One of the most common applications for SFTP Servers is updating and backing up devices and endpoints controlled by either Cisco Unified Computing System Manager (UCSM) or Cisco Unified Communications Manager (CUCM). And because of Cisco’s ubiquity in the market, Cerberus’s team hears two common questions from network administrators:  

  • What’s the best way to update Cisco firmware?
  • How do I make CUCM backups over SFTP? 

Today, we’re going to answer both those questions.   

What’s the Best Way to Update Cisco Firmware?


Cisco’s firmware update documentation recommends using its own UCM node and transferring files via Trivial File Transfer Protocol (TFTP). This protocol was developed to be as lightweight as possible, and is commonly used for network boot loading and little else. As a result, more human-friendly operations like viewing a directory must be done via command line.

If your organization uses other file-transfer software (known by Cisco as a “Load Server”), you may find firmware updates are more efficient when using TFTP’s rival protocol, the Secure Copy Protocol (SCP). SCP transfers are ideal for transferring single files over an encrypted connection, and can be managed from a file transfer server that gives greater flexibility for administrator operations. For example, transfers can be automated, and connections can be secured via SSH (as opposed to TFTP’s unsecured transfers).

You can learn more about SCP in this support article, and we’ve also written a blog on how to choose the best file transfer method for Cisco firmware updates that can help you decide on SCP versus TFTP for your updates. 

What’s the Best Way to Create a Cisco Unified Communications Manager Backup?


Cisco provides detailed instructions for creating CUCM backups at this link, and specifies that CUCM backups must be transferred via SFTP. An SFTP server like Cerberus FTP Server is ideal for this task, as it can keep your backup files stored securely and transfer them to the connected CUCM’s Disaster Recovery System via automated file transfer events if a failure occurs. 

At a high level, the steps to backup your CUCM using a Cerberus SFTP server are below:

  1. Download and Install Cerberus FTP Server to accept and store the backups (all editions of Cerberus FTP Server include SFTP transfer)
  2. Create a Cerberus SFTP user for the backup process that has the privilege of connecting using just a password. Even though CUCM allows the use of SFTP, it does not permit connection using an SSH key. With Cerberus SFTP Server, you can automatically forward files to another location. 
  3. Create your backup device from the CUCM’s Disaster Recovery System. Go to CUCM and log into the Disaster Recovery System. Select backup, then Backup Device. This section is where you provide the details of your Cerberus SFTP server.  
  4. Enter your SFTP server’s access credentials during the backup device add process. Click on “Add New” in the Backup Device area and enter a name for your SFTP server. Beneath this field, there is a field labeled “Select Destination” – here, you can enter your Cerberus SFTP server details, path, and credentials. You can also select how many backups you want to keep in the SFTP server if you do not wish to set up automation.  
  5. Schedule The Backup  In CUCM, go to Backup, Scheduler and click “Add New” to create a new schedule. Now, you can add the frequency with which you want to send the backup to your SFTP server, including the day of the week and time of day. Finally, save the schedule and click on “Enable Schedule.”  

Did you know? 

The Cerberus FTP Server team has done extensive testing for SFTP server compatibility with CUCM, and our support staff are very familiar with CUCM backup and update troubleshooting. You can also learn more about Cerberus FTP Server’s SSH2 SFTP setup in this support article. 

Other SFTP FAQs You Might Find Helpful

The Cerberus FTP Server team has put together a complete guide to SFTP at the links below. 

How Does SFTP Work?

SFTP (Secure File Transfer Protocol) works by first establishing a connection between a client and server, then confirming security parameters for the connection, which is validated over SSH using a public/private key pair. Once a secure connection is established, the client user provides login credentials and sends/receives data via the encrypted connection.

To learn more, review these blogs:

How is SFTP Different from FTP?

FTP transmits data in plain text, which means that anyone who can access a transmission would be able to see the information being sent. SFTP adds a layer of encryption between the client and server (via SSH2) that prevents anyone who intercepts a transmission from accessing your data, and also includes client/server validation via public/private key pairs to prevent unauthorized access.

Learn more in this blog: How is SFTP Different from FTP?

What’s the Difference Between SFTP and FTPS?

Both protocols allow secure file sharing, with the primary difference being how the encryption occurs. FTPS uses SSL/TLS encryption for data transmission with certificate-driven authentication, while SFTP uses an SSH channel with SSH key authentication. Numerous other smaller differences occur as well, which we have covered in this blog: