There are only a handful of Cisco recommended SFTP servers for UC application backups. One of them is Open SSH. This document explains how to install a SSH server based on Open SSH. The proxy / relay function is optional.
The server is a proxy / relay for backups from Cisco Unified Communications Appliances (Cisco Unified Communications Manager, Cisco Unity Connection, Cisco Unified Contact Center Express, etc.)
The UC appliance backups are received daily.
A script runs at 9pm each day to copy the backup files to a Windows file server after removing old backup files to preserve space.
The operating system for the backup server is Debian7 (Wheezy) 32-Bit (due to lower hardware requirements).
This guide assumes the server is installed on a virtual machine inside VMware ESXi.
Backup to SFTP & TFTP Server:
Device | Backup time | Backup Destination |
CUCM | 18:30 | SFTP (10.10.10.50) |
CUC | 20:00 | SFTP (10.10.10.50) |
Router / Switches | On demand | TFTP (10.10.10.50) |
Copy on Windows file server:
Device | Backup Destination |
CUCM | \\fs1\UC\ Backup\cucm |
CUC | \\fs1\UC\ Backup\cuc |
Router / Switches | \\fs1\UC\ Backup\router and switches |
Virtual machine setup:
Setting | Value |
VM Name | SFTP-Server |
Guest OS | Debian GNU/Linux 6 (32-Bit) |
Memory | 512 MB |
Network | VM Network / E1000 |
Storage | 40 GB |
All settings not mentioned were left at default.
Operating system installation:
ISO image: debian-7.8.0-i386-netinst.iso
Setting | Value |
Language / Location / Keyboard | English / Canada / American English |
Host name | SFTP-Server |
Domain name | domain.int |
Software selection | SSH server / Standard system utilities |
All settings / values not mentioned were left at default.
For usernames and passwords see appendix.
Below are the required CLI inputs.
Network settings:
First the IP address, subnet mask and gateway are configured. Then the name servers are added and the server is rebooted.
nano /etc/network/interfaces
# The primary network interface
allow-hotplug eth0
iface eth0 inet static
address 10.10.10.50
netmask 255.255.255.0
gateway 10.10.10.254
nano /etc/resolv.conf
domain domain.int
search domain.int
nameserver 10.10.10.1
nameserver 8.8.8.8
nameserver 8.8.4.4
shutdown -r now
Now you can login through SSH (e.g. Putty) using IP address 10.10.10.50
User accounts for the SFTP connections are created.
adduser cucm
Enter new UNIX password:
Retype new UNIX password:
Full Name []: CUCM Backup
Room Number []:
Work Phone []:
Home Phone []:
Other []:
Is the information correct? [Y/n] Y
adduser cuc
Enter new UNIX password:
Retype new UNIX password:
Full Name []: CUC Backup
Room Number []:
Work Phone []:
Home Phone []:
Other []:
Is the information correct? [Y/n] Y
First the list of available software packages is updated.
apt-get update
Now the SMB file system (to access Windows file servers) is being installed.
apt-get install cifs-utils
First a new directory is created which will be used to mount the windows file share.
mkdir /mnt/fs1
A separate file contains the username and password for the file server access.
nano /root/.smbcredentials
username=Username
password=Password
domain=Domain
The file "/etc/fstab" contains all mount points that are loaded during startup. The Windows file share is added and the credential file is referenced.
nano /etc/fstab
//fs1/UC /mnt/fs1 cifs sec=ntlm,credentials=/root/.smbcredentials 0 0
The backup script is similar to a batch file and is called by the scheduler "cron".
nano /root/cp-backups.sh
# shell script to copy Backups to Windows Server
#
# Remove old Backup files on Windows Server before copy
echo "removing old Backup files..."
rm /mnt/fs1/Backup/cucm/*
echo "starting copy of cucm..."
cp -r -v /home/cucm/* -t /mnt/fs1/Backup/cucm
# Remove old Backup files on Windows Server before copy
echo "removing old Backup files..."
rm /mnt/fs1/Backup/cuc/*
echo "starting copy of cuc..."
cp -r -v /home/cuc/* -t /mnt/fs1/Backup/cuc
#
echo "Done"
exit 0
After creating the script it needs to be made executable.
chmod +x /root/cp-backups.sh
The scheduler is configured to run the script regularly.
crontab -e
0 21 * * * /root/cp-backups.sh 2>&1 > /var/log/cp-backups.log
The first five parameters define the time as follows:
- minute (from 0 to 59)
- hour (from 0 to 23)
- day of the month (from 1 to 31)
- month (from 1 to 12)
- day of the week (from 0 to 6) (0=Sunday)
An asterisk refers to "all the time" (ie. every day of the month, every month, every day of the week).
The script output will be written to the log file "/var/log/cp-backups.log".
After a reboot of the server it is ready to go (the network drive will be mounted).
shutdown -r now
Usernames and Passwords:
Username | Password | used for |
root | P@ssw0rd | Administrator of SFTP Server |
cucm | cisco | SFTP backup user for CUCM |
cuc | cisco | SFTP backup user for CUC |
backup-cisco | cisco | Domain user with access to Windows file share |
Directories:
/home/cucm | Backup directory for CUCM |
/home/cuc | Backup directory for CUC |
/root | Home directory of root user (e.g. for ".smbcredentials" file) |
/var/log | Default log directory |
The SFTP server is configured under Disaster Recovery System.
Please note, the field "Path Name" must use "./". Then enter the appropriate username / password for the SFTP user (e.g. "cucm" or "cuc").
Afterwards backups can be scheduled by clicking on "Scheduler".