A great challenge of network operators is the total downtime experienced after a router has been compromised and its operating
software and configuration data erased from its persistent storage. The operator must retrieve an archived copy (if any) of
the configuration and a working image to restore the router. Recovery must then be performed for each affected router, adding
to the total network downtime.
The Cisco IOS Resilient Configuration feature is intended to speed up the recovery process. The feature maintains a secure
working copy of the router image and the startup configuration at all times. These secure files cannot be removed by the user.
This set of image and router running configuration is referred to as the primary bootset.
The following factors were considered in the design of Cisco IOS Resilient Configuration:
The configuration file in the primary bootset is a copy of the running configuration that was in the router when the feature
was first enabled.
The feature secures the smallest working set of files to preserve persistent storage space. No extra space is required to
secure the primary Cisco IOS image file.
The feature automatically detects image or configuration version mismatch.
Only local storage is used for securing files, eliminating scalability maintenance challenges from storing multiple images
and configurations on TFTP servers.
The feature can be disabled only through a console session.