Network Configuration Backup Automation - rConfig V8

Configuration Backup: Protecting Your Infrastructure

Configuration backups are the foundation of rConfig’s value proposition. Whether you’re capturing running configurations for change tracking, archiving device states for compliance, or building a disaster recovery baseline, understanding how to execute and automate backups ensures your network infrastructure is protected and auditable.

rConfig provides multiple methods to initiate configuration backups—from manual device-level backups for immediate needs to fully automated task-based scheduling for hands-free operations. Every backup follows the same robust connectivity and authentication process, ensuring consistent results regardless of how the backup is triggered.

Why Configuration Backups Matter

Change Management

Track every configuration change with before/after configuration comparison. When something breaks after a change window, you know exactly what changed and can roll back if needed.

Disaster Recovery

Device dies at 3 AM? Restore the exact configuration from last night’s backup. Hardware replacement becomes a config restore operation, not a rebuild-from-memory emergency.

Compliance & Audit

Regulators want proof of configuration standards? Generate configuration compliance reports showing config compliance over time. Demonstrate who changed what and when with complete audit trails.

Security Forensics

Suspicious network behavior? Compare current configs against known-good baselines to identify unauthorized changes, rogue access rules, or compromised credentials.

Documentation

Your configs are your documentation. When onboarding new team members or troubleshooting legacy setups, backed-up configurations provide the ground truth.

Backup Types

Configuration Backups

What: Captures device running configurations—the active settings that define how the device operates.

Commands: show running-config, display current-configuration, show configuration

Use cases:

Change tracking and version control
Rollback and recovery
Compliance validation
Configuration standardization

Frequency: Daily or after every change window

State Backups

What: Captures operational state information alongside configurations—version details, interface status, routing tables, ARP entries, hardware inventory.

Commands: show version, show ip interface brief, show ip route, show inventory

Use cases:

Troubleshooting and forensics
Pre/post-change validation
Capacity planning data
Hardware inventory tracking

Frequency: Daily or on-demand during troubleshooting

Combined Approach (Recommended)

Most production deployments back up both configuration and state data. Create command groups that include:

Primary config command (show running-config)
Version/hardware details (show version)
Interface status (show ip interface brief)
Routing information (if applicable)

This gives you complete snapshots useful for both recovery and analysis.

Backup Features

Config Integrity Check (CIC)

rConfig’s Config Integrity Check (CIC) feature validates that each backed-up configuration is complete and contains all expected commands or output patterns. CIC definitions ensure downloaded configurations meet your standards and haven’t been truncated, corrupted, or interrupted during capture.

How it works: CIC definitions use regex patterns to verify that required commands or output sections are present in the backed-up configuration. When a backup completes, rConfig checks the output against the assigned CIC definition and marks the configuration with one of three statuses:

Status	Meaning
Valid	Configuration is complete and contains all required patterns
Invalid	No CIC definition assigned to the device (unknown validity)
Failed	Configuration missing one or more required patterns

Example use case: Your Cisco routers should always have line vty 0 4 at the end of show running-config. A CIC definition checking for this pattern flags incomplete backups where the connection dropped before capturing the full config.

Benefits:

Automatic validation of backup completeness
Early detection of truncated or incomplete configurations
Confidence that backed-up configs are usable for recovery
Alerts for devices with failed integrity checks

Note: CIC (Config Integrity Check) was formerly called EOC (End of Config). You may still see “EOC” in URLs or permission tables.

Learn more about CIC definitions →

Back up Storage & Versioning

All backed-up configurations are stored in a hierarchical directory structure organized by category, device name, and date. Each backup creates a new version, allowing you to track changes over time. rConfig automatically detects changes between versions and flags configurations that differ from the previous backup.

Storage path example:

/storage/app/rconfig/data/
  └── [Category Name]/
      └── [Device Name]/
          └── [YYYY]/
              └── [MMM]/
                  └── [DD]/
                      └── [command-name]_[timestamp].txt

Example:

/storage/app/rconfig/data/
  └── Core-Routers/
      └── router-hq-01/
          └── 2025/
              └── Oct/
                  └── 02/
                      └── show-running-config_143522.txt

Every backup has a record in the database that references the file along with other data.

By default rConfig keeps all versions, but you can implement retention policies to automatically delete older versions after a certain period. Also, you can choose to not save identical versions to save space. This is configurable on a per command basis in the Commands table view.

Backup Encryption

For enhanced security, rConfig supports configuration file encryption at rest. Enable encryption in the settings to ensure that sensitive configuration data is stored securely on disk. See the Encryption documentation for setup instructions.

How to Run Backups

1. Manual Device Backup (UI)

Best for: Immediate backup of a single device for troubleshooting or verification.

Steps:

Navigate to Devices → [Device Name]
Click Download Now button
Wait for job to complete
View backed-up config in device history

When to use:

Testing connectivity to new devices
Capturing config immediately after a manual change
Troubleshooting backup issues
Verifying command templates work correctly

2. Manual Device Backup (CLI)

Best for: Scripting, automation, remote operations, or debugging connection issues.

Download Single Device

php artisan rconfig:download-device {device_id}

Example:

# Backup device ID 1001
php artisan rconfig:download-device 1001

# Backup with debug output (shows detailed connection info)
php artisan rconfig:download-device 1001 -d

# Search by integration host ID (for synced devices)
php artisan rconfig:download-device 1001 -i

Download Multiple Devices

php artisan rconfig:download-device 1001 1002 1003

Download by Category

# Backup all devices in category ID 5
php artisan rconfig:download-category 5

# Multiple categories
php artisan rconfig:download-category 5 6 7

Download by Tag

# Backup all devices with tag ID 10
php artisan rconfig:download-tag 10

See full CLI command reference →

3. Scheduled Task-Based Backups

Best for: Production operations, automated daily/weekly backups, hands-free configuration management.

Scheduled tasks are the primary backup method for production environments. Tasks define:

When backups run (schedule with time/frequency)
What gets backed up (device selection via categories, tags, or specific devices)
Which commands execute (command groups assigned to devices)

Task Types for Configuration Backups

rConfig supports multiple task types for different backup scenarios:

Task Type	Description	Configuration
Config Downloads - Devices	Backup specific selected devices	Select individual devices
Config Downloads - Categories	Backup all devices in selected categories	Select one or more categories
Config Downloads - Tags	Backup all devices with selected tags	Select one or more tags

Note: Additional task types are available for policy compliance, snippet deployment, system maintenance, and integrations. See Scheduled Tasks documentation for complete list.

Creating a Scheduled Backup Task

Navigate to Tasks → Create Task
Configure task parameters:

Task Type Selection:

Choose “Config Downloads - Devices”, “Categories”, or “Tags” based on your needs

Basic Settings:

Task Name: “Daily Core Network Backup”
Description: “Backs up all core routers and switches daily”
Enabled: ✓ (active)
Run on Save: ☐ (optional - runs immediately upon saving)

Schedule Configuration:

Frequency: Select from dropdown (Every Minute, Hourly, Daily, Weekly, Monthly)
Time: 02:00 (2 AM) - specific time for Daily/Weekly/Monthly tasks
Time Zone: Your local timezone
Day of Week: (For weekly tasks) Select specific day(s)
Day of Month: (For monthly tasks) Select specific date

Device Selection (varies by task type):

For Devices: Select specific devices from list
For Categories: Select one or more categories (e.g., “Core Routers”, “Distribution Switches”)
For Tags: Select one or more tags (e.g., “Production”, “Critical Infrastructure”)

Click Save Task

Result: Task appears in Tasks main view and runs automatically at scheduled intervals.

Tasks main view with scheduled backup tasks

Managing Tasks

Run Task Manually:

Navigate to Tasks main view
Click Run Now button next to any task
Monitor progress in Horizon Queue Manager

Pause/Resume Task:

Click Pause icon to temporarily disable without deleting
Paused tasks won’t execute on schedule
Click Resume to re-enable

Edit Task:

Click task name or edit icon
Modify schedule, devices, or settings
Save changes

Delete Task:

Click delete icon
Confirm deletion
Task schedule and configuration are permanently removed

Important: Deleting tags does not impact devices, but will affect scheduled tasks configured for those tags.

Task Best Practices

Stagger backup windows: Don’t back up 1000 devices at 2:00 AM exactly. Use:

Different times for different categories
Multiple tasks with offset schedules
Progressive scheduling (core at 2 AM, access at 3 AM, branch at 4 AM)

Monitor task execution:

Check Horizon Queue Manager for real-time job status
Review Activity Logs for backup failures
Set up notifications for failed backups
Regularly review paused or disabled tasks

Test before production:

Create a test task with 5-10 devices
Verify all devices back up successfully
Check configurations are captured correctly
Then scale to full device inventory

Use appropriate task types:

By Category: Best for organizational structure (Core, Distribution, Access)
By Tag: Best for logical grouping (Production, DR, Critical)
By Device: Best for small, specific device sets or exceptions

Learn more about scheduled tasks →

4. API-Invoked Backups

Best for: External system integration, event-driven backups, webhook-triggered operations, custom automation workflows.

Use rConfig’s REST API to trigger backups programmatically from external systems—monitoring platforms, ticketing systems, CI/CD pipelines, custom applications using snippets, or any system capable of making HTTP requests.

API Capabilities

rConfig provides four download endpoints for different backup scenarios:

Endpoint	Purpose	Use Case
POST /api/v1/device/download/{id}	Single device backup	Immediate backup after manual change
POST /api/v1/devices/download	Multiple devices backup	Backup specific device group
POST /api/v1/category/download/{id}	All devices in category	Backup entire device category
POST /api/v1/tag/download/{id}	All devices with tag	Backup by logical grouping

Key Features

Asynchronous Processing: All download requests queue as background jobs, returning immediately with confirmation. Monitor job progress in the Horizon Queue Manager.

Flexible Authentication: Include API token in header or URL parameter for secure access.

Bulk Operations: Queue multiple device backups with a single API call.

Quick Example

Single device backup:

curl -X POST \
  "https://rconfig.example.com/api/v1/device/download/1001" \
  -H "apitoken: YOUR_API_TOKEN" \
  -H "Content-Type: application/json"

Response:

{
  "success": true,
  "data": "Download job queued successfully for device 1001"
}

Multiple devices backup:

curl -X POST \
  "https://rconfig.example.com/api/v1/devices/download" \
  -H "apitoken: YOUR_API_TOKEN" \
  -H "Content-Type: application/json" \
  -d '{"deviceIds": [1001, 1002, 1003]}'

Response:

{
  "success": true,
  "data": "Download jobs queued successfully for devices: 1001, 1002, 1003"
}

Common Integration Scenarios

Monitoring System Integration: Monitoring platform detects configuration change → webhook triggers rConfig API → immediate backup captured

Change Management Workflow:

Ticket system: Change approved → API call: Pre-change backup
Engineer: Makes changes
Ticket system: Change completed → API call: Post-change backup
Result: Automatic before/after snapshots

CI/CD Pipeline:

# Example: Backup after infrastructure deployment
import requests

def backup_devices(device_ids):
    url = "https://rconfig.example.com/api/v1/devices/download"
    headers = {
        "apitoken": "YOUR_API_TOKEN",
        "Content-Type": "application/json"
    }
    data = {"deviceIds": device_ids}

    response = requests.post(url, headers=headers, json=data)
    return response.json()

# Backup all devices after Ansible deployment
affected_devices = [1001, 1002, 1003]
result = backup_devices(affected_devices)
print(result)

Custom Automation:

Scheduled scripts that backup devices based on custom logic
Event-driven workflows triggered by external systems
Integration with ITSM platforms (ServiceNow, Jira)
Webhook responders for third-party alerts

API Documentation

For complete API reference including all parameters, request/response formats, error codes, and authentication details, see the in-app API documentation:

Access API Docs: Navigate to System Settings → Developers → REST API → Documentation in your rConfig instance

The in-app documentation provides:

Interactive API testing interface
Complete parameter specifications
Response schema definitions
Authentication examples
Error handling guidelines

5. SNMP Trap-Invoked Backups

Best for: Real-time config change detection, event-driven backups, zero-touch operations.

Configure network devices to send SNMP traps to rConfig when configurations change. rConfig receives the trap and automatically backs up the device—no scheduling required.

How SNMP Trap Backups Work

Device configured to send ccmCLIRunningConfigChanged or similar trap to rConfig
rConfig receives trap via SNMP trap handler service
Device identified from trap source IP or configured mapping
Backup job queued automatically
Configuration captured within seconds of the actual change

Setup Requirements

On rConfig:

SNMP trap handler service running (rconfig:snmp-trap-handler)
SNMP trap registry configured with device mappings
Trap-to-backup action rules defined

On Network Devices:

! Cisco IOS example
snmp-server enable traps config
snmp-server host 192.168.1.100 version 2c rconfig-community

Benefits:

Zero-delay backups after changes
No scheduled task overhead for rarely-changed devices
Captures emergency/unscheduled changes automatically
Complete audit trail of who changed what

Learn more about SNMP trap configuration →

Backup Execution Details

What Happens During a Backup

Regardless of how the backup is triggered, the execution flow is consistent:

Job queued in Horizon queue system
Device connection established per connectivity process
Commands executed from assigned command group
Output captured with pagination handling
CIC definitions run (if configured) to extract properties
Configuration processed (cleaned, validated)
File stored in hierarchical directory structure
Database record created with metadata and version tracking
Default status evaluated and recorded
Notifications sent (if configured for failures or specific events)
Activity logged with full details

Storage Location

Configurations are stored following this structure:

/storage/app/rconfig/data/
  └── [Category Name]/
      └── [Device Name]/
          └── [YYYY]/
              └── [MMM]/
                  └── [DD]/
                      └── [command-name]_[timestamp].txt

Example:

/storage/app/rconfig/data/
  └── Core-Routers/
      └── router-hq-01/
          └── 2025/
              └── Oct/
                  └── 02/
                      └── show-running-config_143522.txt

Version Control

Every backup creates a new version. rConfig tracks:

Version number: Sequential counter per device
File hash: MD5/SHA256 for integrity verification
Timestamp: Exact backup time
Change detection: Automatic comparison with previous version
Change flag: Indicates if config differs from last backup

Monitoring Backup Operations

Horizon Queue Manager

View real-time backup job status:

Navigate to Queue → Horizon Dashboard
Monitor:
- Pending jobs: Queued and waiting
- Processing jobs: Currently executing
- Completed jobs: Successful backups
- Failed jobs: Errors requiring attention

Activity Logs

Detailed backup history and troubleshooting:

Navigate to Settings → Logs → Activity Logs
Filter by:
- Device name
- Date range
- Success/failure status
- Specific commands
View detailed logs showing:
- Connection attempts
- Authentication results
- Command execution
- Errors and warnings
- Execution time

Notifications

Configure alerts for backup events:

Email notifications:

Failed backups
First-time device backups
Configuration changes detected
Daily/weekly summary digests

Webhook notifications:

POST to external systems (Slack, Teams, PagerDuty)
Custom integrations with ticketing systems
Real-time change notifications

Best Practices

Production Deployment

Start small, scale gradually:

Test with 10 devices across different vendors
Validate command templates work correctly
Verify storage and versioning
Add more devices in batches

Schedule strategically:

Avoid peak traffic hours
Stagger backups across categories
Consider maintenance windows
Account for time zones in global deployments

Monitor and adjust:

Review failed backups weekly
Optimize command timeouts based on device response times
Adjust concurrent connection limits for network capacity
Archive old configurations per retention policy

Security Considerations

Credential management:

Use credential sets for shared access
Rotate passwords regularly
Implement key-based SSH authentication
Never log credentials in plaintext

Access control:

Restrict backup initiation to authorized users
Use RBAC to control device access
Audit who triggers manual backups
Monitor API token usage

Encryption:

Enable configuration file encryption at rest
Use TLS for API communications
Secure credential storage with encryption keys
Implement filesystem-level encryption

Performance Optimization

Concurrent connections:

Default: 10 simultaneous connections
Adjust based on network capacity
Consider device CPU/memory limitations
Monitor queue depth

Command optimization:

Only backup commands you need
Avoid expensive commands (full routing tables) unless necessary
Use | no-more or equivalent to disable pagination
Test command response times before production

Storage management:

Implement retention policies (keep 90 days, 1 year, etc.)
Use compression for archived configs
Monitor disk space usage