Backing Up and Restoring Data

Cisco Unity Express backup and restore functions use an FTP server to store and retrieve data. The backup function copies the files from the Cisco Unity Express application to the FTP server and the restore function copies the files from the FTP server to the Cisco Unity Express application. The FTP server can reside anywhere in the network if the backup and restore functions can access it with an IP address or hostname.

We recommend that backups be done regularly to preserve voice-mail messages and configuration data.

Backup and restore commands are available in configuration mode and in offline mode.

  • In configuration mode, commands are available to set the following parameters:

blank.gif Number of backup files to keep (the oldest file is deleted).

blank.gif URL of the FTP server where the files will be stored.

  • In offline mode, perform the backup or restore procedure. Decide the following:

blank.gif Type of files to be backed up: all files (configuration and data), only configuration files, or only data files. Data files consist of voice-mail messages. Configuration files consist of all other system and application parameters.

blank.gif URL of the FTP server where the files will be stored.

caut.gif
Caution blank.gif Offline mode terminates all existing voice-mail calls and IMAP and VoiceView Express sessions. No new voice-mail calls are allowed. Calls to auto attendant are allowed. We recommend doing a backup when no calls are active.

This chapter contains the following sections:

Restrictions

Cisco Unity Express does not support the following backup and restore capabilities:

  • Scheduled backup operations in versions prior to Cisco Unity Express 7.1. The backup and restore procedures begin when the appropriate command is entered. For information about scheduling backups for Cisco Unity Express 7.1 and later, see Configuring Scheduled Backup Jobs.
  • Centralized message storage arrangement. Cisco Unity Express backup files cannot be used or integrated with other message stores.
  • Selective backup and restore. Only full backup and restore functions are available. Individual voice-mail messages or other specific data cannot be stored or retrieved.

Backing Up from One Platform and Restoring to Another Platform Type

You can back up your Cisco Unity Express configuration from one hardware platform type and restore it on another type. For example, you can back up your configuration from an NME-CUE and restore it on an AIM2-CUE. The following requirements apply:

  • The target platform you are restoring to must have the same licenses enabled as the current platform. For example, if you have 200 mailboxes configured, the same number of mailbox licenses must be enabled on the target platform. If using Cisco Unity Express 7.0 or earlier, the target platform must have the same type of license (CUCM or CUCME) installed.
  • The target platform you are restoring to must have the same or greater capacity.
  • The number of languages installed should not exceed the limits supported by the target platform.
  • The target platform must support the same Cisco Unity Express release. If upgrading to a different software release, see the upgrade procedures in the Cisco Unity Express installation and Upgrade Guide.
  • The total allocated mail box (mbx) size of the installed platform must be lesser than the maximum capacity of the voice mail of the target platform you are restoring to.

For platform support and capacities, see the Release Notes for Cisco Unity Express. See also the Cisco Unity Express Guide to Hardware Migration and Software Upgrades.

Setting Backup Parameters

The backup parameters define the FTP server to use for storing Cisco Unity Express backup files and the number of backups that are stored before the system deletes the oldest one.

All Cisco Unity Express backup files are stored on the specified server. You can copy the backup files to other locations or servers, if necessary.

Cisco Unity Express automatically assigns an ID to each successful backup. Use this backup ID to restore the backup.

Prerequisites

  • Verify that the backup server is configured.
  • Verify that an FTP administrator or other user who can log in to the FTP server has full permission on the FTP server, such as read, write, overwrite, create, and delete permissions for files and directories.

Required Data for This Procedure

  • Number of revisions to save before the oldest backup is written over
  • FTP server URL
  • User ID and password of the FTP server login

SUMMARY STEPS

1.blank.gif config t

2.blank.gif backup { revisions number | server url ftp-url username ftp-username password ftp-password }

3.blank.gif exit

4.blank.gif show backup

DETAILED STEPS

 

Command or Action
Purpose

Step 1

config t

 

se-10-0-0-0# config t

Enters configuration mode.

Step 2

backup { revisions number | server url ftp-url username ftp-username password ftp-password }

 

se-10-0-0-0(config)# backup server url ftp://main/backups username “admin” password “wxyz”

se-10-0-0-0(config)# backup server url ftp://172.168.10.10/backups username “admin” password “wxyz”

se-10-0-0-0(config)# backup revisions 5

Sets the backup parameters.

  • server url —The ftp-url value is the URL to the network FTP server where the backup files will be stored. The ftp-username and ftp-password values are the user ID and password for the network FTP server.

Note The backup server must be configured before the backup revisions can be configured.

  • revisions —The number of backup files that will be stored. When this number is reached, the system deletes the oldest stored file.

In the example, main is the hostname of the FTP server and backups is the directory where backup files are stored.

Step 3

exit

 

se-10-0-0-0(config)# exit

Exits configuration mode.

Step 4

show backup

 

se-10-0-0-0# show backup

Displays the backup server configuration information, including the FTP server URL and the number of revisions.

Examples

The following example configures a backup server and displays the show backup output:

se-10-0-0-0# config t
se-10-0-0-0#(config)# backup server url ftp://172.16.0.0/backups username admin password voice
se-10-0-0-0#(config)# backup revisions 10
se-10-0-0-0#(config)# exit
se-10-0-0-0#
 
se-10-0-0-0# show backup
Server URL: ftp://172.16.0.0/backups
User Account on Server: admin
Number of Backups to Retain: 10
se-10-0-0-0#

Backing Up Files

Three types of backup requests are available: data only, configuration only, or all.

  • Data—Backs up voice-mail greetings and voice-mail messages.
  • Configuration—Backs up system configuration, including recorded names, custom scripts, and custom prompts. Use the show run command to display the current running configuration.
  • All—Backs up all data and configuration information.

Backups are performed only in offline mode.

Cisco Unity Express automatically numbers and dates the backup files and identifies the revision number in a backupid field.

Performing different backup types at various times causes different backup IDs for data backups and configuration backups. For example, the last data backup ID might be 3, and the last configuration backup might be 4. Performing an “all” backup might result in a backup ID of 5 for both data and configuration.

When restoring the files, refer to the backup ID for the backup file that you want to use. Use the show backup server command for a list of backup IDs.

note.gif

Noteblank.gif We recommend that you back up your configuration files whenever changes are made to the system or application files. Data files, which contain voice messages, should be backed up regularly to minimize data loss, such as from a hardware failure.

caut.gif
Caution blank.gif Offline mode terminates all existing voice-mail calls, and no new voice-mail calls are allowed. Calls to auto attendant are allowed. We recommend doing a backup when telephone subscribers are not active on calls.

SUMMARY STEPS

1.blank.gif offline

2.blank.gif backup category { all | configuration | data }

3.blank.gif continue

4.blank.gif show backup history

5.blank.gif show backup server

DETAILED STEPS

Command or Action
Purpose

Step 1

offline

 

se-10-0-0-0# offline

Enters offline mode. All active voice-mail calls are terminated.

Step 2

backup category { all | configuration | data }

 

se-10-0-0-0(offline)# backup category all

se-10-0-0-0(offline)# backup category configuration

se-10-0-0-0(offline)# backup category data

Specifies the type of data to be backed up and stored.

Step 3

continue

 

se-10-0-0-0(offline)# continue

Exits offline mode and returns to EXEC mode.

Step 4

show backup history

 

se-10-0-0-0# show backup history

Displays the backup and restore procedures and the success or failure of those attempts.

note.gif

Noteblank.gif Beginning with Cisco Unity Express 8.0, use the show restore history command to display the restore status.

Step 5

show backup server

 

se-10-0-0-0# show backup server

Displays the backup files available on the backup server, the date of each backup, and the backup file ID.

Examples

The following is sample output from the show backup history command for versions 7.1 and earlier:

se-10-0-0-0# show backup history
 
#Start Operation
Category: Configuration
Backup Server: ftp://10.100.10.215/CUE_backup
Operation: Backup
Backupid: 2
Restoreid: -1
Description: test backup 1
Date: Sun Jun 13 12:32:48 PDT 1993
Result: Success
Reason:
#End Operation
 
#Start Operation
Category: Data
Backup Server: ftp://10.100.10.215/CUE_backup
Operation: Backup
Backupid: 2
Restoreid: -1
Description: CUE test backup
Date: Sun Jun 13 12:32:57 PDT 1993
Result: Success
Reason:
#End Operation
 
#Start Operation
Category: Configuration
Backup Server: ftp://10.100.10.215/CUE_backup
Operation: Restore
Backupid: 2
Restoreid: 1
Description:
Date: Sun Jun 13 12:37:52 PDT 1993
Result: Success
Reason:
#End Operation
 
#Start Operation
Category: Data
Backup Server: ftp://10.100.10.215/CUE_backup
Operation: Restore
Backupid: 2
Restoreid: 1
Description:
Date: Sun Jun 13 12:38:00 PDT 1993
Result: Success
Reason:
#End Operation
 

The following is sample output from the show backup history command for versions 8.0 and later:

se-10-0-0-0# show backup history
 
aaa# show backup history
#Start Operation
Category: Configuration
Backup Server: ftp://192.1.1.31/backups
Operation: Backup
Backupid: 7
Date: Wed Feb 17 23:19:48 EST 2010
Result: Success
Reason:
Version: 8.0.0.1
#End Operation
 
#Start Operation
Category: Data
Backup Server: ftp://192.1.1.31/backups
Operation: Backup
Backupid: 7
Date: Wed Feb 17 23:19:48 EST 2010
Result: Success
Reason:
Version: 8.0.0.1
#End Operation
 
#Start Operation
Category: HistoricalData
Backup Server: ftp://192.1.1.31/backups
Operation: Backup
Backupid: 7
Date: Wed Feb 17 23:19:49 EST 2010
Result: Success
Reason:
Version: 8.0.0.1
#End Operation
 
#Start Operation
Category: Configuration
Backup Server: ftp://192.1.1.31/backups
Operation: Backup
Backupid: 8
Date: Fri Feb 19 14:36:33 EST 2010
Result: Success
Reason:
Version: 8.0.0.1
#End Operation
 

The following is sample output from the show backup server command:

 
se-10-0-0-0# show backup server
 
Category: Data
Details of last 5 backups
Backupid: 1
Date: Tue Jul 22 10:55:52 PDT 2003
Description:
 
Backupid: 2
Date: Tue Jul 29 18:06:33 PDT 2003
Description:
 
Backupid: 3
Date: Tue Jul 29 19:10:32 PDT 2003
Description:
 
Category: Configuration
Details of last 5 backups
Backupid: 1
Date: Tue Jul 22 10:55:48 PDT 2003
Description:
 
Backupid: 2
Date: Tue Jul 29 18:06:27 PDT 2003
Description:

 

Backupid: 3
Date: Tue Jul 29 19:10:29 PDT 2003
Description:
 
se-10-0-0-0#

Restoring Files

After the backup files are created, you can restore them when needed. Restoring is done in offline mode, which terminates all voice-mail active voice-mail calls and IMAP and VoiceView Express sessions. It does not permit new voice-mail calls (auto attendant calls are permitted) or new IMAP and VoiceView Express sessions. You should consider doing the restore when telephone subscribers are least likely to be on the telephone.

Use the show backup server command to locate the backup ID of the file that you want to restore.

From Cisco Unity Express 9.0.5 Release onwards, if you are using Interactive Voice Response (IVR) applications, and you need to restore Cisco Unity Express 9.0.5 backup on a new Cisco Unity Express 9.0.5, perform the following steps:

1.blank.gif Enable IVR license.

2.blank.gif Restore the backup files. You will be prompted for a reload.

3.blank.gif Register the Cisco Unity Express product instance with the Cisco Smart Software Manager or Smart Software Manager satellite using the license smart register idtoken force CLI command.

If you are not using IVR, you do not need to register the product instance again.

SUMMARY STEPS

1.blank.gif show backup server

2.blank.gif offline

3.blank.gif restore id backupid category { all | configuration | data }

4.blank.gif show backup history

5.blank.gif reload

DETAILED STEPS

Command or Action
Purpose

Step 1

show backup server

 

se-10-0-0-0# show backup server

Lists the data and configuration backup files. Look at the backup ID field for the revision number of the file that you want to restore.

Step 2

offline

 

se-10-0-0-0# offline

Enters offline mode. All active voice-mail calls are terminated.

Step 3

restore id backupid category { all | configuration | data }

 

se-10-0-0-0(offline)# restore id 22 category all

se-10-0-0-0(offline)# restore id 8 category configuration

se-10-0-0-0(offline)# restore id 3 category data

Specifies the backup ID backupid value and the file type to be restored.

Step 4

Choose one of the following:

 

 

show backup history

 

se-10-0-0-0# show backup history

(Cisco Unity Express version 7.2 and earlier) Displays the backup and restore procedures and the success or failure of those attempts.

 

show restore history

 

se-10-0-0-0# show restore history

(Cisco Unity Express version 8.0 and later) Displays the restore procedures and the success or failure of those attempts.

Step 5

reload

 

se-10-0-0-0(offline)# reload

Resets the Cisco Unity Express module so that the restored values take effect.

Example

The following example displays the backup server:

 
se-10-0-0-0# show backup server
 
Category: Data
Details of last 5 backups
Backupid: 1
Date: Tue Jul 22 10:55:52 PDT 2003
Description:
 
Backupid: 2
Date: Tue Jul 29 18:06:33 PDT 2003
Description:
 
Backupid: 3
Date: Tue Jul 29 19:10:32 PDT 2003
Description:
 
Category: Configuration
Details of last 5 backups
Backupid: 1
Date: Tue Jul 22 10:55:48 PDT 2003
Description:
 
Backupid: 2
Date: Tue Jul 29 18:06:27 PDT 2003
Description:

 

Backupid: 3
Date: Tue Jul 29 19:10:29 PDT 2003
Description:
 
se-10-0-0-0#
 

In Cisco Unity Express versions 7.2 and earlier, the restore history is shown using the show backup history command. In Cisco Unity Express versions 8.0 and later, the restore history is shown using the show restore history command (see example below).

The following example shows the restore history for Cisco Unity Express versions 7.2 and earlier:

se-10-0-0-0# show backup history
 
Start Operation
Category: Configuration
Backup Server: ftp://10.100.10.215/CUE_backup
Operation: Backup
Backupid: 1
Restoreid: -1
Description: test backup 1
Date: Sun Jun 13 12:23:38 PDT 1993
Result: Failure
Reason: Script execution failed: /bin/BR_VMConfg_backup.sh: returnvalue:1
; Server Url:ftp://10.100.10.215/CUE_backup: returnvalue:9 Unable to authenticate
#End Operation
 
#Start Operation
Category: Data
Backup Server: ftp://10.100.10.215/CUE_backup
Operation: Backup
Backupid: 1
Restoreid: -1
Description: test backup 1
Date: Sun Jun 13 12:23:44 PDT 1993
Result: Failure
Reason: Script execution failed: /bin/BR_VMData_backup.sh: returnvalue:1
Voicemail Backup failed; Server Url:ftp://10.100.10.215/CUE_backup: returnvalue:9
Unable to authenticate
#End Operation
 
#Start Operation
Category: Configuration
Backup Server: ftp://10.100.10.215/CUE_backup
Operation: Backup
Backupid: 2
Restoreid: -1
Description: CUE test backup
Date: Sun Jun 13 12:32:48 PDT 1993
Result: Success
Reason:
#End Operation
 
#Start Operation
Category: Data
Backup Server: ftp://10.100.10.215/CUE_backup
Operation: Backup
Backupid: 2
Restoreid: -1
Description: CUE test backup
Date: Sun Jun 13 12:32:57 PDT 1993
Result: Success
Reason:
#End Operation
 

The following example shows the restore history for Cisco Unity Express versions 8.0 and later:

se-10-0-0-0# show restore history

 

#Start Operation
Category: Configuration
Backup Server: ftp://10.100.10.215/CUE_backup
Operation: Restore
Backupid: 129
Restoreid: 15
Description: CUE test backup
Date: Sun Jun 13 12:32:48 PDT 1993
Result: Success
Reason:
Version: 8.0.0.1
#End Operation

Copying Configurations

The following Cisco Unity Express EXEC commands are available to copy the startup configuration and running configuration to and from Flash memory, the network FTP server, and the network TFTP server.

Copying from Flash Memory to Another Location

Starting in Cisco Unity Express EXEC mode, use the following command to copy the startup configuration in Flash memory to another location:

copy startup-config {ftp: user-id:password@ftp-server-address/[directory] |
tftp:tftp-server-address} filename

 

Keyword or Argument
Description

ftp: user-id : password @

User ID and password for the FTP server. Include the colon (:) and the at sign (@) in your entry.

ftp-server-address

IP address of the FTP server.

/ directory

(Optional) Directory on the TFTP server where the copied file will reside. If you use it, precede the name with the forward slash (/).

tftp: tftp-server-address

IP address of the TFTP server.

filename

Name of the destination file that will contain the copied startup configuration.

This command is interactive and prompts you for the information. You cannot enter the parameters in one line. The following examples illustrate this process.

In this example, the startup configuration is copied to the FTP server, which requires a user ID and password to transfer files. The IP address of the FTP server is 172.16.231.193. The startup configuration file is saved on the FTP server with the filename start.

se-10-0-0-0# copy startup-config ftp
Address or name of remote host? admin:voice@172.16.231.193
Source filename? start
 

The following example shows the startup configuration copied to the TFTP server, which does not require a user ID and password. The IP address of the TFTP server is 172.16.231.190. The startup configuration is saved in the TFTP directory configs as filename temp_start.

se-10-0-0-0# copy startup-config tftp
Address or name of remote host? 172.16.231.190/configs
Source filename? temp_start

Copying from the Network FTP Server to Another Location

Starting in Cisco Unity Express EXEC mode, use the following command to copy the network FTP server configuration to another location:

copy ftp: {running-config | startup-config} user-id:password@ftp-server-address/[directory] filename

 

Keyword or Argument
Description

running-config

Active configuration in Flash memory.

startup-config

Startup configuration in Flash memory.

user-id : password @

User ID and password for the FTP server. Include the colon (:) and the at sign (@) in your entry.

ftp-server-address

IP address of the FTP server.

/ directory

(Optional) Directory name for retrieving the file. If you use it, precede the name with the forward slash (/).

filename

Name of the source file to be copied.

This command is interactive and prompts you for the information. You cannot enter the parameters in one line. The following example illustrates this process.

In this example, the FTP server requires a user ID and password. The IP address of the FTP server is 10.3.61.16. The file start in the FTP server configs directory is copied to the startup configuration.

se-10-0-0-0# copy ftp: startup-config
!!!WARNING!!! This operation will overwrite your startup configuration.
Do you wish to continue[y]? y
Address or name or remote host? admin:voice@10.3.61.16/configs
Source filename? start

Copying the Flash Running Configuration to Another Location

Starting in Cisco Unity Express EXEC mode, use the following command to copy the running configuration in Flash memory to another location:

copy running-config {ftp: user-id:password@ftp-server-address/[directory] |
startup-config | tftp:tftp-server-address} filename

 

Keyword or Argument
Description

ftp: user-id : password @

User ID and password for the FTP server. Include the colon (:) and the at sign (@) in your entry.

ftp-server-address

IP address of the FTP server.

/ directory

(Optional) Directory on the FTP server where the copied file will reside. If you use it, precede the name with the forward slash (/).

startup-config

Startup configuration in Flash memory.

tftp: tftp-server-address

IP address of the TFTP server.

filename

Name of the destination file that will contain the copied running configuration.
When you copy the running configuration to the startup configuration, enter the command on one line.
 
When you copy to the FTP or TFTP server, this command becomes interactive and prompts you for the information. You cannot enter the parameters in one line. The following example illustrates this process.
 
In the following example, the running configuration is copied to the FTP server, which requires a user ID and password. The IP address of the FTP server is 172.16.231.193. The running configuration is copied to the configs directory as file saved_start.
 
se-10-0-0-0# copy running-config ftp:
Address or name of remote host? admin:voice@172.16.231.193/configs
Source filename? saved_start
 
In the following example, the running configuration is copied to the startup configuration as file start. In this instance, enter the command on a single line.
 
se-10-0-0-0# copy running-config startup-config start

Copying the Network TFTP Configuration to Another Location

Starting in Cisco Unity Express EXEC mode, use the following command to copy the network TFTP configuration to another location:

copy tftp: {running-config | startup-config} tftp-server-address/[directory] filename

 

Keyword or Argument
Description

running-config

Active configuration in Flash memory.

startup-config

Startup configuration in Flash memory.

tftp-server-address

IP address of the TFTP server.

/ directory

(Optional) Directory on the TFTP server where the copied file will reside. If you use it, precede the name with the forward slash (/).

filename

Name of the source file to be copied.

This command is interactive and prompts you for the information. You cannot enter the parameters in one line. The following example illustrates this process.

In this example, the TFTP server has IP address 10.3.61.16. The file start in directory configs on the TFTP server is copied to the startup configuration.

se-10-0-0-0# copy tftp: startup-config
!!!WARNING!!! This operation will overwrite your startup configuration.
Do you wish to continue[y]? y
Address or name of remote host? 10.3.61.16/configs
Source filename? start

Restoring Factory Default Values

Cisco Unity Express provides a command to restore the factory default values for the entire system. Restoring the system to the factory defaults erases the current configuration. This function is available in offline mode.

caut.gif
Caution blank.gif This operation is irreversible. All data and configuration files are erased. Use this feature with caution. We recommend that you do a full system backup before proceeding with this feature.

When the system is clean, the administrator sees a message that the system will reload, and the system begins to reload. When the reload is complete, the system prompts the administrator to go through the postinstallation process.

When logging in to the graphical user interface (GUI), the administrator has the option to run the initialization wizard.

Perform the following steps to reset the system to Cisco Unity Express factory default values.

Step 1blank.gif se-10-0-0-0# offline

This command puts the system into offline mode.

Step 2blank.gif (offline)# restore factory default

This operation will cause all the configuration and data on the system to be erased. This operation is not reversible. Do you wish to continue? (n)
 

Step 3blank.gif Do one of the following:

  • Enter n if want to retain the system configuration and data.

The operation is cancelled, but the system remains in offline mode. To return to online mode, enter continue.

  • Enter y if you want to erase the system configuration and data.

When the system is clean, a message appears indicating that the system will start to reload. When the reload is complete, a prompt appears to start the postinstallation process.

 

Backup and Restore Using SFTP

This section discusses the following topics:

Overview

Starting in release 3.0, you can transfer files from any Cisco Unity Express application to and from the backup server using Secure File Transfer Protocol (SFTP). SFTP provides data integrity and confidentiality that is not provided by FTP.

Because SFTP is based on Secure Shell tunnel version 2 (SSHv2), only SSHv2 servers are supported for this feature.

To run backup and restore over SFTP, you must configure the URL of the backup server in the form of sftp:// hostname / dir, and also the username and password to login to the server. The backup server must have an SSH daemon running with the SFTP subsystem enabled. The SSH protocol allows various user authentication schemes. In Version 3.2, however, only password authentication is supported.

Configuring Backup and Restore Using SFTP

Prerequisites

Cisco Unity Express 3.0 or a later version

Required Data for This Procedure

There is no data required.

SUMMARY STEPS

1.blank.gif config t

2.blank.gif backup { revisions number | server url sftp-url username sftp-username password sftp-password }

3.blank.gif end

DETAILED STEPS

 

Command or Action
Purpose

Step 1

config t

 

se-10-0-0-0# config t

Enters configuration mode.

Step 2

backup { revisions number | server url sftp-url username sftp-username password sftp-password }

 
se-10-0-0-0(config)# backup server url sftp://branch/vmbackups username admin password mainserver

Performs a backup to the specified SFTP or FTP server. To use SFTP, the URL must be of the form sftp:// hostname / directory.

Step 3

end

 

se-10-0-0-0(config)# end

Returns to privileged EXEC mode.

Backup Server Authentication Using a SSH Host Key

This section discusses the following topics:

Overview

Starting in release 3.0, you can authenticate the backup server using the SSH protocol before starting a backup/restore operation. The SSH protocol uses public key cryptography for server authentication.

This feature provides two methods of authenticating a server:

  • Establishing a secure connection based only on the URL of a trusted backup server.
  • Obtaining the fingerprint of the backup server and using it to establish a secure connection. This fingerprint is also known as the host key or private key.

The first method is easier than the second method, but it is less secure because it does not depend on you knowing the backup server’s private host key. However, if you know the URL of a trusted backup server, it is generally safe. In this case, the backup server securely provides the client with its private host key.

In both cases, when server authentication is enabled, the system validates the SSH server’s private host key by comparing the fingerprint of the key received from the server with a preconfigured string. If the two fingerprints do not match, the SSH handshake fails, and the backup/restore operation does not occur.

You cannot use the GUI to configure this feature; you must use the CLI.

Both methods are explained in the following sections.

Configuring Backup Server Authentication Without Using the SSH Host Key

Prerequisites

Cisco Unity Express 3.0 or a later version

Required Data for This Procedure

To enable SSH authentication of a backup server without knowing the server’s fingerprint (private host key), you must know the URL of a trusted backup server.

SUMMARY STEPS

1.blank.gif config t

2.blank.gif backup server url sftp:// url

3.blank.gif backup server authenticate

4.blank.gif end

5.blank.gif show security ssh known-hosts

DETAILED STEPS

 

Command or Action
Purpose

Step 1

config t

 

se-10-0-0-0# config t

Enters configuration mode.

Step 2

backup server url sftp:// url

 
se-10-0-0-0(config)# backup server url sftp://company.com/server22

Establishes an initial connection with the backup server.

Step 3

backup server authenticate

 
se-10-0-0-0(config)# backup server authenticate

Retrieves the fingerprint of the backup server’s host key and establishes a secure SSH connection.

Step 4

end

 

se-10-0-0-0(config)# end

Returns to privileged EXEC mode.

Step 5

show security ssh known-hosts

 
se-10-0-0-0(config)# show security ssh known-hosts

Displays a list of configured SSH servers and their fingerprints.

Configuring Backup Server Authentication Using the SSH Host Key

Prerequisites

Cisco Unity Express 3.0 or a later version

Required Data for This Procedure

To use a backup server’s fingerprint (private host key) to enable SSH authentication, you must first retrieve the fingerprint “out-of-band” by running the ssh-keygen routine on the backup server. This routine is included in the OpenSSH package. The following example shows the command and its output:

ssh-keygen -l -f /etc/ssh/ssh_host_dsa_key.pub

1024 4d:5c:be:1d:93:7b:7c:da:56:83:e0:02:ba:ee:37:c1 /etc/ssh/ssh_host_dsa_key.pub

SUMMARY STEPS

1.blank.gif config t

2.blank.gif security ssh known-hosts host {ssh-rsa | ssh-dsa} fingerprint-string

3.blank.gif end

4.blank.gif show security ssh known-hosts

DETAILED STEPS

 

Command or Action
Purpose

Step 1

config t

 

se-10-0-0-0# config t

Enters configuration mode.

Step 2

security ssh known-hosts host {ssh-rsa | ssh-dsa} fingerprint-string

 
se-10-0-0-0(config)# security ssh known-hosts server.cisco.com ssh-rsa a5:3a:12:6d:e9:48:a3:34:be:8f:ee:50:30:e5:e6:c3

Configures the MD5 fingerprint of the SSH server’s host key using the following arguments and keywords:

host — Fully qualified hostname or IP address of the SSH server.

ssh-rsa — RSA algorithm was used to create this fingerprint for a SSH server’s host key.

ssh-dsa — DSA algorithm was used to create this fingerprint for a SSH server’s host key.

fingerprint-string — MD5 fingerprint string.

Step 3

end

 

se-10-0-0-0(config)# end

Returns to privileged EXEC mode.

Step 4

show security ssh known-hosts

 
se-10-0-0-0(config)# show security ssh known-hosts

Displays a list of configured SSH servers and their fingerprints.

Encrypting and Signing of Backup Content on the Server

This section discusses the following topics:

Overview

Starting in release 3.0, you can protect backed up configuration and data files using signing and encryption before the files are transferred to the backup server.

To enable this feature, you must configure a master key, from which the encryption and signing key (known as the session key) are derived. The backup files are encrypted and signed before they are sent to the backup server. When you restore the files, the master key is used to validate the integrity of the files and decrypt them accordingly. You can also restore the backup files to any other machine running Cisco Unity Express 3.1 or later versions, if you configure the same master key before you begin the restore process. To make it easier to automate a scheduled backup, the master key is stored securely on the hosting device. It is not included in the backup content.

During the restore process, if the system detects that backup content has been tampered with, the restore process aborts. The system also halts and waits for the administrator to take some action, such as restoring using a different revision.

For backward compatibility, you can allow unsigned backup files to be restored if the risk is acceptable.

Configuring the Encryption and Signing of Backup Content on the Server

Prerequisites

Cisco Unity Express 3.0 or a later version

Required Data for This Procedure

There is no data required.

SUMMARY STEPS

1.blank.gif config t

2.blank.gif backup security key generate

3.blank.gif backup security protected

4.blank.gif backup security enforced

5.blank.gif end

DETAILED STEPS

 

Command or Action
Purpose

Step 1

config t

 

se-10-0-0-0# config t

Enters configuration mode.

Step 2

backup security key generate

 
se-10-0-0-0(config)# backup security key generate

Creates the master key used for encrypting and signing the backup files.

Step 3

backup security protected

 
se-10-0-0-0(config)# backup security protected

Enables secure mode for backups. In secure mode, all backup files are protected using encryption and a signature.

Step 4

backup security enforced

 
se-10-0-0-0(config)# backup security enforced

Specifies that only protected and untampered backup files are restored.

Step 5

end

 

se-10-0-0-0(config)# end

Returns to privileged EXEC mode.

Encrypting PINs in Backup Files

Before release 3.0, PINs were stored as clear text in LDAP and were therefore visible in the backup file. This is because user PINs are stored in LDAP, which is backed up in LDIF format. This feature applies SHA-1 hash encryption to PINs before storing them in the LDAP database. As a result, when a user logs in to voice mail, the PIN they submit is hashed and compared to the PIN attribute retrieved from LDAP directory.

To migrate from an earlier version, you must convert from a clear PIN to a hashed PIN in the LDAP directory. This conversion is typically done right after a system upgrade from an earlier version or after a restore operation from an old backup. At his point, the clear PIN is removed from the database and replaced with the encrypted PIN.

Because encryption using SHA-1 is not reversible, after the conversion is complete, you cannot disable or turn off this feature to restore the encrypted PIN to its clear form.

note.gif

Noteblank.gif This feature does not require any configuration using the GUI or CLI.

Configuring Scheduled Backup Jobs

Beginning in release 7.1, you can configure one-time or recurring backup jobs.

For recurring backup jobs, you can configure the jobs to repeat:

  • Every N days at a specific time
  • Every N weeks on a specific day and time
  • Every N months on a specific day of the month and time
  • Every N years on a specific month

You can configure up to five repetitive scheduled backup jobs and five one-time scheduled backup jobs.

Whenever a backup job (or any scheduled activity) is started and in progress, any other activities that are scheduled to start at this time, are put in queue to wait for the first activity to finish. The maximum size of the queue is nine activities.

You cannot delete individual instances of a recurring scheduled backup schedule; you can only delete the entire series of backup jobs. However, you can enable forever a given scheduled action by configuring start and end dates for the action to specify when the action is active. You can also suspend a scheduled action indefinitely by not specifying an expiration date for the action.

Immediate backup requests are always given precedence over scheduled backup jobs. If the scheduled backup is configured to start at the same time as an immediate backup, the scheduled backup job is queued and the system waits for the immediate backup to finish before it attempts to start the scheduled backup job.

Prerequisites

Cisco Unity Express 7.1 or a later version

SUMMARY STEPS

1.blank.gif backup schedul e [ name ]

2.blank.gif repeat every { number days at time |number weeks on day | number months on day date | number years on month month } at time

note.gif

Note Instead of the repeat every command, you can optionally use one of the following commands:

  • repeat once at time
  • repeat daily at time
  • repeat monthly on day date at time
  • repeat weekly on day at time
  • repeat yearly on month month at time

 

3.blank.gif start-date date

4.blank.gif stop-date date

5.blank.gif disabled from date to date

6.blank.gif backup categories [ all ] [ configuration ] [ data ] [ HistoricalData ] [ TimeCardView ]

7.blank.gif end

8.blank.gif show backup schedules or show schedules

9.blank.gif show backup schedule detail job job-name or show schedule detail job job-name

DETAILED STEPS

 

Command or Action
Purpose

Step 1

backup schedule [ name ]

 

se-10-0-0-0# backup schedule 22

Enters backup schedule configuration submode to enable you to configure a scheduled backup job.

Step 2

repeat every { number days | number weeks on day | number months on day date | number years on month month } at time time

 

se-10-0-0-0(backup-schedule)# repeat every 2 days at time 10:00

Specifies how often a recurring scheduled backup occurs. To configure a one-time backup job, use the repeat once command. You can also optionally use one of the other repeat commands listed in the previous note.

Step 3

start-date date

 

se-10-0-0-0(backup-schedule)# start-date 05/30/2009

Specifies the start date for the recurring scheduled backup to occur.

Step 4

stop-date date

 

se-10-0-0-0(backup-schedule)# stop-date 10/20/2009

Specifies the stop date for the recurring scheduled backup to occur.

Step 5

disabled from date to date

 

se-10-0-0-0(backup-schedule)# disabled from 10/02/2009 to 10/06/2009

Specifies a time period that the recurring scheduled backup jobs are disabled.

Step 6

backup categories [ all ] [ configuration ] [ data ] [ HistoricalData ] [ TimeCardView ]

 

se-10-0-0-0(backup-schedule)# backup categories configuration

Specifies which categories of data to backup.

Step 7

end

 

se-10-0-0-0(backup-schedule)# end

Exits to privileged EXEC mode.

Step 8

show schedules

or show backup schedules

 
se-10-0-0-0# show schedules

(Optional) Displays all recurring scheduled events or all scheduled backup jobs configured on the local system.

Step 9

show schedule detail job job-name

or show backup schedule detail job job-name

 
se-10-0-0-0# show schedule detail job job-22

(Optional) Displays the details of the specified recurring scheduled event or backup job.

Examples

The following is sample output from the show backup schedules command:

se-10-0-0-0# show backup schedules
 
Name Schedule Next Run Description Categories
A22 NOT SET NEVER
backup1000 Every 1 days at 12:34 Jun 25, 2002 12:34 Data
Total: 2
 
 

The following is sample output from the show schedules command:

se-10-0-0-0# show schedules
 
Name Schedule Next Run Description Categories
A22 NOT SET NEVER
backup1000 Every 1 days at 12:34 Jun 25, 2002 12:34 Data
Total: 2
 
 

The following is sample output from the show backup schedule detail job command:

se-10-0-0-0# show backup schedule detail job job-8
 
Name job-8
Description main backup
Categories TimeCardView Configuration Data HistoricalData
Schedule Daily at 06:00
Last Run Jan 1, 2009 at 6:00
Last Result Success
Next Run Jan 2, 2009 at 6:00
Active from Jan 01, 2000 until Dec 31, 2009
 

The following is sample output from the show schedule detail job command:

se-10-0-0-0# show schedule detail job job-8
 
Job Name job-8
Application backup
Description main backup
Schedule Daily at 06:00
Last Run 5 hours 59 seconds ago
Next Run in 18 hours 1 seconds
Active from Jun 25, 2002 until INDEFINITE
 

Disabling or Reenabling All Scheduled Backups

Beginning in Cisco Unity Express 8.0, you can disable or reenable all scheduled backups with a single command.

Prerequisites

Cisco Unity Express 8.0 or a later version

SUMMARY STEPS

1.blank.gif backup schedule disable all from date to date

2.blank.gif no backup schedule disable all

DETAILED STEPS

Command or Action
Purpose

Step 1

backup schedule disable all from date to date

 

se-10-0-0-0# backup schedule disable all from 07/06/2010 to 07/08/2010

Disables all scheduled backups for a specified period. Dates are entered in MM/DD/YYYY format.

Step 2

no backup schedule disable all

Reenables all the scheduled backups that were disabled with the previous command.

Configuring Scheduled Backup Notification

Beginning in Cisco Unity Express 8.0, you can configure the system to notify specific users about the status of a scheduled backup.

Prerequisites

Cisco Unity Express 8.0 or a later version

SUMMARY STEPS

1.blank.gif backup schedul e [ name name ]

2.blank.gif backup notification on { success | failure | always } { voicemail user_id | email email_address | epage epage_address }

3.blank.gif end

4.blank.gif show backup schedule detail job job-name

DETAILED STEPS

Command or Action
Purpose

Step 1

backup schedule [ name name ]

 

se-10-0-0-0# backup schedule name 22

Enters backup schedule configuration mode to enable you to configure a scheduled backup job.

Step 2

backup notification on { success | failure | always } { voicemail user_id | email email_address | epage epage_address }

 
se-10-0-0-0(backup schedule)# backup notification on always email aaa@cisco.com
se-10-0-0-0(backup schedule)# backup notification on failure email bbb@cisco.com
se-10-0-0-0(backup schedule)# backup notification always pager email2@com
se-10-0-0-0(backup schedule)# backup notification always voicemail admin

Configures the system to notify users about the scheduled backup status. You can enter this command multiple times to configure different notification targets. You can configure up to three notification targets for each target type: voicemail, email, or epage.

Step 3

end

 

se-10-0-0-0(backup-schedule)# end

Exits to privileged EXEC mode.

Step 4

show backup schedule detail job job-name

 
se-10-0-0-0# show backup schedule detail job job-22

(Optional) Displays the details of the specified recurring scheduled backup job.