Back up network device configurations on a schedule or on demand. Cloudmon detects every change, stores a full version history, and supports rollback to any previous version via TFTP or SFTP.
NCM Backup gives you a continuous, version-controlled record of every configuration change across your managed network devices. Cloudmon connects to each device via SSH or Telnet and retrieves the running configuration. Backups are accessible from the NCM tab within each network device's detail page at Network → Network Devices → [Select Device] → NCM. Before enabling backup on a device, ensure an SSH or Telnet credential has been created. Refer to Network Configuration Management for credential setup.
Cloudmon supports three methods for triggering a configuration backup:
| Method | How it works |
| Scheduled | Cloudmon automatically backs up the device configuration on a recurring basis. The backup interval (Daily, Weekly, or Monthly) and the time of day are configured in the device's NCM settings. Scheduled backups run without any manual action and ensure a regular baseline is always available. |
| Manual (Backup Now) | A backup can be triggered at any time by clicking the Backup Now button in the device NCM settings. If a difference is detected compared to the previous backup, a new version is created immediately. This is useful for capturing a known-good state before making a planned configuration change. |
| Automatic on change detection | Whenever Cloudmon detects that a device's running configuration has changed, a new backup version is created and added to the backup history automatically, without waiting for the next scheduled window. This ensures that every change, including those made directly on the device outside of Cloudmon, is captured as soon as it is detected. Changes made outside of Cloudmon are flagged as Unauthorised in the backup history. Cloudmon can detect these changes via SNMP Traps or Syslog messages received from the device, which can be configured to trigger a log rule action that alerts your team to the change. Refer to SNMP Traps and Syslog for log rule configuration. |
Navigate to Network → Network Devices → [Select Device] → Settings → NCM and fill in the required fields:
| Field | Description |
| Template | The NCM template is automatically mapped based on the device vendor and type. Change it manually if needed. |
| Protocol | Select SSH or Telnet. SSH is recommended. Telnet is available for legacy devices that do not support SSH. |
| Credential | Select the SSH or Telnet credential set that has access to this device's configuration mode. Credentials are created under Settings → Configurations → Credentials → Telnet/SSH. |
| Interval | How frequently Cloudmon automatically backs up the device configuration. Options include Daily, Weekly, and Monthly. |
| Backup Time | The time of day the scheduled backup runs. |
| Email Notification | Enable to receive an email after each backup, including whether changes were detected. |
| Enable | Toggle to activate NCM backup for this device. A Backup Now button is also available to trigger an immediate backup outside the scheduled window. |
Click Save. The NCM tab on the device will populate with backup history after the first successful backup runs.
The NCM tab on each device shows the full backup history. Each entry displays the version number, change type, baseline status, config type (running or startup), and a visual diff showing lines added and removed. Key information surfaced in this view includes:
Any two backup versions can be compared side by side. In the All Backups table, click the differences icon on any entry to select a second version for comparison. The view highlights added, removed, and modified lines so you can pinpoint exactly what changed and when. For example, comparing a Cisco router's configuration from before and after a maintenance window will immediately show whether only the intended ACL change was made or whether additional lines were modified.
If a configuration change causes issues, Cloudmon's rollback feature lets you revert the device to any previous version. Rollback is supported via both TFTP and SFTP depending on the device's capabilities. The following actions are available for each entry in the All Backups table:
| Action | Description |
| Authorize / Unauthorize | Approve or reject a configuration change. Once approved, the change is accepted as the new authorised baseline. Rejecting flags it for remediation. |
| View | Opens the full configuration file for that version. |
| Differences | Compares this version against any other version, showing added, removed, and modified lines. |
| Draft | Saves a proposed configuration as a draft for review before it is applied to the device. |
| Issue | What to check |
| Backup Now returns an error or no backup is created | Confirm the credential assigned has configuration-level access. Test by connecting manually via SSH or Telnet from the probe host to the device. Verify the correct protocol is selected in the NCM settings. |
| Session connects but fails during configuration retrieval | Check that the Enable Username and Enable Password are set for devices requiring privilege mode, such as Cisco IOS. Without them the session logs in but cannot run show running-config. |
| Scheduled backup runs but no new version appears | Cloudmon only creates a new version when it detects a change from the previous backup. No change means no new entry. This is expected. Use Backup Now after a deliberate change to confirm detection is working. |
| Rollback fails to apply the previous configuration | Verify the TFTP or SFTP server is reachable from the device during rollback. For SFTP, confirm the device supports SFTP transfer in its current firmware version. |
| NCM tab not visible on a network device | NCM must be explicitly enabled per device. Navigate to the device Settings → NCM, complete all fields, and toggle Enable on. The tab appears after the first backup is attempted. |