- Cisco Unified SRST Manager Roadmap
- Cisco Unified SRST Manager Workflow
-
- Cisco Unified SRST Manager Overview
- Cisco Unified SRST Manager Administration Interfaces
- About the Cisco Unified SRST Manager GUI
- Overview of Initial Configuration Tasks
- Logging In to the Cisco Unified SRST Manager Graphical User Interface
- Configuring E-SRST Site Provisioning
- Using the Setup Wizard
- Configuring Users for Cisco Unified SRST Manager
- Using the Central Call Agent Wizard to Add Cisco Unified Communications Manager Information
- Viewing and Updating the Central Call Agent
- Viewing the Cisco Unified SRST References
- Viewing, Adding, and Removing the Central Call Agent
- Viewing the Cluster Nodes Associated With a Central Call Agent
- Viewing and Provisioning Sites
- Changing the Information for a Single Cisco Unified SRST Site
- Changing the Information for Multiple Cisco Unified SRST Sites at Once
- Using Site Templates
- Creating, Changing, and Viewing a Site Template
-
- Monitoring the Provisioning Status of a Branch Device
- Monitoring the Learned Cisco Unified Communications Manager Express Routers
- Viewing Configuration Changes
- Maintaining the Cisco Unified SRST Manager System
- Viewing Reports
- Backing Up and Restoring Data
- Configuring Backup and Restore
- Backing Up and Restoring Data Using the CLI
- Saving and Reloading the Cisco Unified SRST Manager Configuration
- Glossary
Backing Up and Restoring Data Using the CLI
Backup and Restore Using SFTP
Overview
You can transfer files from any Cisco Unified SRST Manager application to and from the backup server using Secure File Transfer Protocol (SFTP). SFTP provides data integrity and confidentiality that is not provided by FTP.
Because SFTP is based on Secure Shell tunnel version 2 (SSHv2), only SSHv2 servers are supported for this feature.
To run backup and restore over SFTP, you must configure the URL of the backup server in the form of sftp:// hostname / dir, in addition to the username and password to log in to the server. The backup server must have an SSH daemon running with the SFTP subsystem enabled. The SSH protocol allows various user authentication schemes.
Performing Backup and Restore Using SFTP
Prerequisites
Required Data for This Procedure
SUMMARY STEPS
2.
backup { revisions number | server url sftp-url username sftp-username password sftp-password }
DETAILED STEPS
Backup Server Authentication Using a SSH Host Key
- Overview
- Configuring Backup Server Authentication Without Using the SSH Host Key
- Configuring Backup Server Authentication Using the SSH Host Key
Overview
You can authenticate the backup server using the SSH protocol before starting a backup/restore operation. The SSH protocol uses public key cryptography for server authentication.
This feature provides two methods of authenticating a server:
- Establishing a secure connection based only on the URL of a trusted backup server.
- Obtaining the fingerprint of the backup server and using it to establish a secure connection. This fingerprint is also known as the host key or private key.
The first method is easier than the second method, but it is less secure because it does not depend on knowledge of the backup server’s private host key. However, if you know the URL of a trusted backup server, it is generally safe. In this case, the backup server securely provides the client with its private host key.
In both cases, when server authentication is enabled, the system validates the SSH server’s private host key by comparing the fingerprint of the key received from the server with a preconfigured string. If the two fingerprints do not match, the SSH handshake fails, and the backup/restore operation does not occur.
You cannot use the GUI to configure this feature; you must use the CLI.
Configuring Backup Server Authentication Without Using the SSH Host Key
Prerequisites
Required Data for This Procedure
To enable SSH authentication of a backup server without knowing the server’s fingerprint (private host key), you must know the URL of a trusted backup server.
SUMMARY STEPS
DETAILED STEPS
Configuring Backup Server Authentication Using the SSH Host Key
Prerequisites
Required Data for This Procedure
To use a backup server’s fingerprint (private host key) to enable SSH authentication, you must first retrieve the fingerprint “out-of-band” by running the ssh-keygen routine on the backup server. This routine is included in the OpenSSH package. The following example shows the command and its output:
ssh-keygen -l -f /etc/ssh/ssh_host_dsa_key.pub
1024 4d:5c:be:1d:93:7b:7c:da:56:83:e0:02:ba:ee:37:c1 /etc/ssh/ssh_host_dsa_key.pub
SUMMARY STEPS
2. security ssh knownhost host {ssh-rsa | ssh-dsa} fingerprint-string
DETAILED STEPS
Encrypting and Signing of Backup Content on the Server
Overview
You can protect backed up configuration and data files using signing and encryption before the files are transferred to the backup server.
To enable this feature, you must configure a master key from which the encryption and signing key (known as the session key) are derived. The backup files are encrypted and signed before they are sent to the backup server. When restoring the files, the master key is used to validate the integrity of the files and decrypt them accordingly. You can also restore the backup files to any other machine running Cisco Unified SRST Manager 9.0 or later versions, if you configure the same master key before you begin the restore process. To make it easier to automate a scheduled backup, the master key is stored securely on the hosting device. It is not included in the backup content.
During the restore process, if the system detects that backup content has been tampered with, the restore process aborts. The system also halts and waits for the administrator to take some action, such as restoring using a different revision.
For backward compatibility, you can allow unsigned backup files to be restored if the risk is acceptable.
Feedback