the
    Local Retention Policy
     setting to specify how long you want to keep the backup file on BIG-IQ.
    • To delete the copies of the backup after a certain number of days, select
      Delete local backup copy
       and specify the number of days to keep the backup copy before deleting it.
    • To keep copies of the backups indefinitely, select
      Never Delete
      .
  8. For the
    Backup Frequency
     setting, select
    Daily
    ,
    Weekly
    , or
    Monthly
     for the
    Schedule Backup
     to specify how often backups are created. Based on the frequency, you can then specify the days and time you want to create the backups..
  9. For the
    Start Date
     setting, click the calendar and select the date you want BIG-IQ to start creating backups.
  10. Select the
    Groups
     or
    Individuals
     option.
  11. If you selected
    Individuals
    , from the
    Available
     list, click the individual devices you want to back up and
    ->
     to move it to the
    Selected
     list.
  12. To keep copies of backups remotely on a SCP or SFTP server:
    1. For the
      Archive
       setting, select the
      Store archive copy of backup
       check box.
    2. For the
      Location
       setting, select
      SCP
       or
      SFTP
      .
    3. In the
      IP Address
      field, type the IP address of the remote server where you want to store the archives.
    4. In the
      User Name
       and
      Password
       fields, type the credentials to access this server.
    5. In the
      Directory
       field, type the name of the directory where you want to store the archives on the remote server.
    Storing a backup remotely means you can restore data to a BIG-IP device even if you can't access the archive in the BIG-IQ system directory.
    If you configure BIG-IQ to save backup files to a remote server and that server is unavailable during a scheduled backup, BIG-IQ ignores the local retention policy and retains the local copy of the backup file. This ensures that a backup is always available. To remove those local backups, you must delete them.
    Archived copies of backups are kept permanently on the remote server you specify. If you want to clear space on the remote server, you have to manually delete the backups.
  13. Click the
    Save
     button
After the backup is created, it appears in the Backup Files list and you can restore a managed BIG-IP device. When BIG-IQ creates a backup, it saves it in the following format:
backup name_device name_time of backup.ucs
.

Pausing and restarting a UCS backup schedule

If you need to make a change to a BIG-IP device's configuration during a scheduled UCS backup, you can suspend the scheduled backup and restart it when you are finished changing the configuration.
  1. At the top of the screen, click
    Devices
    .
  2. On the left, click
    BACKUP & RESTORE
    Backup Files
    .
  3. Select the check box next to the schedule you want to suspend.
  4. Click the
    Suspend Schedule
     button.
BIG-IQ suspends the UCS backup schedule until you restart the schedule.
To restart the scheduled UCS backup, select the device and click the
Restart Schedule
 button.

Download a UCS configuration file

You must first create a backup of your devices' user configuration set (UCS), or configure a backup schedule which specifies where to store downloaded UCS files. To download a device's UCS, you must be logged into BIG-IQ as a an administrator or have user access with backup download permission.
Download a device's UCS archive to locally, or externally save the configuration data. The UCS archive, by default, contains all of the files you need to restore your current configuration to a new system, including configuration files, the product license, local user accounts, and SSL certificate/key pairs. By default, the system saves the UCS archive file with a .ucs extension, if you do not include the extension in the file name. You can also specify a full path to the archive file.
  1. At the top of the screen, click
    Devices
    .
  2. On the left, click
    BACKUP & RESTORE
    Backup Files
    .
  3. Select the check box next to the UCS backup file you would like to download.
    If you would like to examine the backup configuration saved, you can compare the backup history of an earlier backup event. For more information, see
    Compare two backup files
    .
  4. Click
    Download
    .
    A new window opens to confirm your request. Click
    Download
     to proceed and complete the download.
The UCS file is saved to your configured external location.

Compare two UCS backup files

You must have created two or more UCS backup files for one or more BIG-IP devices, before you can compare them.
You can compare BIG-IP UCS files of two different devices, or the same device. The device(s) can be running the same or different version of software. Comparing these files allows you to precisely pinpoint differences between configurations and other backup data files. You can use the list of differences to troubleshoot potential issues (such as those that might have been introduced during a configuration change), or use the differences to locate changes you can make to a device to mirror certain configuration details of another device.
The further apart the software versions are for the files you are comparing, the more differences you'll likely see because of new features and changes made in later versions.
By default, BIG-IQ compares the following files in the UCS backup:
  • /config/ZebOS.conf
  • /config/bigip.conf
  • /config/bigip_base.conf
  • /config/bigip_gtm.conf
  • /config/bigip_local.conf
  • /config/bigip_user.conf
  • /config/user_alert.conf
You also have the option to add custom files to this list.
If you want to save this setting to use for all of your file comparison tasks (not just this one), click the back button and then click the
Settings
 button to specify the files to compare for all UCS comparison tasks.
  1. At the top of the screen, click
    Devices
    .
  2. On the left, click
    BACK UP & RESTORE
    Backup Files
    .
  3. Select the check boxes next to two UCS backup files that you want to examine, and click the
    Compare
     button.
  4. In the
    Name
     field, type a new name to identify this compare task.
  5. To add an optional description to this compare task, type it in the
    Description
     field.
  6. To remove a default configuration file from this comparison task, clear the check box next to it.
  7. To add a custom file to this comparison task, type its name in the
    Custom Files
     field.
    If you add a custom file, be sure to use the full path format like the ones for the default configuration files.
  8. Click the
    Compare
     button at the bottom of the screen.
  9. On the left, click
    BACK UP & RESTORE
    Backup Compare History
    .
  10. Click the name of the backup compare you created.
  11. Click
    View Differences
     to view the differences between the configurations.
BIG-IQ displays the differences between the files you selected.

Restoring a device with a UCS backup file

You must create a backup UCS file before you can restore it to a device.
You restore a device's UCS configuration to reinstall, or to roll back to a previous version of the device's configuration, without having to recreate it.
  1. At the top of the screen, click
    Devices
    .
  2. On the left, click
    BACKUP & RESTORE
    Backup Files
    .
  3. Select the check box next to the UCS backup file you want to restore.
  4. Click the
    Restore
     button.
The BIG-IQ system restores the saved UCS backup file to the device.
If you restore a BIG-IP device with a backup that is older than its current configuration, any existing backups that are more recent no longer appear in the Backup Files list. Those files, however, are still stored in the
/shared/ucs_backups
 directory until you delete them.
Contact Support Contact Support

Have a Question?

Support and Sales >

About F5

Education

F5 Sites

Support Tasks




©2023 F5, Inc. All rights reserved.


Trademarks Policies Privacy California Privacy Do Not Sell My Personal Information