Manualshelf

Installation guide

ManualsBrandsCisco ManualsComputer equipmentExplorer 4700
919293949596979899100
4-46
Device Manager Guide, Cisco ACE 4700 Series Application Control Engine Appliance
OL-26645-02
Chapter 4 Configuring Virtual Contexts
Using the Configuration Checkpoint and Rollback Service
Using the Configuration Checkpoint and Rollback Service
At some point, you may want to modify your ACE running configuration. If you run into a problem with
the modified configuration, you may need to reboot your ACE. To prevent having to reboot your ACE
after unsuccessfully modifying a running configuration, you can create a checkpoint (a snapshot in time)
of a known stable running configuration before you begin to modify it. If you encounter a problem with
the modifications to the running configuration, you can roll back the configuration to the previous stable
configuration checkpoint.
Note Before you upgrade your ACE software, we strongly recommend that you create a checkpoint in your
running configuration. For software release A4(1.0), use the backup function to create a backup of the
running configuration (see the “Performing Device Backup and Restore Functions” section on
page 4-49).
The ACE allows you to make a checkpoint configuration at the context level. The ACE stores the
checkpoint for each context in a hidden directory in Flash memory. If, after you make configuration
changes that modify the current running configuration, when you roll back the checkpoint, the ACE
causes the running configuration to revert to the checkpointed configuration.
This section includes the following topics:
Creating a Configuration Checkpoint, page 4-46
Deleting a Configuration Checkpoint, page 4-47
Rolling Back a Running Configuration, page 4-48
Comparing the Checkpoint with the Running Configuration, page 4-48
Displaying Checkpoint Information, page 4-49
Creating a Configuration Checkpoint
You can create a configuration checkpoint for a specific context. The ACE supports a maximum of
10 checkpoints for each context.
Assumption
This topic assumes the following:
Make sure that the current running configuration is stable and is the configuration that you want to
make as a checkpoint. If you change your mind after creating the checkpoint, you can delete it (see
the “Deleting a Configuration Checkpoint” section on page 4-47).
The ACE-Admin, DM-Admin, and Org-Admin predefined roles have access to the configuration
checkpoint function.
A custom role with the Device Manager Inventory and Virtual Context role tasks set to create or
modify has the required privileges to create a configuration checkpoint.
A checkpoint will not include the SSL keys/certificates, probe scripts, and licenses.
This functionality on the DM requires that SSH is enabled on the appliance. Also, ensure that the
ssh key rsa 1024 force command is applied on the appliance.
Adding a checkpoint from an ACE context directly will not trigger an autosynchronization on the
ACE Appliance Device Manager for that context.