System > Backups
You can use the Traffic Manager’s Backup Management capability to make backups of your configuration, compare backups with each other and with the current configuration, and restore configuration from a previous backup.
To manage your configuration backups, click System > Backups.
You can also use the “zconf” command-line utility to perform a more fine-grained backup/import/export of individual configuration objects. For more details, see Granular Configuration Import/Export with zconf.
Ivanti recommends you make a backup of your configuration before making a large configuration change, so that you can:
•Compare configurations to find out exactly what you have changed.
•Restore the earlier backup if you wish to abandon the changes you have made.
This feature also enables you to copy configuration backups from one Traffic Manager machine to another if, for example, you want to replace an older virtual machine or cloud instance with a newer version.
ATTENTION
Configuration backup files are specific to the Traffic Manager on which they are created, and as such are not part of the configuration automatically replicated between Traffic Managers in a cluster. If you terminate or delete a particular cluster member, any configuration backups stored on it are lost.
Making a Backup
Use the “Create a Backup” form to make a backup of your configuration. This backup is stored on the local Traffic Manager machine.
If the Web Application Firewall is licensed and enabled in your Traffic Manager deployment, you can optionally include the Application Firewall configuration in your backup by ticking the App Firewall box.
Restoring a Backup
Click a backup name from the table on the Backup Management page. Use the Restore Configuration option to replace the current configuration with the contents of the configuration backup.
A configuration backup will contain machine-specific information from the Traffic Manager it was taken from, such as Traffic IP Groups. Therefore, at this point you must decide whether or not to replace the current Traffic Manager’s local machine configuration. You have two options:
•Use the machine-specific configuration from the backup
If you are restoring a backup made from the same Traffic Manager, you will simply overwrite the local configuration with the backed-up configuration. Should you have made this backup on a different Traffic Manager, you will be presented with a mapping control. Here you can decide on the mapping for the machine configuration stored in the backup:
In this example, the backup contains configuration for a cluster of two Traffic Managers. Using this tool, you can decide which Traffic Manager is used for the restored configuration and which is ignored. Note that you can only create a one-to-one mapping between machine configurations.
•Restore the backup without any machine specific information.
The machine-specific configuration stored in the backup is ignored, and the current Traffic Manager local machine configuration retained.
If the Web Application Firewall is licensed and enabled in your Traffic Manager deployment, you can optionally choose to also restore the Web Application Firewall configuration from your backup, if one exists, by clicking Include Application Firewall configuration.
Exporting a Backup
Configuration backups are stored on the local Traffic Manager machine. You can export a configuration backup for safekeeping.
Click a backup name from the table on the Backup Management page. Use the Export Configuration option to download the configuration backup to your local machine.
ATTENTION
Store this backup securely. It contains sensitive information, including SSL certificates.
Exporting a Backup as a Configuration Document
The Traffic Manager includes a tool called the Configuration Importer, used to import a complete system configuration into a Traffic Manager instance from a previously-created definition - typically within an orchestration tool such as Docker or Kubernetes. Such definitions are contained within text files called configuration documents and the Configuration Importer uses these documents to construct the definitions on the local Traffic Manager, replacing its previous running configuration.
Click a backup name from the table on the Backup Management page and use the "Export Configuration document" section to create and export a configuration document based on the configuration contained within the backup.
To create a configuration document based instead on the current running configuration, use the Services > Configuration Summary page.
For a complete description of this functionality, see the Pulse Secure Virtual Traffic Manager: Configuration Importer Guide.
Importing a Backup
You can import a previously exported configuration backup. Use the “Import a Backup” section to upload a configuration backup from your local machine.
When you import a backup, it is added to the list of configuration backups on the Traffic Manager machine. It does not replace the current configuration. You can then restore the backup you have just uploaded to replace the current configuration if desired.
System > Backups > Partial Backups
This section provides the same backup/restore functionality of a full backup, yet allows you to tailor the contents of the backup to contain only a subset of a full configuration. It can be accessed from the link on the System > Backups page.
Partial backups are not transferable between Traffic Manager software versions. In other words, a partial backup you create in one version of the Traffic Manager cannot be imported into any other version.
This feature provides similar functionality to the “zconf” command-line utility described in Granular Configuration Import/Export with zconf, and can be useful when trying to copy specific services to other Traffic Manager clusters. Unlike a regular import, the configuration being imported is merged with the existing one instead of replacing it.
The page is separated into two main sections, one to handle the import and merge process, and another to enable exporting of partial backups.
Importing
This section of the page allows you to import a partial or full backup. To facilitate a partial import from the uploaded backup file, you can provide a suitable filter in the Include Only text box provided. The system will import any objects that match this filter, along with any objects upon which the selected objects depend. For example, the pools used by a selected virtual server will also be imported. For more details about the format used, see Filter Formats.
After uploading a backup file, and optionally specifying a filter, you will be presented with a “Diff” (a list of differences) showing the changes that will be made to the system. You should review the Diff and satisfy yourself that everything is correct. Click Apply Partial Backup to commit the changes.
ATTENTION
Importing partial backups can lead to an inconsistent configuration if not handled correctly. Always review the Diffs presented when importing a partial backup. As with all backup and restore operations, it is strongly recommended that you create a full backup point before applying a partial backup.
Exporting
This section is used to download partial or full configuration backups. To facilitate a partial backup, you can set a suitable filter in the Include Only text box provided. The system will then export only the configuration objects that match this filter, along with their dependencies. For more details about the format used, see Filter Formats.
Filter Formats
The Include Only filter is a space separated list of entries according to one of the following formats:
[CONFIGURATION TYPE] For example: vservers
or
[CONFIGURATION TYPE]/[NAME] For example: vservers/Intranet
or
[CONFIGURATION FILE] For example: users
When a configuration name has one or more spaces in it, you should precede each space character with a forward slash (\). This will ensure that the space is treated as part of the name and not a separator. For example, Intranet Master Service would be entered as Intranet\ Master\ Service.
The filter allows the use of an asterisk (*) as a wildcard to represent zero or more characters. For example, typing "net*" matches "net", "net.cfg", and "network".
You can include the special configuration file “settings.cfg” to back up your global settings (System > Global Settings), and the configuration file users to back up your local user settings (System > Users).
For example, to import all virtual servers, the monitor "Primary Database Monitor" and your global settings, enter the following filter:
The following table lists the configuration identifiers you can choose to include:
|
Identifier |
Description |
|
actionprogs |
Action Programs |
|
actions |
Alerting Actions |
|
activitymonitor |
Current Activity Graphing Data Settings |
|
appliance |
Appliance Management |
|
aptimizer/profiles |
Web Accelerator Profiles |
|
aptimizer/scopes |
Web Accelerator Scopes |
|
auth |
Admin Interface / Admin Server Authenticators |
|
authenticators |
TrafficScript Remote Authenticators |
|
ApplicationFirewallConfig |
Web Application Firewall Configuration |
|
auth |
Authenticators |
|
bandwidth |
Bandwidth Classes |
|
cloudcredentials |
Cloud Credentials |
|
custom |
Custom Configuration Sets |
|
dnsserver/zonefiles |
DNS Server Zone Files |
|
dnsserver/zones |
DNS Server Zones |
|
events |
Alerting Event Types |
|
extra |
Miscellaneous Files |
|
flipper |
Traffic IP Groups |
|
groups |
User Groups |
|
jars |
TrafficScript Java Extensions |
|
licensekeys |
License Keys |
|
locations |
Multi Site Management and Global Load Balancing Geographic Locations |
|
monitors |
Monitors |
|
persistence |
Session Persistence Classes |
|
pools |
Pools |
|
protection |
Service Protection Classes |
|
rate |
Rate Shaping Classes |
|
rules |
TrafficScript Rules |
|
scripts |
Monitor Scripts |
|
services |
Global Load Balancing (GLB) Services |
|
servlets |
Java Extension Servlets |
|
slm |
Service Level Monitoring Classes |
|
ssl/cas |
SSL Certificate Authorities |
|
ssl/client_keys |
SSL Client Certificates/Keys |
|
ssl/dnssec_keys |
DNSSEC Keys |
|
ssl/server_keys |
SSL Server Certificates/Keys |
|
supplementarykeys |
Supplementary License Keys |
|
vservers |
Virtual Servers |
|
zxtms |
Traffic Managers |
Including the Web Application Firewall in a Partial Backup
To include the Web Application Firewall (WAF) in a partial backup, you must also include the Global Settings file. In addition, WAF must be enabled in your Traffic Manager configuration before you create the backup.
In other words, with WAF enabled, add the following to the Include Only filter in the “Export” section:
•settings.cfg
•ApplicationFirewallConfig
Equally, to import WAF configuration through the Partial Backups page, ensure you add both files to the Include Only filter in the “Import” section.
ATTENTION
Restoring the “settings.cfg” file to your active Traffic Manager configuration in this way overrides all Global Settings configuration, not just WAF-specific key values. Ivanti recommends creating a backup of this file before restoring a copy of it through a partial backup.