Backing up and restoring BIG-IP configuration files (11.x)

This tutorial describes how to back up and restore your BIG-IP version 11.0.0 configuration data using a UCS configuration archive. The UCS archive by default contains all files required to restore your current configuration to a new system, including configuration files, the product license, local user accounts, and SSL certificate/key pairs.

By default, the BIG-IP system will save the UCS archive file with a .ucs extension if you do not include it in the filename. You can also specify a full path to the archive file, and the archive file will be saved to the specified location. If you do not include a path, the file will be saved to the default archive directory, /var/local/ucs. Archives located in a directory other than the default will not appear in the list of available archives when using the Configuration utility to create/restore a UCS archive or when using the list /sys ucs command in the tmsh shell. F5 recommends that you include the BIG-IP hostname and current timestamp as part of the filename for ease of identification.

Backing up configuration data using the Configuration utility

1) Log in to the Configuration utility.

2) Navigate to System >> Archives >> Archives List.

3) Click the Create button to initiate the process of creating a new UCS archive.

4) Type a name for the file in the File Name box.

5) Optional: If you want to encrypt the UCS archive file, select Enabled from the Encryption drop-down menu and enter a passphrase. This passphrase must be supplied in order to restore the encrypted UCS archive file.

6) Click the Finished button to start the creation of the UCS archive file.

7) When the backup process is done, examine the status page for any errors reported before proceeding to the next step.

8 ) Click the OK button to return to the Archive List page.

9) Copy the .ucs file to another system.

Restoring configuration data using the Configuration utility

1) Log in to the Configuration utility.

2) Navigate to System >> Archives >> Archive List.

3) rom the Archive List, click the name of the UCS archive that you want to restore.

4) If the UCS archive is encrypted, you will need to type the passphrase for the encrypted UCS archive file in the Restore Passphrase field. If the UCS archive is not encrypted, you can skip this step.

5) Click the Restore button to initiate the UCS archive restore process.

6) When the restore process is completed, examine the status page for any errors reported before proceeding to the next step.

7) Click the OK button to return to the Archive List page.

8 ) If you restored the UCS archive on a different device and received the errors noted in the Considerations for restoring configuration data section, you must reactivate the BIG-IP system license.

9) After relicensing the system, reboot the system to ensure the configuration is fully loaded. To reboot the system, browse to System >> Configuration and click the Reboot button.

10) If the system you have restored contains the FIPS 140 HSM, you must configure the FIPS 140 HSM Security World after completing steps 1 to 9.

Restore 6400, 6800, 8400, or 8800 hardware platforms

If you are running 6400, 6800, 8400, or 8800 hardware platform you have to use tmsh utility for restore

1) Log in to the Traffic Management Shell (tmsh) by typing the following command:

tmsh

Note: If you are currently logged in to the tmsh shell, you can skip this step.

2) Restore the UCS archive file by using the following command syntax, replacing with the full path of the UCS archive file you want to restore:

load /sys ucs

If you do not specify the path, the BIG-IP system assumes the UCS archive file is located in the default /var/local/ucs directory.

3) If the UCS archive file was encrypted with a passphrase during the backup, you will be prompted to enter the passphrase for the archive file.

4) If you are running BIG-IP on a 6400, 6800, 8400, or 8800 hardware platform, type the following command to switch to bash shell:

run /util bash

5) Type the following command to verify that the new or replaced SSH keys from the UCS file are synchronized between the BIG-IP and the SCCP:

keyswap.sh sccp

6) Type the following command to switch back to the tmsh shell:

exit

7) Reboot the system by typing the following command:

reboot

you must reactivate the BIG-IP system license. Alternatively, you can replace the /config/bigip.license file with the original bigip.license file you backed up from the target system.

8 ) If the system you have restored contains the FIPS 140 HSM, you must configure the FIPS 140 HSM Security World after completing steps 1 to 5.

Sponsored Link

Leave a comment

Your email address will not be published. Required fields are marked *