Configuration Versions
Overview
Configuration files in Juniper Security Director Cloud are created when the device configuration data from managed devices are backed up to the Juniper Security Director Cloud database for the first time.
A separate configuration file is created in the database for each managed device. Each time the configuration of a device changes, a new version of the configuration file is created on the device, which can then be backed up to the Juniper Security Director Cloud database or to a remote server at a fixed time or at a set recurrence interval periodically.
Centralized configuration file management enables you to maintain multiple versions of your device configuration files in Juniper Security Director Cloud. This helps you recover device configuration files in case of a system failure and maintain consistent configuration across multiple devices.
When you change the configuration of a device using Juniper Security Director Cloud, the portal processes this configuration change in a similar manner to a scenario where you would change the configuration without using Juniper Security Director Cloud.
In both such scenarios, the device becomes out of sync with Juniper Security Director Cloud's security policies. Juniper Security Director Cloud overwrites such device configurations with the original configuration when it deploys the security policies again. Use the configuration preview option to view the configuration changes.
You must resynchronize out-of-sync devices with Juniper Security Director Cloud. See Resynchronize Devices.
View Configuration Versions
You can view information about all configuration versions of a device that are backed up in the Juniper Security Director Cloud database.
Edit Configuration Version Description
Pin Configuration Versions
By default, Juniper Security Director Cloud, stores the previous ten configuration versions of a device or a device cluster. If the number of backed up configuration versions exceeds ten, the oldest configuration version is deleted and the latest version is stored.
Juniper Security Director Cloud allows you to pin certain configuration versions as important. These versions can be either golden versions without errors or configurations for specific requirements. Pinned configuration versions are never deleted even when new configuration versions are created. You can pin a maximum of three configuration versions as important.
If you have already pinned three configuration versions and pin a fourth configuration version, the first pinned configuration version is deleted. For example, if you pinned Version 1, Version 2, and Version 3 in succession, and if you pin Version 4, the pinned Version 1 is deleted.
Rollback to a Configuration Version
The Rollback option enables you to deploy any version of the saved configurations to the device.
Restoring a configuration version involves overriding the device’s running configuration file with the selected version of the configuration backup file from Juniper Security Director Cloud.
When you rollback the configuration version of a device using Juniper Security Director Cloud, the portal processes this configuration change in a similar manner to a scenario where you would rollback the configuration without using Juniper Security Director Cloud.
In both such scenarios, the device becomes out of sync with Juniper Security Director Cloud's security policies. Juniper Security Director Cloud overwrites such device configurations with the original configuration when it deploys the security policies again. Use the configuration preview option to view the configuration changes.
You must resynchronize out-of-sync devices with Juniper Security Director Cloud. See Resynchronize Devices.
Compare Configuration Versions
Juniper Security Director Cloud enables you to compare two device configuration versions by using the Compare option.
You can view the device configuration versions side by side to compare and see the total number of differences, the date and time of the last commit operation, and the number of changes made.
When you compare versions, each configuration parameter in one version is set side by side with the same parameter in the other version. Therefore, you might see multiple pages of configuration for a single parameter in one version, whereas the same parameter in the other version might be only a few lines long.