Your company uses DRS to back up UCM data on a tape drive. You want to add a network directory as a DRS
backup device.
Which of the following is required to complete your task? (Select the best answer.)
A.
IPSec
B.
SFTP
C.
SSL
D.
a cluster security password
Explanation:
Secure File Transfer Protocol (SFTP) is required in order to add a network directory as a Cisco Unified
Communications Manager (UCM) Disaster Recovery System (DRS) backup device. DRS is a Cisco application
that can be used to back up data from UCM, Cisco Unity Connection, and Cisco Unified Presence (CUPS)
server. SFTP is a file transport protocol that uses the secure transport protocol Secure Shell (SSH) to perform
operations on remote file systems. Because SFTP is protected by a secure transport protocol, the transmission
of data over an SFTP link is encrypted. DRS supports only tape devices and SFTP network directories as
backup devices.
It is important to note that a backup device cannot be deleted from DRS if that backup device is part of an
existing backup schedule. In order to remove an existing backup device from a DRS configuration, you must
first ensure that the device has been removed from any backup schedules in which it might be configured.
Although DRS requires the cluster security password to encrypt backup data for storage, SFTP is specifically
required to add a network directory. DRS uses the existing cluster security password when performing
encryption on a backup. If the cluster security password is modified by using the commandline interface (CLI) or
by a fresh UCM installation, you might not be able to decrypt and restore that backup. Workarounds to this
issue include remembering the old cluster security password that was used to encrypt the data or immediately
performing a fresh backup when the cluster security password changes.
Although DRS requires Secure Sockets Layer (SSL) for authentication and encryption between Master Agentsand Local Agents, SFTP is specifically required to add a network directory. Although DRS requires IP Security
(IPSec) for public key infrastructure (PKI) encryption, IPSec is not required to add a network directory as a DRS
backup device. Master Agents store component registrations, maintain scheduled tasks, and store backup data
on a locally attached device. Local Agents, which are installed and activated by default on each cluster node,
are responsible for running backup and restore scripts on the local server. The deletion of the IPSec trust store
from UCM’s security configuration can cause DRS to function improperly.https://www.cisco.com/en/US/docs/voice_ip_comm/cups/6_0_1/disaster_recovery/administration/guide/
drsag601_2.pdf
https://www.cisco.com/c/en/us/td/docs/voice_ip_comm/cucm/drs/8_5_1/drsag851.html#wp42275