Feature Request: Config dump of IoT devices / core network devices

[rubeng]

Hi,

We have an emerging need of backing up network devices for customers, primarily switches. It would be better to use a backup software like Veeam Agent etc to connect to multiple switches through SSH etc to back up the config and upload to a Cloud Repository. This would be much better than using a third party tftp solution. Seems like it should be easy to implement this feature.

We are constantly being in situations were we take over an existing network infrastructure with a ton of different switches with little to no monitoring or backup of these devices. We would implement this as a recurring revenue product for our customer, so this would generate more Veeam points.


Is there any support for this now, or on any roadmap?


Thanks.

[HannesK]

Hello,
as backing up switches might be also interesting for normal customers, I moved your question to the public forums.

just to clarify: we should do something like "show running config" and pipe the output somehow to object storage / cloud connect?

question 1: which vendors / series of models do you use?
question 2: per default, I remember switches uploading directly to tftp. I cannot imagine management ports of switches having internet access (security reasons). so a tunneling through a Veeam component with internet access would be needed. do you agree?
question 3: Implementing a Veeam Agent for Cisco Catalyt / Nexus, HPE procurve, etc. sounds unrealistic to me. is your idea that the backup server connects via SSH and runs backup commands?

Best regards,
Hannes

[rubeng]

Hi Hannes,

You are correct, "show running config" and just export the results would go a long way. This way we would secure the configs together with the rest of the important backups, and also you can get better versioning system and a good status report of the backup.

1. We primarily use Cisco switches, and Palo Alto firewalls.

2. Yes, I was thinking of maybe a Veeam Agent / Proxy on the customers local network would work in our scenario. We usually have some kind of mpls or ipsec connection to the customers site, so we always have access to the management of the switches if the customer doesn't have a dedicated device to run the Veeam agent on.

3. Yes correct, if an agent can connect with SSH, that would be of great help. Usually all our customers that would have this solution have some kind of on premise backup need, either servers or computers. So they would have a running Veeam Agent or VBR installation on a device already.

[tsightler]

Interesting request, usually this type of backup is part of a Network Configuration Management tools, which themselves are usually subsets of network monitoring, but I'm not aware of any traditional backup tools that also include network configuration backup, although I can see how it might be nice, especially for customers that don't have existing network management tools with this capability. However, if you're looking for standalone network configuration backup right now, there are some really great tools out there from OSS tools that require a little elbow grease, to some pretty polished commercial tools:

1) RANCID -- This is an oldie but a goodie. I've used RANCID for probably 20 years at this point to backup my Cisco configs and keep diff's of configuration changes to show history of changes via storing them in CVS (modern versions also support Git). It's very much a command line tool, but it's free, and supports a lot of networking gear these days and was invaluable when I was responsible for managing a global network back in the day. It continues to be updated and maintained and comes with many Linux distros.

2) Oxidized -- This is a billed as a modernized replacement for RANCID. I haven't personally used it, but I know people who do and really like it. I do think it's maintainer has struggled to keep up with it over the last few years and updates have seemed to slow down, but it supports tons of devices today and there's plugins to fit it into other free tools like LibreNMS.

3) Restorepoint -- This is a commercial solution with a nice web GUI and even provides a multi-tenant model for service providers. I have no idea how much it costs, but I've heard excellent things about it from a few customers.

There are of course more than the one's above, most NMS have some capability here, I just wanted to share a few tools I've seen in use at customers in case they are useful for you as well since it's not something we cover within the Veeam product suite today. This is not a recommendation or endorsement of those specific tools, just a note to provide awareness that such tools exist.

[jim.lowry]

Would it be possible to offload the various config files to a file share? then do a Veeam backup job? either VBR/Agent based image/disk backup or a NAS backup job of a file share? It's a workaround, but I don't think it'd be a hard one to implement while waiting for any movement on our side to review/design/implement the feature request.

I do like the feature request though. It seems like a pretty nice angle to go after as a backup vendor strategy. Especially if no one else in the backup space is doing it. Who wouldn't benefit from an offsite config backup of core infrastructure components, right?! Especially when the sizes would be relatively small .txt files for most configs.

[Regnor]

While it would be a great addition, I think because of the many different vendors and command syntax this feature would probably never be complete; except when you specialize on it like the tools Tom has mentioned.

At the moment we process such configuration backups in two steps, just like Jim is suggesting. So the backup is somehow created and placed in a location where Veeam can process them later on.
In one environment scheduled Tera Term Macros are used for that task.

What I could see as useful in Veeam, would be the possibility to schedule scripts from the GUI, just like a backup job. That way you could use your customized scripts, but have full visibility in Veeam.

[jim.lowry]

@Regnor - that script idea is a brilliant one! That's a great way to think outside the box and accomplish the goal without any major headaches from creating an interface and feature set from the ground up. Using a script to call network equipment over RSH commands, wait for logs/configs to be returned and printed into text formats, then backup that machine and/or specific files. You could do that now with the tools you suggested or via customized scripts, but integrating a script running as part of a Veeam scheduled backup job is brilliant!

Granted I'm not good at all with scripting or software development, but that seems like something that would be infinitely easier to implement into VBR/VCC.

Thinking out loud, is that something we can do now with the application consistent customer scripts for pre-freeze and post-thaw? Again, grain of salt here. I'm way outside my wheelhouse for product development and custom scripting options that an IT administrator would use.

[PTide]

Thinking out loud, is that something we can do now with the application consistent customer scripts for pre-freeze and post-thaw?

Yes. You could probably use pre/post-job scripts for that purpose too.

Thanks!

[Regnor]

Thanks for your feedback Jim. I haven't done it before, but I think it should work with the pre/post scripts as PTide wrote.
In addition you could let the Script create logs directly in the Veeam job: https://horstmann.in/log-your-errors-di ... veeam-job/