Manual Chapter :
Backup File Management
Applies To:
Show Versions
BIG-IQ Centralized Management
- 8.2.0, 8.1.0, 8.0.0
Backup File Management
How do I manage backups for BIG-IP configurations?
The configuration details of managed devices (including the BIG-IQ
system itself) are kept in a compressed user configuration set (UCS) file. The UCS file has
all of the information you need to restore a device's configuration, including:
- System-specific configuration files
- License
- User account and password information
- SSL certificates and keys
You can create a backup of a device's UCS file so that you can easily
recover, or download, a configuration for a managed device. You can also compare
configuration files within a UCS backup between the same (or different) BIG-IP devices, for
troubleshooting or to mirror certain configuration options.
To manage backups for BIG-IP configurations, you must have either
administrative or special backup role privileges. For more information about see
Create user with backup management access
.Before you proceed, keep in mind that there are several different
ways to make backups of your data. Each of these methods backs up different things and is
documented separately.
To back up the entire configuration of a managed
BIG-IP device, you create a compressed user configuration set (UCS). |
This workflow is discussed in this guide. |
DCD snapshots back up the alert, event, and
analytics data collected by your DCDs. |
Refer to Managing
Data Collection Device Snapshots in the Setting up and Configuring a BIG-IQ Centralized Management Solution
article on support.f5.com for details. |
Configuration snapshots back up the settings for
configuration objects that reside on your managed BIG-IP devices. |
Refer to Managing
Configuration Object Snapshots in the Managing BIG-IP Devices from BIG-IQ article on support.f5.com for
details. |
To back up the entire configuration of a BIG-IQ
system, you create a compressed user configuration set (UCS). |
Refer to Managing
BIG-IQ UCS Backup and Restore in the Setting up and Configuring a BIG-IQ Centralized Management Solution
article on support.f5.com for details. |
Create users with backup download permissions
You must have administrative access to your
BIG-IQ Centralized Management system to edit user access. For more information about user
access, see
Assigning Role-Based User Access to a BIG-IP
Application from BIG-IQ
at support.f5.com
. When managing BIG-IP backups, a
non-administrative user must have a Device Manager/Device Viewer role with backup download
permissions. The following process specifies how to configure a user with backup management
access privileges.
- At the top of the screen, clickSystem.
- On the left, click.
- Near the top of the screen, click theAddbutton.
- From the General Properties area, provide a name for this role type.A description is optional.
- From theSelect Servicelist (on your left, at the center of the screen), selectDevice.TheObject Typelist provides device roles.
- From theObject Typelist, select the check box next toBackup Download, and click theAdd Selectedbutton.
- Click theSave & Closebutton.
- On the left, click.
- Near the top of the screen, click theAddbutton.
- From the General Properties area, provide a name for this resource group.A description is optional.
- From theSelect Servicelist (on your left, at the center of the screen), selectDevice.TheSelect Object Typedrop down list displays to the right of your selected service.
- From theSelect Object Typelist, selectBackup Download, and click theAdd Selectedbutton.
- Click theSave & Closebutton.
- On the left, click.
- Near the top of the screen, click theAddbutton.
- From the General Properties area, add a role name.A description is optional.
- From theRole Typelist, select the role type created in step 7.
- From the Resource GroupAvailablelist , select resource group created in step 13, and move your selection to theSelectedlist.
- ClickSave&Close.
- On the left, click.
- Near the top of the screen, click theAddbutton.
- In theUser Namefield, type the name for this user.
- In theFull Namefield, type a name to identify the individual with this type of user access.The full name can contain a combination of letters, symbols, numbers and spaces.
- In thePasswordandConfirm Passwordfields, type the password for this new user.You can change the password any time.
- From the RolesAvailablelist, select the role created in step 16, and move your selection to theSelectedlist.
- From the RolesAvailablelist, select the roleDevice ManagerorDevice viewer, and move your selection to theSelectedlist.
- Click theSave & Closebutton.
You have now created Device Manager or Device
Viewer role with device backup management privileges. Once this user signs in with their
credentials, they will be able to manage all device backup task.
Back up a device's current configuration
You must be logged into BIG-IQ as a an
administrator or have user access with backup download permission.
Creating a backup (in the form of a UCS file) for
all devices in your network (including the BIG-IQ system itself) allows you to easily
restore a configuration if a system becomes unstable. It's a good idea to create a
system backup on a regular basis and immediately before you perform a software upgrade
or make significant configuration changes.
- At the top of the screen, clickDevices.
- On the left, clickBIG-IP DEVICES.
- Select the check box next to each device you want to create a backup for, click theMorebutton and selectBack Up Now.
- Click theMorebutton and selectBack Up Now
- Type a name to identify this backup, and an optional description for it.
- If you want to include the SSL private keys in the backup file, select theInclude Private Keyscheck box.If you save a copy of the SSL private key, you can reinstall it if the original one becomes corrupt.
- To encrypt the backup file, select theEncrypt Backup Filescheck box, and type and verify the passphrase.
- Use theLocal Retention Policysetting to specify how long you want to keep the backup file on BIG-IQ.
- To delete the copies of the backup after a certain number of days, selectDelete local backup copyand specify the number of days to keep the backup copy before deleting it.
- To keep copies of the backups indefinitely, selectNever Delete.
- To keep copies of backups remotely on a SCP or SFTP server:
- For theArchivesetting, select theStore archive copy of backupcheck box.
- For theLocationsetting, selectSCPorSFTP.
- In theIP Addressfield, type the IP address of the remote server where you want to store the archives.
- In theUser NameandPasswordfields, type the credentials to access this server.
- In theDirectoryfield, type the name of the directory where you want to store the archives on the remote server.
Storing a backup remotely means you can restore data to a BIG-IP device even if you can't access the archive in the BIG-IQ system directory.If you configure BIG-IQ to save backup files to a remote server and that server is unavailable during a scheduled backup, BIG-IQ ignores the local retention policy and retains the local copy of the backup file. This ensures that a backup is always available. To remove those local backups, you must delete them.Archived copies of backups are kept permanently on the remote server you specify. If you want to clear space on the remote server, you have to manually delete the backups. - Click theStartbutton at the bottom of the screen.
After the backup is created, it appears in the
Backup Files list and you can restore a managed BIG-IP device. When BIG-IQ creates a
backup, it saves it in the following format:
backup name_device name_time of backup.ucs
Set up a UCS backup schedule
It is important to create a UCS backup for your managed devices on a regularly scheduled
basis, so that you can easily restore a recent configuration if necessary.
- At the top of the screen, clickDevices.
- Near the top of the screen, click theCreatebutton.
- On the left, click.
- Type a name to identify this backup, and an optional description for it.
- If you want to include the SSL private keys in the backup file, select theInclude Private Keyscheck box.If you save a copy of the SSL private key, you can reinstall it if the original one becomes corrupt.
- To encrypt the backup file, select theEncrypt Backup Filescheck box, and type and verify the passphrase.
- Use theLocal Retention Policysetting to specify how long you want to keep the backup file on BIG-IQ.
- To delete the copies of the backup after a certain number of days, selectDelete local backup copyand specify the number of days to keep the backup copy before deleting it.
- To keep copies of the backups indefinitely, selectNever Delete.
- For theBackup Frequencysetting, selectDaily,Weekly, orMonthlyfor theSchedule Backupto specify how often backups are created. Based on the frequency, you can then specify the days and time you want to create the backups..
- For theStart Datesetting, click the calendar and select the date you want BIG-IQ to start creating backups.
- Select theGroupsorIndividualsoption.
- If you selectedIndividuals, from theAvailablelist, click the individual devices you want to back up and->to move it to theSelectedlist.
- To keep copies of backups remotely on a SCP or SFTP server:
- For theArchivesetting, select theStore archive copy of backupcheck box.
- For theLocationsetting, selectSCPorSFTP.
- In theIP Addressfield, type the IP address of the remote server where you want to store the archives.
- In theUser NameandPasswordfields, type the credentials to access this server.
- In theDirectoryfield, type the name of the directory where you want to store the archives on the remote server.
Storing a backup remotely means you can restore data to a BIG-IP device even if you can't access the archive in the BIG-IQ system directory.If you configure BIG-IQ to save backup files to a remote server and that server is unavailable during a scheduled backup, BIG-IQ ignores the local retention policy and retains the local copy of the backup file. This ensures that a backup is always available. To remove those local backups, you must delete them.Archived copies of backups are kept permanently on the remote server you specify. If you want to clear space on the remote server, you have to manually delete the backups. - Click theSavebutton
After the backup is created, it appears in the
Backup Files list and you can restore a managed BIG-IP device. When BIG-IQ creates a
backup, it saves it in the following format:
backup
name_device name_time of backup.ucs
.Pausing and restarting a UCS backup schedule
If you need to make a change to a BIG-IP device's configuration during a scheduled UCS backup, you can suspend the scheduled backup and restart it when you are finished changing the configuration.
- On the left, click.
- Select the check box next to the schedule you want to suspend.
- Click theSuspend Schedulebutton.
BIG-IQ suspends the UCS backup schedule until you restart the schedule.
To restart the scheduled UCS backup, select the device and click the
Restart Schedule
button.Download a UCS configuration file
You must first create a backup of your devices' user configuration set (UCS), or configure a backup schedule which specifies where to store downloaded UCS files. To download a device's UCS, you must be logged into BIG-IQ as a an administrator or have user access with backup download permission.
Download a device's UCS archive to locally, or externally save the configuration data. The UCS archive, by default, contains all of the files you need to restore your current configuration to a new system, including configuration files, the product license, local user accounts, and SSL certificate/key pairs. By default, the system saves the UCS archive file with a .ucs extension, if you do not include the extension in the file name. You can also specify a full path to the archive file.
- On the left, click.
- Select the check box next to the UCS backup file you would like to download.If you would like to examine the backup configuration saved, you can compare the backup history of an earlier backup event. For more information, seeCompare two backup files.
- ClickDownload.A new window opens to confirm your request. ClickDownloadto proceed and complete the download.
The UCS file is saved to your configured external location.
Compare two UCS backup files
You must have created two or more UCS backup
files for one or more BIG-IP devices, before you can compare them.
You can compare BIG-IP UCS files of two different devices, or the same device. The
device(s) can be running the same or different version of software. Comparing these files
allows you to precisely pinpoint differences between configurations and other backup data
files. You can use the list of differences to troubleshoot potential issues (such as those
that might have been introduced during a configuration change), or use the differences to
locate changes you can make to a device to mirror certain configuration details of another
device. By default, BIG-IQ compares the following files in the UCS backup:
The further apart the software versions are for
the files you are comparing, the more differences you'll likely see because of new
features and changes made in later versions.
- /config/ZebOS.conf
- /config/bigip.conf
- /config/bigip_base.conf
- /config/bigip_gtm.conf
- /config/bigip_local.conf
- /config/bigip_user.conf
- /config/user_alert.conf
You also have the option to add custom files to this list.
If you want to save this setting to use for all of your file
comparison tasks (not just this one), click the back button and then click the
Settings
button to specify
the files to compare for all UCS comparison tasks.- At the top of the screen, clickDevices.
- On the left, click.
- Select the check boxes next to two UCS backup files that you want to examine, and click theComparebutton.
- In theNamefield, type a new name to identify this compare task.
- To add an optional description to this compare task, type it in theDescriptionfield.
- To remove a default configuration file from this comparison task, clear the check box next to it.
- To add a custom file to this comparison task, type its name in theCustom Filesfield.If you add a custom file, be sure to use the full path format like the ones for the default configuration files.
- Click theComparebutton at the bottom of the screen.
- On the left, click.
- Click the name of the backup compare you created.
- ClickView Differencesto view the differences between the configurations.
BIG-IQ displays the differences between the files
you selected.
Restoring a device with a UCS backup file
You must create a backup UCS file before you can restore it to a device.
You restore a device's UCS configuration to reinstall, or to roll back to a
previous version of the device's configuration, without having to recreate it.
- At the top of the screen, clickDevices.
- On the left, click.
- Select the check box next to the UCS backup file you want to restore.
- Click theRestorebutton.
The BIG-IQ
system restores the saved UCS backup file to the device.
If you restore a
BIG-IP device with a backup that is older than its current configuration, any
existing backups that are more recent no longer appear in the Backup Files list.
Those files, however, are still stored in the
/shared/ucs_backups
directory until you delete
them.