As an administrator of network devices, keeping full backups is important for being able to recover from hardware failure. With F5 devices, backups come in the form of UCS files which is an archive that contains all configurations and SSL certificates. With a UCS file, you can take a replacement device, upload a UCS file and then bring it back into the cluster fully operational.
Unfortunately, there is not an out of the box method built into the F5 devices that will do these backups automatically. F5 does have a product for this called Enterprise Manager, but many small to medium businesses wouldn’t be willing to pay the cost for it. In the past when I was faced with this challenge, I made a bash script that centralized backups on a Linux server. Now, even though I am at a company that has Enterprise Manager, I was still eager to build a more robust backup application. So for the past 6 months, I have been putting some of my daily 1.5 hour public transportation commute into doing so.
The Config Backup Program for F5
The backup program performs a daily download of UCS file from F5 devices but only if the configuration has changed. The program is based on a core Perl script that does the backups and a PHP web UI that can be used to retrieve UCS files and check logs.
Some of the features the back program has –
- Easy to setup with a simple config file and device list
- Only downloads archive files when configs have changed
- Configurable archive size automatically deletes old archive files and logs
For installation you will need to have some basic Linux administration skills. The installation is driven by interactive scripts. Due to the many different Linux distros there is some manual work such as installing dependencies such as Perl modules, SQLite, Apache, PHP, etc and configuration of selinux, iptables and the like.
The backup program project is hosted on Sourceforge where you will find the software packages, documentation, support forums and also a Git repository of the code.
Here are some screenshots from the Config Backup program.
Login page –
Device view with UCS files –
Backup job view –
The program will still have more features to come in the future. Here are some of the major features I am planning on adding –
• Interface with the F5s using iControl rather than SSH
• Create a Virtual Appliance so that no Linux skills are required
• Certificate monitoring to track and alert cert expiration