Cisco Systems OL-13877-01 User Manual
CHAP T E R
11
Miscellaneous Administrative Tasks
This chapter describes various system maintenance and setup tasks you may need to perform. It covers
these tasks:
• Obtaining Version Information, page 11-59
• Creating Appliance User Accounts, page 11-60
• Backing Up and Restoring the System, page 11-61
• Applying an Update, page 11-63
• Configuring Serial Console Boot Control, page 11-64
• Recovering from Low Disk Space, page 11-65
• Recovering System Passwords, page 11-66
• Changing the MTA Postmaster Address, page 11-68
Obtaining Version Information
Every ACE XML appliance has a version number that identifies the appliance’s software with a
particular release. This information is often required when contacting Cisco support or to ensure that all
appliances in a cluster are running the same software version.
To obtain version information from the ACE XML appliance:
Step 1 Log into the appliance shell as the root user.
Step 2 In the Main Menu, choose the Advanced Options menu item.
The Advanced Options menu appears.
Step 3 Choose the Version Information menu item.
The release identifier string appears as a banner at the top of the screen. In the center of the screen, the
appliance displays version numbers of the currently-installed Gateway software, operating system
kernel, Tarari XML coprocessor card firmware (this option information refers to a hardware add-on
option that is no longer available), and nForce hardware keystore card firmware.
OL-13877-01
Cisco ACE XML Gateway Administration Guide
11-59
Creating Appliance User Accounts
Creating Appliance User Accounts
There are several types of user accounts in the system. Manager user accounts provide access to the ACE
XML Manager web console interface.
Another type of user account is used for accessing the ACE XML appliance command-line environment.
These accounts, called operating system accounts, enable access to terminal sessions on the appliance,
whether locally using a console connected to the appliance or remotely using secure shell (SSH).
Each ACE XML appliance includes the built-in
performing operations on the ACE XML appliance. For security purposes, it is essential that access to
the
root account is controlled carefully. You can create additional login accounts to allocate limited
administrative privileges to the appliance. User accounts also make it easier to audit configuration
changes.
There are two types of user accounts for the appliance:
• Developer users access the appliance to install SDK extension
• Operator users access the appliance to roll and retrieve log files
Notice that the privileges in either case are very restrictive. For example, the menu-driven Shell interface
is not available for either type of user. In both cases, they are restricted to the tasks listed.
To create a new login account on the ACE XML appliance:
Chapter 11 Miscellaneous Administrative Tasks
root account. The root user has broad privileges for
Step 1 Log into the appliance shell as the root user.
Step 2 In the Main Menu, choose the Advanced Options item.
Step 3 Choose the Run Bash option on the Advanced Options page.
Step 4 At the bash prompt, create one of the two user types as follows:
• To create an operator user, enter the following command:
reactivity-operator-add
“[description]”
[username]
where:
–
[username]
–
[description]
• To create a developer user, enter the following command:
reactivity-developer-add
“[description]”
is the login name of the new operator user.
is a brief description of the account's purpose.
[username]
where:
–
[username]
–
[description]
is the login name of the new user.
is a brief description of the account.
Be sure to enclose the description with the double-quote character (") to ensure that the shell reads it
correctly.
Step 5 Enter a password for the new account. When prompted, confirm the password by entering it again.
11-60
The new user can now log in to the shell interface.
Step 6 Type exit to return to the administration menu.
Cisco ACE XML Gateway Administration Guide
OL-13877-01
Chapter 11 Miscellaneous Administrative Tasks
Backing Up and Restoring the System
Working policies are extremely valuable documents, often the result of many hours of planning and
configuration. They also contain important and sensitive information about your network. You should
treat them with the same care that you use with any other sensitive, mission-critical data, including
having a backup and disaster recovery plan.
There are two approaches to backing up a system:
• By archiving individual policies and storing them offline. This captures policy changes made in the
Manager interface, but excludes configuration settings made on the appliance directly.
• By backing up the state of the appliance with the backup command. This produces an archive file
that contains the system state of the appliance, including configuration settings, policy, log files, and
so on.
Most people will choose to do both, storing individual policies as needed, and maintaining a regular
schedule of system backups. Archiving individual policies can be accomplished from the ACE XML
Manager web console. (For instructions on doing so, see the chapter “Exporting a Policy to a File” in
the Cisco ACE XML Gateway User Guide.) This section describes how to back up the entire system.
To back up a system or restore an appliance based on a previously saved backup, use the backup
command on the appliance. The backup command is available on both Gateway systems and the
Manager.
Backing Up and Restoring the System
When you run the command, it examines the files on the appliance for any differences to the original
state, excluding those that are runtime-process-oriented. This information is written to an archive file,
which you can move to an appropriate storage medium for backup or recovery purposes.
Backing Up a System
The backup utility makes it possible to restore a system to a previously captured state. It saves the state
of an appliance by recognizing changes that have been made to the system from its initial state and saving
those changes to an archive. When that backup is restored on an appliance, the system is restored to the
saved state.
Note Restoration from a backup file is intended to occur only on an ACE XML appliance with an empty
configuration. Restoration may not work on an appliance that is not in that state.
System features saved by the backup utility include the policy state, the system’s network configuration,
and log information—essentially, any file created or modified since system installation, including scripts
or data files.
There are some types of system changes or features that are not backed up by the backup/restore utility.
For instance, it does not incorporate information that is specifically runtime-oriented, such as active
process information. It also excludes certain types of system changes, such as software updates, hotfixes,
or certified extensions installed by RPM. (Note that SDK extensions you have created and installed
yourself are backed up.) You will need to restore these items separately, before using the backup and
restore process.
The result of the backup operation is an archive file that contains new or changed files. Note that if you
do not remove this archive file, it will be included in the next backup operation. It is therefore advised
that after saving the backup file to a storage medium you remove the original from the appliance
filesystem.
OL-13877-01
Cisco ACE XML Gateway Administration Guide
11-61
Backing Up and Restoring the System
Before running the backup command, you should ensure that a sufficient amount of free space is
available on the appliance for the backup process to work. The exact amount varies depending on the
size of your policy, log files, and so on. In general, however, to back up everything except log files, you
will need to have about 50 MB of free disk space on the appliance. If backing up event logs, audit logs,
or traffic logs, you will need to have the amount of free disk space equal to the size of the logs. Therefore,
if backing up the entire system, you will need 50MB plus the total size of the logs.
Note The backup operation does not itself check for sufficient disk space before starting. If the space is not
available, the operation will not succeed.
To complete a backup, the backup utility does not stop ACE XML Gateway services that are running.
Therefore, message traffic is not interrupted by this procedure.
To back up the system:
Step 1 Access the appliance shell on the ACE XML appliance you want to backup.
Step 2 Choose Advanced Options > Run Bash.
Step 3 Use the backup command to generate the backup file, as follows:
backup -all <filename>
Where filename is the name of the
Chapter 11 Miscellaneous Administrative Tasks
tgz file that will contain the backup archive. For example:
backup -all applianceBackup.tgz
The
-all switch causes all data to be backed up, including network and Gateway configuration settings,
the policy filestore, and log files. Alternatively, you can just specify a subset of the data to be backed up
by using a command switch, such as:
backup -filestore applianceBackup.tgz
The filestore switch causes all data except log information to be backed up. To back up only log data,
use either the
-userlog (for the event log), -auditlog, or -traffic switches.
If you do not specify command options, only the network and Gateway configurations are backed up.
Note Enter backup -h to see all available options for the command. Notice the -e and -l switches.
They cause command operation errors to be printed to standard error output. In general, you
shouldn’t have to use these options unless directed to do so by Cisco support.
After the process is finished creating the backup artifacts, you can use the scp (secure copy) utility to
copy the archive to an off-box location. Generally, after copying the archive elsewhere, you should
remove the backup archive from the appliance. If you do not, it will be included in the next backup
archive you create.
11-62
Cisco ACE XML Gateway Administration Guide
OL-13877-01
Loading...