The documentation set for this product strives to use bias-free language. For the purposes of this documentation set, bias-free is defined as language that does not imply discrimination based on age, disability, gender, racial identity, ethnic identity, sexual orientation, socioeconomic status, and intersectionality. Exceptions may be present in the documentation due to language that is hardcoded in the user interfaces of the product software, language used based on RFP documentation, or language that is used by a referenced third-party product. Learn more about how Cisco is using Inclusive Language.
This chapter provides procedures for managing file backups and management data.
This chapter includes the following sections:
•Restoring the Cisco VNMC Software to the Backup Configuration
•Working With Management Data Exports and Imports
The backup configuration include backing up everything including the configuration and the association details. This is a binary backup.
To restore the Cisco VNMC software to the backup configuration, follow these steps:
Step 1 Install the Cisco VNMC virtual machine (VM).
For details, see the Cisco Virtual Security Gateway, Release 4.2(1)VSG1(1) and Cisco Virtual Network Management Center, Release 2.0 Installation Guide.
Note Step 1 is optional if you are restoring an existing VNMC software.
Step 2 Uninstall the Cisco VSG policy agents.
Connect the Secure Shell to the Cisco VSG console for this task. This step does not cause a traffic disruption.
vsg# conf t
vsg (config)# vnm-policy-agent
vsg (config-vnm-policy-agent)# no policy-agent-image
Note Perform this step for all Cisco VSGs that are associated with the Cisco VNMC that you are restoring.
Step 3 Disable the ASA 1000V policy agents.
Connect the Secure Shell to the ASA 1000V console (CLI) for this task.
ciscoasa> enable
Password:
ciscoasa# configure terminal
ciscoasa(config)# no vnmc policy-agent
Note Perform this step for all ASA 1000Vs that are associated with the Cisco VNMC you are restoring.
Step 4 Uninstall the VSM policy agents.
Connect the Secure Shell to the VSM console for this task. This step does not cause a traffic disruption.
vsm# conf t
vsm (config)# vnm-policy-agent
vsm (config-vnm-policy-agent)# no policy-agent-image
Note Perform this step for all VSMs that are associated with the Cisco VNMC you are restoring.
Step 5 Restore the Cisco VNMC database.
Connect the Secure Shell to the Cisco VNMC CLI for this task. Depending upon your Cisco VNMC backup location, restore using File Transfer Protocol (FTP), Secure Copy (SCP), or Secure File Transfer Protocol (SFTP).
vnmc# connect local-mgmt
vnmc(local-mgmt)# restore scp://username@server/pathtofile
Note Do not use TFTP for backup and restore operations.
Step 6 In the Cisco VNMC GUI, choose Administration > Service Registry > Clients, and in the Work pane proceed with the following steps:
a. Wait until each registered VSM displays the operational status as lost-visibility.
b. Choose each VSM, and click the Delete Client icon.
Step 7 In the Cisco VNMC GUI, choose Resource Management > Resources > Virtual Supervisor Modules, and verify that the deleted VSMs are not visible.
Step 8 Reinstall the VSM policy agents.
Note If the VSM policy agents must be upgraded, install the new software now.
VSM# conf t
VSM (config)# vnm-policy-agent
VSM (config-vnm-policy-agent)# policy-agent-image bootflash:vnmc-vsmpa.2.0.1g.bin
Step 9 Wait until all the VSMs have registered in the Service Registry and are displayed under Resource Management > Resources > Virtual Supervisor Modules.
Step 10 Reinstall the Cisco VSG policy agents.
Note If the Cisco VSG policy agents must be upgraded, install the new software now.
VSG# conf t
VSG (config)# vnm-policy-agent
VSG (config-vnm-policy-agent)# policy-agent-image bootflash:vnmc-vsgpa.1.3.1c.bin
Step 11 Enable the ASA 1000V policy agents.
ciscoasa> enable
Password:
ciscoasa# configure terminal
ciscoasa(config)# vnmc policy-agent
ciscoasa(config-vnmc-policy-agent)# registration host n.n.n.n
ciscoasa(config-vnmc-policy-agent)# shared-secret MySharedSecret
Step 12 Verify the following states after the restore process is complete:
Note The restore process could take a few minutes depending upon your setup environment.
a. On the Cisco VSG CLI, verify that your configurations are restored to their earlier state.
b. On the Cisco ASA 1000V, verify that your configurations are restored to their earlier state.
c. On the Cisco VNMC GUI, verify that your objects and policies are restored to their earlier state.
This section includes the following topics:
•Working With File Backup Attributes
You can create a file backup.
Note Do not use TFTP to backup data.
See VNMC CLIs Basic Commands for basic information about the VNMC CLI.
Management controller
1. scope system
2. create backup {ftp:<//user@location/file> | scp:<//user@location/file> | sftp:<//user@location/file>} full-state {disabled | enabled}
3. commit-buffer
This example shows how to create a file backup:
vnmc# scope system
vnmc /system # create backup ftp://de@testhostname/testfile full-state enabled
Password:
vnmc /system/backup* # commit-buffer
vnmc /system/backup #
You can delete a file backup.
See VNMC CLIs Basic Commands for basic information about the VNMC CLI.
Management controller
1. scope system
2. delete backup <hostname or ip-address>
3. commit-buffer
This example shows how to delete a file backup:
vnmc# scope system
vnmc /system # delete backup testhostname
vnmc /system* # commit-buffer
vnmc /system #
You can display a list of file backups.
See VNMC CLIs Basic Commands for basic information about the VNMC CLI.
Management controller
1. scope system
2. show backup
|
|
|
---|---|---|
Step 1 |
scope system
Example: vnmc# scope system |
Places you in system mode. |
Step 2 |
show backup
Example:
|
Displays a list of file backups. |
This example shows how to display a list of file backups:
vnmc# scope system
vnmc /system # show backup
Backup:
Hostname Type User Protocol Administrative State Description
------------- ------------ -------- -------- -------------------- ---------
testhostname Full State testOne Ftp Enabled
testhostname2 Full State testTwo Ftp Enabled
vnmc /system #
You can enable a file backup.
See VNMC CLIs Basic Commands for basic information about the VNMC CLI.
Management controller
1. scope system
2. scope backup <hostname or ip-address>
3. enable
4. commit-buffer
This example shows how to enable a file backup:
vnmc# scope system
vnmc /system # scope backup testhostname
vnmc /system/backup # enable
Password:
vnmc /system/backup* # commit-buffer
vnmc /system/backup #
You can disable a file backup.
See VNMC CLIs Basic Commands for basic information about the VNMC CLI.
Management controller
1. scope system
2. scope backup <hostname or ip-address>
3. disable
4. commit-buffer
This example shows how to disable a file backup:
vnmc# scope system
vnmc /system # scope backup testhostname
vnmc /system/backup # disable
Password:
vnmc /system/backup* # commit-buffer
vnmc /system/backup #
This section contains the following topics:
•Setting the Description Attribute for File Backups
•Setting the Password Attribute for File Backups
•Setting the Protocol Attribute for File Backups
•Setting the Remote File Attribute for File Backups
•Setting the Type Attribute for File Backups
•Setting the User Attribute for File Backups
You can set the description attribute.
See VNMC CLIs Basic Commands for basic information about the VNMC CLI.
Management controller
1. scope system
2. scope backup <hostname or ip-address>
3. set descr <description>
4. commit-buffer
This example shows how to set the description attribute:
vnmc# scope system
vnmc /system # scope backup testhostname
vnmc /system/backup # set descr testAll
vnmc /system/backup* # commit-buffer
vnmc /system/backup #
You can set the password attribute.
See VNMC CLIs Basic Commands for basic information about the VNMC CLI.
Management controller
1. scope system
2. scope backup <hostname or ip-address>
3. set password
4. commit-buffer
This example shows how to set the password attribute:
vnmc# scope system
vnmc /system # scope backup testhostname
vnmc /system/backup # set password
Password:
vnmc /system/backup* # commit-buffer
vnmc /system/backup #
You can set the remote file name.
Note Do not use TFTP to backup data.
See VNMC CLIs Basic Commands for basic information about the VNMC CLI.
Management controller
1. scope system
2. scope backup <hostname or ip-address>
3. set protocol {ftp | scp | sftp}
4. commit-buffer
This example shows how to set the protocol attribute:
vnmc# scope system
vnmc /system # scope backup testhostname
vnmc /system/backup # set protocol scp
vnmc /system/backup* # commit-buffer
vnmc /system/backup #
You can set the remote file attribute.
See VNMC CLIs Basic Commands for basic information about the VNMC CLI.
Management controller
1. scope system
2. scope backup <hostname or ip-address>
3. set remote-file <remote file full path>
4. commit-buffer
This example shows how to set the remote file attribute:
vnmc# scope system
vnmc /system # scope backup testhostname
vnmc /system/backup # set remote-file /directory/file_a
vnmc /system/backup* # commit-buffer
vnmc /system/backup #
You can set the type attribute.
See VNMC CLIs Basic Commands for basic information about the VNMC CLI.
Management controller
1. scope system
2. scope backup <hostname or ip-address>
3. set type {full-state}
4. commit-buffer
This example shows how to set the type attribute:
vnmc# scope system
vnmc /system # scope backup testhostname
vnmc /system/backup # set type full-state
vnmc /system/backup* # commit-buffer
vnmc /system/backup #
You can set the user attribute.
See VNMC CLIs Basic Commands for basic information about the VNMC CLI.
Management controller
1. scope system
2. scope backup <hostname or ip-address>
3. set user <user-name>
4. commit-buffer
This example shows how to set the user attribute:
vnmc# scope system
vnmc /system # scope backup testhostname
vnmc /system/backup # set user techs
vnmc /system/backup* # commit-buffer
vnmc /system/backup #
Data export only includes the configuration.
This section includes the following topics:
•Creating Management Data Export Services
•Deleting Management Data Export Services
•Displaying Management Data Export Services
•Enabling Management Data Export Services
•Disabling Management Data Export Services
•Creating Management Data Import Services
•Deleting Management Data Import Service
•Displaying Management Data Import Services
•Enabling Management Data Import Services
•Working With Management Data Attributes
You can create VNMC management data export services.
Note Do not use TFTP for export and import operations.
See VNMC CLIs Basic Commands for basic information about the VNMC CLI.
Management controller
1. scope system
2. create export {ftp:<//user@location/file> | scp:<//user@location/file> | sftp:<//user@location/file>} {config-all | config-logical | config-system} {disabled | enabled}
3. commit-buffer
This example shows how to create a management data export service:
vnmc# scope system
vnmc /system # create export ftp://de@testhostname/PA12 config-all enabled
Password:
vnmc /system/export* # commit-buffer
vnmc /system/export #
You can delete a management data export service.
See VNMC CLIs Basic Commands for basic information about the VNMC CLI.
Management controller
1. scope system
2. delete export <hostname or ip-address>
3. commit-buffer
This example shows how to delete a management data export service:
vnmc# scope system
vnmc /system # delete export testhostname
vnmc /system* # commit-buffer
vnmc /system #
You can display a list of export services.
See VNMC CLIs Basic Commands for basic information about the VNMC CLI.
Management controller
1. scope system
2. show export
|
|
|
---|---|---|
Step 1 |
scope system
Example: vnmc# scope system |
Places you in system mode. |
Step 2 |
show export
Example:
|
Displays a list of export services. |
This example shows how to display a list of export services:
vnmc# scope system
vnmc /system # show export
Management Data Export:
Hostname User Protocol Data Export Type Administrative State Description
---------- ---------- -------- ---------------- -------------------- -----------
testhostname test Ftp Config All Enabled
testhostname2 test Ftp Config System Enabled
vnmc /system #
You can enable management data export services.
See VNMC CLIs Basic Commands for basic information about the VNMC CLI.
Management controller
1. scope system
2. scope export <hostname or ip-address>
3. enable
4. commit-buffer
This example shows how to enable a management data export service:
vnmc# scope system
vnmc /system # scope export testhostname
vnmc /system/export # enable
Password:
vnmc /system/export* # commit-buffer
vnmc /system/export #
You can disable management data export services.
See VNMC CLIs Basic Commands for basic information about the VNMC CLI.
Management controller
1. scope system
2. scope export <hostname or ip-address>
3. disable
4. commit-buffer
This example shows how to enable a management data export service:
vnmc# scope system
vnmc /system # scope export testhostname
vnmc /system/export # disable
Password:
vnmc /system/export* # commit-buffer
vnmc /system/export #
You can create a VNMC management data import service.
Note Do not use TFTP for export and import operations.
See VNMC CLIs Basic Commands for basic information about the VNMC CLI.
Management controller
1. scope system
2. create import {ftp:<//user@location/file> | scp:<//user@location/file> | sftp:<//user@location/file>} {merge} {disabled | enabled}
3. commit-buffer
This example shows how to create a management data import service:
vnmc# scope system
vnmc /system # create import ftp:/de@testhostname/PA12 merge enabled
Password:
vnmc /system/import* # commit-buffer
vnmc /system/import #
You can delete the management data import service.
See VNMC CLIs Basic Commands for basic information about the VNMC CLI.
Management controller
1. scope system
2. delete import <hostname or ip-address>
3. commit-buffer
This example shows how to delete the import service:
vnmc# scope system
vnmc /system # delete import testhostname
vnmc /system* # commit-buffer
vnmc /system #
You can display a list of import services.
See VNMC CLIs Basic Commands for basic information about the VNMC CLI.
Management controller
1. scope system
2. show import
|
|
|
---|---|---|
Step 1 |
scope system
Example: vnmc# scope system |
Places you in system mode. |
Step 2 |
show import
Example:
|
Displays a list of import services. |
This example shows how to display a list of import services:
vnmc# scope system
vnmc /system # show import
Management Data Import:
Hostname User Protocol Data Import Action Administrative State Description
------------- ------ -------- ------------------ -------------------- -----------
testhostname test Ftp Replace Enabled
testhostname2 test Ftp Replace Enabled
vnmc /system #
You can enable management data import services.
See VNMC CLIs Basic Commands for basic information about the VNMC CLI.
Management controller
1. scope system
2. scope import <hostname or ip-address>
3. enable
4. commit-buffer
This example shows how to enable a management data import service:
vnmc# scope system
vnmc /system # scope import testhostname
vnmc /system/import # enable
Password:
vnmc /system/import* # commit-buffer
vnmc /system/import #
You can disable management data import services.
See VNMC CLIs Basic Commands for basic information about the VNMC CLI.
Management controller
1. scope system
2. scope import <hostname or ip-address>
3. disable
4. commit-buffer
This example shows how to disable a management data import service:
vnmc# scope system
vnmc /system # scope import testhostname
vnmc /system/import # disable
Password:
vnmc /system/import* # commit-buffer
vnmc /system/import #
This section includes the following topics:
•Setting the Action Attribute for Imports
•Setting the Description Attribute for Exports and Imports
•Setting the Password Attribute for Exports and Imports
•Setting the Protocol Attribute for Exports and Imports
•Setting the Remote File Prefix Attribute for Exports and Imports
•Setting the Type Attribute for Exports
•Setting the User Attribute for Exports and Imports
You can set the action attribute.
See VNMC CLIs Basic Commands for basic information about the VNMC CLI.
Management controller
1. scope system
2. scope import <hostname or ip-address>
3. set action {merge}
4. commit-buffer
This example shows how to set the action attribute:
vnmc# scope system
vnmc /system # scope import testhostname
vnmc /system/import # set action merge
vnmc /system/import* # commit-buffer
vnmc /system/import #
You can set the description attribute.
See VNMC CLIs Basic Commands for basic information about the VNMC CLI.
Management controller
1. scope system
2. scope export <hostname or ip-address> | scope import <hostname or ip-address>
3. set descr <description>
4. commit- buffer
This example shows how to set the description attribute in export mode:
vnmc# scope system
vnmc /system # scope export testhostname
vnmc /system/backup # set descr testA
vnmc /system/backup* # commit-buffer
vnmc /system/backup* #
You can set the password attribute.
See VNMC CLIs Basic Commands for basic information about the VNMC CLI.
Management controller
1. scope system
2. scope export <hostname or ip-address> | scope import <hostname or ip-address>
3. set password
4. commit-buffer
This example shows how to set the password attribute in import mode:
vnmc# scope system
vnmc /system # scope import testhostname
vnmc /system/import # set password
Password:
vnmc /system/import #
You can set the protocol attribute.
Note Do not use TFTP for export and import operations.
See VNMC CLIs Basic Commands for basic information about the VNMC CLI.
Management controller
1. scope system
2. scope export <hostname or ip-address> | scope import <hostname or ip-address>
3. set protocol {ftp | scp | sftp}
4. commit-buffer
This example shows how to set the protocol attribute in import mode:
vnmc# scope system
vnmc /system # scope import testhostname
vnmc /system/import # set protocol ftp
vnmc /system/import* # commit-buffer
vnmc /system/import #
You can set the remote file prefix attribute to the prefix (/pathtofile/file) or full path (/pathtofile/file.tgz) of the remote file.
See VNMC CLIs Basic Commands for basic information about the VNMC CLI.
Management controller
1. scope system
2. scope export <hostname or ip-address> | scope import <hostname or ip-address>
3. set remote-file-prefix </path/filename>| </path/filename.tgz>
4. commit-buffer
This example shows how to set the remote file prefix attribute in export mode:
vnmc# scope system
vnmc /system # scope export testhostname
vnmc /system/export # set remote-file-prefix /test
vnmc /system/export* # commit-buffer
vnmc /system/export #
You can set the type attribute.
See VNMC CLIs Basic Commands for basic information about the VNMC CLI.
Management controller
1. scope system
2. scope export <hostname or ip-address>
3. set type <hostname or ip-address> {config-all | config-logical | config-system}
4. commit-buffer
This example shows how to set the type attribute in export mode:
vnmc# scope system
vnmc /system # scope export testhostname
vnmc /system/export # set type config-all
vnmc /system/export* # commit-buffer
vnmc /system/export #
You can set the user attribute.
See VNMC CLIs Basic Commands for basic information about the VNMC CLI.
Management controller
1. scope system
2. scope export <hostname or ip-address> | scope import <hostname or ip-address>
3. set user <user-name>
4. commit-buffer
This example shows how to set the user attribute in import mode:
vnmc# scope system
vnmc /system # scope import testhostname
vnmc /system/import # set user techs
vnmc /system/import* # commit-buffer
vnmc /system/import #