Backup configuration through SSH


#1

Dear Support,

It would be great if we had the possibility of getting the backup configuration through SSH. This request was asked in the past but nothing was done so far. Please let us know if you have any plans for this.

Thanks,

Charris Lappas


#2

Hi Charris,

We encourage user to use Web Admin which is more simple and easier. Anyway if anyone look for this feature, feel free to comment.

Thank you.


#3

I would like to be able to back up over SSH/SCP, because that would be easier to automate.


#4

Hi to all!
The WebGui backup is easy, yes. However we have many units in the field and our estate is growing. Manual GUI based backup of every device is simply not a scaleable solution for more than a small number of devices.
We do use InControl2, which backs up the config whenever it is changed. That is a start. What is missing is the ability to view the differences between each configuration file and to set a repeating time of day for when the backup is made. Also, much more important, we very seriously require a means to deploy preconfiguration templates for provisioning of new devices.
There exists an ietf standard for reading and applying configuration on devices which is mature and already built (so, no need to spend a great deal of effort on building a new solution). Please see https://tools.ietf.org/html/rfc6241. It is secure, robust, fully-capable, and could be adopted/integrated into InControl2.

Many thanks for your time,
Dana Konkin


#5

Periodical backup is not necessary. IC2 automatically backs up whenever a configuration change is made. It keeps the latest 100 copies for each day and it keeps the latest 10 days with changes.

Sorry, we currently do not have a way to compare and describe the differences between two configuration files.

IC2 currently has an undocumented feature for cloning a configuration of a master device to the rest devices of the same product in the same group. Dana, I will email you the details.

Thanks for letting us know about the rfc. We have already implemented a secure, NAT-traverse-able, extensible and efficient management protocol which Peplink/Pepwave products work best with.


#6

Thanks Michael, I appreciate that IC2 has interesting features, and like any product is a work in progress. But if IC2 provided the flexibility of either RFC-6241 or TR-069 then I would not be asking. Actually, even if you provided SSH (or even Telnet) it would be enormously useful because your customers could create their own system that meets our individual requirements.
As it stands there is simply no way to:

  1. Automate provisioning.
  2. Schedule configuration backups.

Re Configuration Clone:
You still need to manually enter any delta’s (interface IPs, VLANs, DHCP, SSID, WPA security, hostname, SF VPN keys, SFVPN tunnel endpoint IP, SFVPN name, interface descriptions, FW policy, SFVPN Outbound policy - just to name few).
So configuration cloning still results in a device that needs manual configuration, and there is very little use with that for provisioning new devices.

Would it be possible to be given a roadmap for the delivery of new IC2 capabilities?

Cheers,
Dana


#7

Let me break your requirements into two parts: config file back up and automated provisioning.

For config file back up, as we will provide a RESTful API to retrieve the IC2-backed-up configuration of each device by the end of this month, it is equivalent to downloading configuration files from devices directly. So I believe we should have addressed this request.

For provisioning, could you elaborate more about your real-life requirements? How many devices your setup will involve? What exactly the goal you want to achieve? Thanks in advance for your inputs.


#8

HI Michael,

And thanks for your answer regarding the config backup API. It sounds good.
The following is what we need to achieve, and an overview of the configuration requirements. I tried to make about as brief of an explanation as possible.

When we provision a Peplink device for any customer the person doing the configuration manually uses information from a base template plus our IPAM database and another customer specific database.

  1. He starts from a baseline template; which is based upon the device model we are deploying along with some parts of the config which are fairly static. A few examples would be DNS, SNMP config, SSH/HTTP/HTTPS TCP ports. These variable may change in the future, but as I mentioned they are relatively consistent and are a very small part of the total configuration.

  2. From our IPAM; He retrieves input for variables like hostname, interface description, PepVPN profile name, IPv4 address, VLAN ID, and others.

  3. From a database containing variables for other customer specific info; managment authentication, wireless configurations, other WAN or LAN specific configs (eg PPPoE configs or static routes if needed), firewall policy, and others.

We are ready now to automate the process of taking the variables from our systems: automatically creating a unique configuration file to provision any new customer service that is requested (From our perspective the file could be ascii, csv, xml - whatever).

An API that allows us to send/upoload each unique self-generated clear-text config file to the Peplink would be excellent. An SSH session that allows us to script a “copy and paste” would also work despite being less efficient.

We want to be able to provision Peplink 30, Peplink 310, Peplink 380, Peplink 580, BR1, BR1 LTE, Max HD2, Max HD2 LTE, Max HD4, Max HD4 LTE, and future models on 6.1.x, 6.2.x, and future firmware.

The most effective approach for our business (and other network operators) is if we could have some interface to the devices that enables us to upload and change device configurations as we require - but without any mouse clicks.

Many thanks,
Dana Konkin


#9

Thanks for your detailed explanations. The Balance/MAX and InControl team will review what is the best way to fulfill your requirements.

Thanks for your feature request!