Manual Chapter : Managing Configuration Snapshots

Applies To:

Show Versions Show Versions

BIG-IQ Centralized Management

  • 5.2.0
Manual Chapter

What is snapshot management?

You can manage configuration snapshots for the configurations you have created on the BIG-IQ® Centralized Management system. A snapshot is a backup copy of a configuration. Configuration snapshots are created manually. This type of snapshot does not include events or alerts.
Note: If an Access group version changes to a later BIG-IQ version and you attempt to restore a snapshot created during the previous version, then restoring that snapshot can cause working configuration changes that can cause a deployment failure.

Create a snapshot

You create a configuration snapshot to compare it to another configuration snapshot, or so you can save the current working configuration and then restore from that snapshot if needed.

You create a configuration snapshot to preserve the configuration at that point. There are three things you can do with a snapshot:

  • Deploy the preserved configuration to a managed device.
  • Restore the BIG-IQ® Centralized Management device's current configuration to the preserved configuration.
  • Compare the preserved configuration to the BIG-IQ device's current configuration to see what has changed.
  1. At the top of the screen, click Deployment.
  2. Expand SNAPSHOTS, and then select the component from which to create the snapshot.
    The screen displays a list of snapshots that have been created for the selected component on this device.
  3. Click the Create button.
    The New Snapshot screen opens.
  4. Supply the values on the New Snapshot screen, and click Create.

The system creates the snapshot and adds it to the list of snapshots on the Snapshot screen, along with information related to the snapshot, including the date it was created, what account created it, and any description.

Compare snapshots

You can compare a snapshot to another snapshot, or to the current working configuration so that you can view the differences between them.

  1. At the top of the screen, click Deployment.
  2. Expand SNAPSHOTS, and then select the component that contains the snapshots to compare.
    The screen displays a list of snapshots that have been created on this device.
  3. Select the check box to the left of the snapshot that you want to use as the source snapshot.
  4. Click Compare.
    The Compare Snapshots screen displays.
  5. For the Target, select the snapshot that you want to compare to the Source snapshot.
    • To compare the Source snapshot to the current configuration, select Configuration on BIG-IQ.
    • To compare the Source snapshot to an existing snapshot, select that snapshot.
    • If you are working with an Access snapshot, select the access group to which you want to compare the Source snapshot.
  6. If you are working with a Network Security or Web Application Security snapshot, choose the kind of differences you want to review:
    • For Network Security, to compare firewall object differences, click Compare in the Compare Firewall row.
    • For Network Security, or Web Application Security, to compare shared security object differences, click Compare in the Compare Shared Security row.
    • For Web Application Security, to compare ASM differences, click Compare in the Compare ASM row.
  7. Analyze the configuration differences between the snapshot and the comparison target. When you are finished, click Cancel to close the Differences screen, then click Close.
    The screen closes and you return to the Snapshot screen.

Restore some objects from a snapshot

You can restore a snapshot to change the working configuration to that of the snapshot. Restoring the snapshot merges objects from the snapshot into the BIG-IQ® Centralized Management configuration and removes all active locks. No objects in the BIG-IQ configuration are removed. Once the restore process starts, you cannot modify the BIG-IQ configuration until the process is completed or canceled. If the process is canceled, all configuration settings are rolled back.

Important: Restoring a snapshot in one component can impact other components that have dependent configuration objects. We recommend that when you restore configurations that involve multiple components, you use snapshots that were created at approximately the same time. Restoring the Local Traffic & Network component can require a restore of other dependent components.

If you are restoring a snapshot for Local Traffic & Network, Network Security, or Web Application Security, you can select specific objects to restore. This process is called partial restore. For example, you might have changed hundreds of configuration objects since you created a specific snapshot, but by doing a partial restore, you could bring back the settings for twenty five of them.

There is another reason you might choose to do a partial restore. With a partial restore, you can either restore the snapshot immediately, or you can create a snapshot evaluation. You can use an evaluation to review the differences between a snapshot and the current working configuration and confirm that you are restoring to the preserved configuration that you are looking for.

  1. At the top of the screen, click Deployment.
  2. Expand RESTORE, and click the component that contains the snapshot to restore.
    The screen displays a list of snapshot restores and evaluations that have been created for the selected component on this device.
  3. Under Partial Restore Evaluations, click Create.
    The New Evaluation screen opens.
  4. For Name, type a name for the snapshot restore.
  5. For Description, describe the snapshot restore.
  6. For Snapshot, select the snapshot you want to restore to.
  7. If you want to create a snapshot that you can use to get back to your current configuration after the restore, for Create Snapshot, select Create a snapshot prior to restoring.
  8. If you want the system to assess what the impact of deploying this snapshot would be on the managed devices, for Offline Verification, select Run offline verification after restore.
  9. For the Restore Scope, select Partial Restore.
    The screen displays additional settings.
  10. Click Add to specify which configuration changes to restore.
  11. On the Available tab, select the object type that you want to restore.
  12. From the list of configuration changes, select the objects that you want to restore and click Add.
  13. If there are additional object types you want to include in this restore, repeat the last two steps for each object type.
  14. If you add an object to the restore and then change your mind, you can click the Selected tab, select the object, and click Remove.
  15. When you have added all of the changes that you want to include in this restore, click Save.
    The objects you selected for inclusion are listed under Source Objects.
  16. For Supporting Objects, your options depend on the component you are restoring.
    Option Description
    For Web Application Security Supporting objects are always included.
    For Network Security or Local Traffic & Network Clear the Include check box if you want to restore changes only to the selected objects. It is almost always best to restore changes to the associated objects as well.
    Important: The objects that you manage using the BIG-IQ depend on associations with other, supporting objects. These object associations form relationship trees that are sometimes quite complex. Generally, when you restore a change to a managed object it is a very good idea to include these supporting objects in the deployment. This diagram illustrates a typical relationship tree for Network Services managed objects. For Local Traffic and Web Application Security, the trees are equally complex and just as vital to include.
    Network Services supporting objects tree
  17. If you decide you want to remove one of the objects selected for restoration, you can select it and then click Remove.
  18. You can either create an evaluation of the restore and review it, or restore the snapshot immediately. For Method, select Create Evaluation or Restore immediately.
  19. Click Create.
    Option Description
    If you selected Create Evaluation
    1. The confirmation screen notifies you that you are about to create an evaluation.
    2. Click Evaluate. The evaluation is added to the Evaluations list with a status of Pending confirmation.
      Note: This process might take some time. You can cancel it if you change your mind.
    3. To review the changes between the snapshot and the current working configuration, click View.
    4. If you decide to complete this restore, select this snapshot evaluation, and click Restore. When the restore finishes, the snapshot restore you created is listed under Restores with a status of Restore complete.
    If you selected Restore immediately
    1. The confirmation screen notifies you that you are about to trigger a snapshot restore.
    2. Click Restore. The restore process begins.
    Note: This process might take some time. You can cancel it if you change your mind.

Restore all objects from a snapshot

You can restore a snapshot to change the working configuration to that of the snapshot. Restoring the snapshot merges objects from the snapshot into the BIG-IQ® Centralized Management configuration, and removes all active locks. No objects in the BIG-IQ configuration are removed. Once the restore process starts, you cannot modify the BIG-IQ configuration until the process is completed or canceled. If the process is canceled, all configuration settings are rolled back.

Important: Restoring a snapshot in one component can impact other components that have dependent configuration objects. We recommend that when you restore configurations that involve multiple components, you use snapshots that were created at approximately the same time. Restoring the Local Traffic & Network component can require a restore of other dependent components.
  1. At the top of the screen, click Deployment.
  2. Expand RESTORE, and click the component that contains the snapshot to restore.
    The screen displays a list of snapshot restores and evaluations that have been created for the selected component on this device.
  3. Under Restores, click Create.
  4. For Name, type a name for the snapshot restore.
  5. For Description, describe the snapshot restore.
  6. For Snapshot, select the snapshot you want to restore to.
  7. If you want to create a snapshot that you can use to get back to your current configuration after the restore, for Create Snapshot, select Create a snapshot prior to restoring,.
  8. If you want the system to assess what the impact of deploying this snapshot would be on the managed devices. for Offline Verification, select Run offline verification after restore.
  9. For Restore Scope, select Full Restore.
  10. Click Restore.
    The confirmation screen notifies you that you are about to trigger a snapshot restore.
  11. Click Restore to begin the restore process.
    Note: This process might take some time. You can cancel it if you change your mind.