Configuration Backups for Network Devices

Configuring Network Device Configuration Backup in Nectus 1.2.51

,

Network Device Configuration Backup

Nectus version 1.2.51 introduced several enhancements for Network Device Configuration backup procedure.

User can now use different backup credentials and fully customizable backup scripts for different Device Views. This allows user to create different backup scripts for different vendors or different product lines with different CLI.

User can control what configuration information is included in configuration backup and include supplementary information such as hardware inventory info, current ports status and list of connected devices to a scheduled configuration backup process.

Creating Device View for Configuration Backups

Very first step in setting up your configuration backup is to create Device Views that will contain devices that require common Credentials and Configuration Scripts.

For example, you can create Device View that will contain all Cisco ASA Firewalls and Separate Device View that will contain all Cisco IOS Devices.

The reason those devices require separate Device Views is that Configuration Backup script differ for ASA and IOS devices.

Also use different Device View if devices require different login credentials.

To Create a Device Views, go to Inventory → Views → SNMP Device Views

 

Creating Login Credential Sets

Next step is to define your login credentials that will be used by Configuration backup engine to login to devices and executing Backup Scripts.

To Create a Backup login Credentials, go to:

Settings → Device Configuration Backups → Backup Credentials

Creating Backup Scripts

Next step is to create Backup Scripts that will be executed by backup engine

once it is logged in to device.

Here is the example of sample Backup Script for Cisco ASA Devices:

config terminal

pager 0

show running-config

You can further enhance backup script by including for example hardware inventory information command: “show inventory” etc.

It is important to create a script that will generate all the information required for backup without pagination.

To Create Backup Scripts, go to:

Settings → Device Configuration Backups → Backup Scripts

In some cases, output generated by backup script may contain highly sensitive information that may not be desired to be stored anywhere.

For cases like this Nectus offers “exclusion rules” option in Configuration Script definition where you can define which config lines must be excluded from the text before it is stored in database.

You can use RegEx syntax to define those exclusion rules.

Creating Backup Jobs

Next step is to create a Backup Job definition where you can combine

Device View with specific Backup Credential Set and Backup Script.

To Create Backup Jobs, go to:

Settings → Device Configuration Backups → Backup Jobs

Enable Config Backup, Set Time and Miscellaneous Settings

And final step is to define time for scheduled backup and to turn it ON

To set a time for Configuration Backup, go to:

Settings → Device Configuration Backups → Schedule

 

To enable configuration Backup go to:

Settings → Device Configuration Backups → General Settings

Additional Backup Parameters are available on “Backup Parameters” Tab where you can control for how long the backup files should be stored in DB and whether you want you to

backup up configuration if it has not changed since the last time it was backed up.

Note: Backup engine attempts SSH connection first and if SSH connection fails it will attempt a Telnet.

 

Configuration Backup and Change Tracking in Nectus

,

This post will cover the configuration backup and change tracking features available in Nectus.
Nectus provides the ability to back up the configuration of the devices discovered, on a scheduled basis and manually.
Nectus comes with some default settings regarding the configuration backup and for others administrator input is required.
This is the configuration backup settings menu:

Multiple tabs on the menu allows you to specify some parameters like what to be backed up and for how long to keep a configuration backup:

Or how often and when the automatic backup should happen:

The next two tabs are for telnet protocol configuration:

And ssh protocol configuration:

The remaining two tabs allows the administrator to use custom specific scripts for backup (in case you would like to perform partial backup for instance).
Nectus must connect to the device using a valid username/password combination on that device.
If the username/password exist on the device, then it must be fed to Nectus.
This is where you set this up:

And these are the input values required

Once this is done, you can backup configuration per device, per group of devices (vendor, platform, model) or for all devices.
This is how you can backup a group of devices, which in this case is the same as all the devices are backed up (this is because there are only Cisco devices in the topology):

From the inventory menu, you can see the successful backups and the failed backups.
If the backup failed, then you would see like this:

You can see the reason it failed, which in this is because Nectus could not establish a telnet or SSH connection to the device:

If the backup is successful, the device configuration should show up:

Clicking on any of the files, you will see the configuration of the device at the time configuration backup was triggered:

Each device context menu has a configuration backup section where you can perform various actions:

You can backup the configuration, view the running configuration:

Or you can view the archive of all the device backups:

Further on, you can compare two backup files to see what has changed.
They do not need to be consecutive backups. Here, “auto-cost reference-bandwidth” was configured on the device:

Another useful feature is the tracking change feature which shows the changes between two consecutive backups.
You select the newer backup and Nectus will show what has changed since the previous backup was taken:

In case there are backups that were taken before Nectus was deployed and you would like to see what are the changes between those configurations and the ones taken by Nectus,
you have the possibility to compare the Nectus backups with the external files. You can even compare two external configuration backups with the help of Nectus.
Another useful feature that is related to configuration backup, is the report that tracks the devices whose configuration was not saved after the last change.

You can trigger this report like this:

You can specify if you want to send the report to an email address and if you also want to keep this report for auditing purposes:

And the report looks like this:

Keep in mind that the time you see in the report is the uptime of the router. For instance, in the above example,
the device configuration was saved last time when the router had an uptime of 1h47m
and the last configuration change was done when the router had an uptime of 1h50m.
And this would pretty much all about configuration backup and change tracking in Nectus and how it can help you to save your configurations and see
what has changes from one backup to the next one or any other backup.