in network management, backup policies are more focused on swiftly restoring faulty switches, routers, firewalls, and load balancers than on data stored on servers
each device should have a documented baseline configuration
deployment process should be capable of applying a baseline or backup configuration to a replacement device or when restoring a faulty device
most network appliances have a:
startup or persistent configuration
and a running configuration
should usually be the same
may be left unsaved, so regular audits are needed
may be possible that deviations from baseline cannot be reverted without causing disruption, and so baseline must be updated
most devices support a version history of configurations
enables a change to be rolled back
Backup Modes
appliance may support two backup modes:
state/bare metal
a snapshot-type image of the whole system
can be redeployed to any device of the same make and model as a system restore
configuration file
a copy of the configuration data in a structured format (e.g., XML)
can be used in a two-stage restore
OS or firmware image is applied first
then the configuration is restored by importing the backup file
State Information
network appliance may hold state information that:
has not been written to a log
will not be captured by a backup of the config file only
state information includes data such as MAC tables in switches or the NAT table in a firewall
advanced firewalls may contain additional data such as malware/intrusion detection signatures
some devices log state data to an internal database that can be backed up
in other cases, if this information needs to be preserved,
the appliance should be configured to log state data to a remote server