cancel
Showing results for 
Search instead for 
Did you mean: 
Create Post
Level 7

NCM backup as an SCP CLIENT (not a server)

Is there a way of getting NCM to be an SCP client. I have found lots of info about using NCM to initage an SSH connection to a device and then run commands on the device to initate SCP back to the NCM SSH server. This is not what I mean

For example, this command will back up a Fortigate Firewall if you have enabled the Fortigates SCP server (This is using Putty's SCP command in Windows but obviulsy you can do the same in linux with scp)

c:\progra~1\putty\pscp.exe -pw password user@1.2.3.4:fgt-config c:\backups\fgt-config.txt

There is no messing about with command scripts. It just backs up the config. The same is possible on multiple other products. I've personaly done it on ASA firewalls and Rucks/Brocade switches, and used SSH keys with scripts in Linux as opposed to user/password.

It seems rather a big missing feature to not support SCP as a client in NCM??? Its a much  much simpler appraoch to backing up configs for devices that support it.

I could script this as an external program in NCM, but not sure I can pass variables to an external command, or if the bacup manager would understand it was a backup?

thanks


Robin

3 Replies
Product Manager
Product Manager

The difference is that depending on your level of "saving" backups we use TFTP/SFTP/SCP servers for hte4 transfer to place within the database. You can then set up an archive and store these etc.

If you want to just use the SCP server you would be able to feed the commands to F5 and use the SolarWinds SCP server to do this, however that will not place them within the database for your usage within NCM.

~Dez~

0 Kudos

@Dez What your suggested approch is missing, is that reaching out to potenially 100s of nodes and having them talk back to a central Orion server, initiating the connection from the end devices, can mean opening firewall rules on 100s of firewalls.

Being stateful initiating the connection out from the Orion server it's often just the one firewall to open up, or hugely less work / touch points in any case.

Coping a new image for device upgrade with SCP easy, pushing it out from Orion if it supported it, I'm initiating out of my stateful firewall and need rules on that only to support it.

The converse is going back to pick it up with TFTP, with all the disprate endpoint devices across my device estate I could be initating through 100's of firewalls, and need rules on them all.

This is why Orion being a SCP client is far better than only having an option of it being a server. Please add it in, I don't see this as a big development effort, competitor products have it, and are better for it.

It's also a lot cleaner than all the 'terminal pager 0' / 'terminal len 0', then 'enable' etc with SSH for getting a config.

 

0 Kudos

Restorepoint which I see as a very similar product to NCM does do this, really wish NCM would as well. 

0 Kudos