0

NSS Configuration Backup and Restore

There are several ways to download configuration backups in NSS, including through the GUI and API. Both methods support either a full backup or individual table backups as desired by the administrator.

The recommended best practice is to perform a daily backup of the full configuration and the authorizedANI table. An individual table backup can be helpful for auditing changes between two different backups and also for restoring a specific table instead of the entire system configuration.

Configuration backups encompass all configuration elements except for Advanced Config Files.

For a full backup, you can access the system full backup option under System > Advanced: "Configuration Backup and Restore" in the GUI. Simply click on "Export" and provide a description for the backup. The description can be useful when restoring a backup later.

Each table that can be backed up has an Export icon associated with it.

Table downloads are supported using the "download" action with the GET HTTP METHOD.

Full backup:

curl -u $user:$pass -X GET -k file.xml https://$SERVER_IP:8888/ROME/webresources/nss/download/systemConfiguration

Table backup:

curl -u $user:$pass -X GET -k file.xml
            https://$SERVER_IP:8888/ROME/webresources/nss/download/$table?format=$filecontent

Please note that all variables starting with $ will need to be replaced.

Tables:

  • Switches > Switches (switchProxy)
  • Switches > SMC Data File (smcDataFile)
  • STI-AS > Policies (authorizedANI)
  • STI-AS > Key Store Confiuration (stiKeystore)
  • STI-AS > Switches (stiSwitchKeyMap)
  • STI-VS > Verify DNIS (verifyDNIS)
  • System > Advanced: Backup  (systemConfiguration)

To restore a full configuration backup using the GUI, follow these steps:

  • Browse to System > Advanced.
  • Import the backup file.
  • Select the backup file and click on Start. 
  • When prompted, select "Activate." 
  • Activation will restart the system, and a new login will be required.

Currently, full backup restoration is only supported via the GUI. This ensures that a full backup will only be used during emergencies and confirms that it is an intended action rather than an accidental one.

The "replace" action is recommended when restoring a table backup file. This action deletes the existing entries and inserts the entries from the uploaded file. Here are some examples:

curl -u $user:$pass -X POST -k file.xml
            https://$SERVER_IP:8888/ROME/webresources/nss/replace/$table?format=$filecontent

All variables starting with $ will need to be replaced.

Tables:

  • Switches > Switches (switchProxy)
  • Switches > SMC Data File (smcDataFile)
  • STI-AS > Policies (authorizedANI)
  • STI-AS > Key Store Confiuration (stiKeystore)
  • STI-AS > Switches (stiSwitchKeyMap)
  • STI-VS > Verify DNIS (verifyDNIS)

Alternatively you can delete and insert except you will need to have the current table at hand to perform the delete.

2 replies

null
    • ken
    • 1 yr ago
    • Reported - view

    On my version of curl (7.81.0 - Ubuntu), before file.xml, a "--output" option is required, if the intent of that parameter is to specify the output file from the GET.

    YMMV

      • ken
      • 1 yr ago
      • Reported - view

      KM This is for the API backup commands. For example:

      curl -u $user:$pass -X GET -k --output file.xml https://$SERVER_IP:8888/ROME/webresources/nss/download/systemConfiguration