Forum Discussion

speachey's avatar
speachey
Icon for Cirrus rankCirrus
Jul 24, 2024

VMWare Backups of active VEs?

We collect nightly UCS files of all of our BIG-IP VEs.  If we need to restore from UCS, it requires requesting the build of a new guest before we can apply the latest UCS backup (VMWare is managed by a different team).  Most of our other organization VMs have snapshots taken that can be used for quick restoration in the case of failure.  We do not have snapshots taken of our VEs because it is not recommended:

 

K000093184:

Since the Snapshot 'freezes' or 'pauses' TMM this prevents real-time access to the CPU. Due to this F5 does not support the Snapshot process being used on a BIG-IP.

 

Other than restoring from UCS files, are there any other recommended automated backup procedures of ACTIVE VMWare BIG-IP VEs that full backups can be done from?

 

  • Reply from F5 Support:


    Thank you for reaching out to F5 Support. My name is Manisha from NA region and will be assisting you with the service request. Please let me know if these hours align with your needs. If not, we can reassign the case to a desired region.

    1. Yes, as stated it the article F5 does not support the Snapshot process being used on a BIG-IP.

    Recommended Actions

    Creating and archiving backups should be done regularly and prior to any upgrade. The only supported method is to do so via an F5 UCS Archive.

    2. Regarding your 2nd query --> there is a script that resides on the system as a cron job, that does automatic backups and even transfers these backups to a remote server, if properly set up. Please see below articles for automated UCS backups on BIG-IP :

    https://my.f5.com/manage/s/article/K13418 ---> Archiving UCS files using the logrotate and crontab utilities (11.x - 17.x)
    https://my.f5.com/manage/s/article/K78344940 ---> Schedule automated UCS backups on the BIG-IP system

    ****************************************************************************
     
    Kind Regards,
    Manisha Kota | Service Provider Engineer

  • Reply from F5 Support:


    Thank you for reaching out to F5 Support. My name is Manisha from NA region and will be assisting you with the service request. Please let me know if these hours align with your needs. If not, we can reassign the case to a desired region.

    1. Yes, as stated it the article F5 does not support the Snapshot process being used on a BIG-IP.

    Recommended Actions

    Creating and archiving backups should be done regularly and prior to any upgrade. The only supported method is to do so via an F5 UCS Archive.

    2. Regarding your 2nd query --> there is a script that resides on the system as a cron job, that does automatic backups and even transfers these backups to a remote server, if properly set up. Please see below articles for automated UCS backups on BIG-IP :

    https://my.f5.com/manage/s/article/K13418 ---> Archiving UCS files using the logrotate and crontab utilities (11.x - 17.x)
    https://my.f5.com/manage/s/article/K78344940 ---> Schedule automated UCS backups on the BIG-IP system

    ****************************************************************************
     
    Kind Regards,
    Manisha Kota | Service Provider Engineer

  • From experience using vsphere for lots of lab BIG-IPs, DB (MCP and REST both) problems do sometimes happen when you snapshot and do hard shutdowns. And the fact that the running-config isn't necessarily the same as the saved-config.

    I'd expect that you could issue a "tmsh save sys config" to align the running-config and saved-config, then "bigstart stop" to quiesce the system and it'd be OK to move/snapshot. At that point, there shouldn't be any consequential open files. To recover you'd of course need to reboot or "bigstart start" the system.

    • speachey's avatar
      speachey
      Icon for Cirrus rankCirrus

      Thanks for the response.  F5 support confirmed that UCS backups are still the only recommended backup procedure to avoid service disruption.  It is rare we need to restore VEs, and we will continue collecting UCS archives nightly.

  • I have customers with the same issue as to different team maintaining certain infrastructure. Some chose to run dedicated hardware and not be subject to the whims and scheduling of another team within their organization. Not the answer you were looking to get, but certainly another option to consider ;)

     

    FWIW I use a VMware workstation lab environment, and torture my F5 VE guests. I usually have no issues with rebuilding from a particular UCS when needed, even thought I pause, snapshot, etc. all the time. Also, keep in mind one other important thing.... to rebuild an F5 VE, you really need a few things --- the master password which you can obtain from the other unit and rekey on the replacement or target unit, and the base configuration. So, even if you base configuration is a bit old, as long as the F5 VE is serviceable, you can rebuild missing config (shared config only) by syncing from the surviving unit. So just some more ideas.

    • speachey's avatar
      speachey
      Icon for Cirrus rankCirrus

      Thanks for the response.  F5 support confirmed that UCS backups are still the only recommended backup procedure to avoid service disruption.  It is rare we need to restore VEs, and we will continue collecting UCS archives nightly.