Installation guide

ManualsBrandsCisco ManualsComputer equipmentExplorer 4700

101

102

103

104

105

106

107

108

109

110

4-51

Device Manager Guide, Cisco ACE 4700 Series Application Control Engine Appliance

OL-26645-02

Chapter 4 Configuring Virtual Contexts

Performing Device Backup and Restore Functions

context_name-cert_name.cert

context_name-key_name.key

context_name-script_name.tcl

context_name-license_name.lic

Guidelines and Limitations

The backup and restore functions have the following configuration guidelines and limitations:

• This functionality on the DM requires that SSH is enabled on the appliance. Also, ensure that the

ssh key rsa 1024 force command is applied on the appliance.

• Store the backup archive on disk0: in the context of the ACE where you intend to restore the files.

Use the Admin context for a full backup and the corresponding context for user contexts.

• When you back up the running-configuration file, the ACE uses the output of the show

running-configuration CLI command as the basis for the archive file.

• The ACE backs up only exportable certificates and keys.

• License files are backed up only when you back up the Admin context.

• Use a pass phrase to back up SSL keys in encrypted form. Remember the pass phrase or write it

down and store it in a safe location. When you restore the encrypted keys, the ACE prompts you for

the pass phrase to decrypt the keys. If you do not use a pass phrase when you back up the SSL keys,

the ACE restores the keys with AES-256 encryption using OpenSSL software.

• Only probe scripts that reside in disk0: need to be backed up. The prepackaged probe scripts in the

probe: directory are always available. When you perform a backup, the ACE automatically

identifies and backs up the scripts in disk0: that are required by the configuration.

• The ACE does not resolve any other dependencies required by the configuration during a backup

except for scripts that reside in disk0:. For example, if you configured SSL certificates in an SSL

proxy in the running-configuration file, but you later deleted the certificates, the backup proceeds

anyway as if the certificates still existed.

• To perform a restore operation, you must have the admin RBAC feature in your user role. DM-admin

and ORG-admin have access to this feature by default. Custom roles with the Device Manager

Inventory and Virtual Context role tasks set to create or modify can also access this feature.

• When you instruct the ACE to restore the archive for the entire ACE, it restores the Admin context

completely first, and then it restores the other contexts. The ACE restores all dependencies before

it restores the running configuration. The order in which the ACE restores dependencies is as

follows:

–

License files

–

SSL certificates and key files

–

Health-monitoring scripts

–

Checkpoints

–

Startup-configuration file

–

Running-configuration file

• When you restore the ACE, previously installed license files are uninstalled and the license files in

the backup file are installed in their place.

• In a redundant configuration, if the archive that you want to restore is different from the peer

configurations in the FT group, redundancy may not operate properly after the restore.

• You can restore a single context from a full backup archive provided that you do the following:

–

You execute the restore operation in the context that you want to restore