Manual Chapter : Archives

Applies To:

Show Versions Show Versions

BIG-IP AAM

  • 13.0.1, 13.0.0, 12.1.5, 12.1.4, 12.1.3, 12.1.2, 12.1.1

BIG-IP APM

  • 13.0.1, 13.0.0, 12.1.6, 12.1.5, 12.1.4, 12.1.3, 12.1.2, 12.1.1

BIG-IP Link Controller

  • 13.0.1, 13.0.0, 12.1.6, 12.1.5, 12.1.4, 12.1.3, 12.1.2, 12.1.1

BIG-IP Analytics

  • 13.0.1, 13.0.0, 12.1.6, 12.1.5, 12.1.4, 12.1.3, 12.1.2, 12.1.1

BIG-IP LTM

  • 13.0.1, 13.0.0, 12.1.6, 12.1.5, 12.1.4, 12.1.3, 12.1.2, 12.1.1

BIG-IP AFM

  • 13.0.1, 13.0.0, 12.1.6, 12.1.5, 12.1.4, 12.1.3, 12.1.2, 12.1.1

BIG-IP PEM

  • 13.0.1, 13.0.0, 12.1.6, 12.1.5, 12.1.4, 12.1.3, 12.1.2, 12.1.1

BIG-IP DNS

  • 13.0.1, 13.0.0, 12.1.6, 12.1.5, 12.1.4, 12.1.3, 12.1.2, 12.1.1

BIG-IP ASM

  • 13.0.1, 13.0.0, 12.1.6, 12.1.5, 12.1.4, 12.1.3, 12.1.2, 12.1.1
Manual Chapter

Archives

About archives

When you initially configure the BIG-IP® system using the Setup utility and the BIG-IP Configuration utility, or tmsh, the system saves your configuration information. This information includes traffic management elements, such as virtual servers, pools, and profiles. Configuration data also consists of system and network definitions, such as interface properties, self IP addresses, VLANs, and more.

Once you have created the configuration data for the BIG-IP system, you can replicate all of this data in a separate file and then use this data later for these purposes:

Archive for disaster recovery
Using the Archives feature, you can back up the current configuration data, and if necessary, restore the data at a later time. F5® Networks recommends that you use this feature to mitigate the potential loss of BIG-IP system configuration data. To create an archive, you can use the BIG-IP Configuration utility, which stores the configuration data in a file known as a user configuration set, or UCS (.ucs) file. You can then use the UCS file to recover from any loss of data, in the unlikely event that you need to do so.
Propagate data to other systems
Using the single configuration file feature, you can quickly propagate the exact configuration of the BIG-IP system to other BIG-IP systems. To create a single configuration file, you export the configuration data to a file known as an SCF (.scf) file. You can then use the SCF file to configure another system in one simple operation.

By default, the system stores all archives in the /var/local/ucs directory. You can specify a different location, but if you do, the BIG-IP® Configuration utility does not display the UCS files when you view the archive list.

Before you replace a version of the BIG-IP system with a newer version, you should always create an archive, which is a backup copy of the configuration data. This archive is in the form of a user configuration set, or UCS. Then, if you need to recover that data later, you can restore the data from the archive that you created.
Important: To create, delete, upload, or download an archive, you must have either the Administrator or Resource Administrator role assigned to your user account.

About UCS files

A user configuration set, or UCS (.ucs) file, contains the following types of BIG-IP system configuration data:

  • System-specific configuration files
  • Product licenses
  • User accounts and password information
  • Domain name service (DNS) zone files
  • Installed SSL keys and certificates

Each time you back up the configuration data, the BIG-IP system creates a new file with a .ucs extension. Each UCS file contains various configuration files needed for the BIG-IP system to operate correctly, as well as the configuration data.

About managing archives using the Configuration utility

When you create a new archive (or UCS file) using the Configuration utility, the BIG-IP® system automatically stores it at a default location, in the /var/local/ucs directory. You can create as many separate archives as you need, provided each archive has a unique file name. Also, you can specify that the BIG-IP system store an archive in a directory other than /var/local/ucs. In this case, however, the Configuration utility does not include the archive name in the list of archives on the Archives screen.

Creating and saving an archive using the Configuration utility

You can use the BIG-IP® Configuration utility to create and save archives on the BIG-IP system.
Important: Any UCS file that you create includes the host name of the BIG-IP system as part of the data stored in that file. Later, when you specify this UCS file while restoring configuration data to a BIG-IP system, the host name stored in this UCS file must match the host name of the system to which you are restoring the configuration data. Otherwise, the system does not fully restore the data. Also, if your configuration data includes SSL keys and certificates, make sure to store the archive file in a secure environment.
  1. On the Main tab, click System > Archives .
    The Archives screen displays a list of existing UCS files.
  2. Click Create.
    Note: If the Create button is unavailable, you do not have permission to create an archive. You must have the Administrator role assigned to your user account.
  3. In the File Name field, type a unique file name for the archive.
    F5 recommends that the file name match the name of the BIG-IP system. For example, if the name of the BIG-IP system is bigip2, then the name of the archive file should be bigip2.ucs.
  4. To encrypt the archive, for the Encryption setting, select Enabled.
    Note: If the Encryption setting is unavailable, you must configure the Archive Encryption setting located on the Preferences screen.
  5. To include private keys, for the Private Keys setting, select Include.
    Make sure to store the archive file in a secure environment.
  6. Click Finished.

Restoring data from an archive using the Configuration utility

In the unlikely event that the BIG-IP® system configuration data becomes corrupted, you can use the Configuration utility to restore data from an archive file. The /var/local/ucs directory is the only location on the BIG-IP system in which you can save and restore an archive. If no archive exists in that directory, then you cannot restore configuration data.
Important: The host name stored in the archive file must match the host name of the BIG-IP system that you are restoring; otherwise, the system does not fully restore the data.
  1. On the Main tab, click System > Archives .
    The Archives screen displays a list of existing UCS files.
  2. In the File Name column, click the name of the archive that you want to use to restore the configuration data.
    This displays the properties of that archive.
  3. Click Restore.
    The system displays a progress message.

Viewing a list of existing archives using the Configuration utility

You can use the Configuration utility to view a list of archives that are stored in the default directory, /var/local/ucs, on a BIG-IP® system. The Configuration utility displays the UCS file name, creation date, and file size.
On the Main tab, click System > Archives .
The Archives screen displays a list of existing UCS files.

Viewing archive properties using the Configuration utility

You can use the Configuration utility to view the properties of archives that are stored on the BIG-IP® system, including archive name, BIG-IP version, encryption state, creation date, and archive size.
  1. On the Main tab, click System > Archives .
    The Archives screen displays a list of existing UCS files.
  2. In the File Name column, click the name of the archive that you want to view.
    This displays the properties of that archive.

Downloading a copy of an archive to a management workstation

You can use the Configuration utility to download a copy of an archive to a management workstation. This provides an extra level of protection by preserving the configuration data on a remote system. In the unlikely event that you need to restore the data, and a BIG-IP® system event prevents you from accessing the archive in the BIG-IP system directory, you still have a backup copy of the configuration data.
  1. On the Main tab, click System > Archives .
    The Archives screen displays a list of existing UCS files.
  2. In the File Name column, click the name of the archive that you want to view.
    This displays the properties of that archive.
  3. For the Archive File setting, click the Download: <filename>.ucs button.
    A confirmation screen appears.
  4. Click Save.
    The BIG-IP system downloads a copy of the UCS file to the system from which you initiated the download.

Uploading an archive from a management workstation

If you previously downloaded a copy of an archive to a management workstation, you can upload that archive to the BIG-IP® system at any time. This is useful when a BIG-IP system event has occurred that has caused the archive stored on the BIG-IP system to either become unavailable or corrupted.
You can use the Configuration utility to upload a copy of an archive stored on a management workstation.
Note: When you upload a copy of an archive, you must specify the exact path name for the directory in which the downloaded archive copy is stored.
  1. On the Main tab, click System > Archives .
    The Archives screen displays a list of existing UCS files.
  2. Click Upload.
    The Upload screen opens.
  3. For the File Name setting, click Browse.
  4. For the Options setting, select the Overwrite existing archive file check box if you want the BIG-IP system to overwrite any existing archive file.
    Note: The BIG-IP system overwrites an existing file with the uploaded file only when the name of the archive you are uploading matches the name of an archive on the BIG-IP system.
  5. Click Upload.
    The specified archive is now uploaded to the /var/local/ucs directory on the BIG-IP system.

Deleting an archive using the Configuration utility

You can use the Configuration utility to delete an archive that is stored in the default UCS directory, /var/local/ucs, on the BIG-IP® system.
  1. Open the Traffic Management Shell (tmsh).
    tmsh
  2. Delete the specified archive file.
    delete sys ucs <filename>
    The specified UCS file is deleted.

About managing archives using tmsh

When you create a new archive using the Traffic Management Shell (tmsh), the BIG-IP® system automatically stores it at a default location, in the /var/local/ucs directory. You can create as many separate archives as you need, provided each archive has a unique file name. Also, you can specify that the BIG-IP system store an archive in a directory other than /var/local/ucs. In this case, however, tmsh does not include the archive name when you view a list of existing archives.

For more information about tmsh commands and options, see the man pages or the Traffic Management Shell (tmsh) Reference Guide.

Creating and saving an archive using tmsh

You can use tmsh to create and save archives (UCS files) on the BIG-IP® system.
Important: Any UCS file that you create includes the host name of the BIG-IP system as part of the data stored in that file. Later, when you specify this UCS file while restoring configuration data to a BIG-IP system, the host name stored in this UCS file must match the host name of the system to which you are restoring the configuration data. Otherwise, the system does not fully restore the data. Also, if your configuration data includes SSL keys and certificates, make sure to store the archive file in a secure environment.
  1. Open the Traffic Management Shell (tmsh).
    tmsh
  2. Save the running configuration of the system to a new UCS file, where <filename> is the name of the new UCS file.
    save sys ucs <filename>

Viewing a list of existing archives using tmsh

You can use tmsh to view a list of archives that are stored in the default directory, /var/local/ucs, on the BIG-IP® system.
  1. Open the Traffic Management Shell (tmsh).
    tmsh
  2. View a list of UCS files stored in /var/local/ucs.
    show sys ucs
    A list of UCS files displays.

Viewing archive properties using tmsh

You can use tmsh to view the properties of archives that are stored on the BIG-IP® system, including archive name, BIG-IP version, encryption state, creation date, and archive size.
  1. Open the Traffic Management Shell (tmsh).
    tmsh
  2. View the properties for all UCS files stored in /var/local/ucs.
    show sys ucs
    Note: To view properties for a specific UCS file, include the UCS file name in the command sequence.
    The properties for all UCS files displays.

Deleting an archive using tmsh

You can use tmsh to delete an archive that is stored in the default UCS directory, /var/local/ucs, on the BIG-IP® system.
  1. Open the Traffic Management Shell (tmsh).
    tmsh
  2. Delete the specified UCS file.
    delete sys ucs <filename>
    The system deletes the specified UCS file.

Generating a passphrase for the SecureVault master key

To allow the recovery of the data stored in the UCS, the administrator is given the opportunity to specify the passphrase that is used to generate the current master key. If the administrator can specify the correct passphrase the system will generate the current master key, encrypt the master key with the current unit key, and then store the encrypted master key. This allows the system to access the encrypted sensitive data.
  1. Open the Traffic Management Shell (tmsh).
    tmsh
  2. Create a password-protected master key based on a word or phrase of your choosing.
    modify sys crypto master-key prompt-for-password
    You can use this command to manually synchronize several devices without having to copy keys between them.

About backing up and restoring archives using tmsh

After you have created an archive (UCS), you can use secure copy (SCP) to save a copy to a management workstation. This provides an extra level of protection by preserving the configuration data on a remote system. In the unlikely event that you need to restore the data and you are unable to access the archive in the BIG-IP® system directory, you still have a backup copy of the configuration data.

Important: If your configuration data includes SSL keys and certificates, make sure to store the archive file in a secure environment.

Once the UCS is in the /var/local/ucs directory, you can load and restore the archive data using tmsh.

Loading and restoring data from an archive using tmsh

In the unlikely event that the BIG-IP® system configuration data becomes corrupted, you can use tmsh to load and restore data from an archive file. The /var/local/ucs directory is the only location on the BIG-IP system from which you can restore an archive. If no archive exists in that directory, then you cannot restore configuration data.
Important: The host name stored in the archive file must match the host name of the BIG-IP system that you are restoring; otherwise, the system does not fully restore the data.
  1. Open the Traffic Management Shell (tmsh).
    tmsh
  2. Load the configuration contained in a specified UCS file, where <filename> is the name of the UCS file.
    load ucs <filename>
    The UCS is loaded into the running configuration of the system.