Welcome to the IronDiff documentation. Follow the steps below to get your industrial-strength network backup system up and running.
Deployment Overview
IronDiff is deployed as a Docker container. This ensures that it runs in a consistent, hardened environment regardless of your host operating system.
Prerequisites
- Docker: Installed and running on your host.
- Internet Access: Required for the initial pull and for the auto-updater to fetch security patches.
- Port 5000: Must be available on the host for the web configuration interface.
Quick Start (Docker)
1. Register
Ensure you have an account at /register. You will need your License Key during the setup process, which can be found in your dashboard under Settings.
2. Initial Setup
Create a directory to store your configuration and persistent data:
mkdir irondiff && cd irondiff
3. Launch the Container
Run the IronDiff container. We recommend using --restart unless-stopped to ensure your backups continue after a host reboot.
Important: Replace America/Denver with your actual local timezone and your-license-key-here with the key from your portal settings.
docker run -d \
--name irondiff \
--restart unless-stopped \
-p 5000:5000 \
-v $(pwd)/config:/app/config \
-v $(pwd)/data:/app/data \
-e TZ=America/Denver \
-e LICENSE_KEY=your-license-key-here \
irondiff/irondiff --daemon
4. Initial Configuration
Navigate to https://<host-ip>:5000 in your browser.
Security Note: The container generates a self-signed certificate for the local UI by default. You will need to click “Advanced” and “Proceed” in your browser to access the interface.
Step 1: Security & Licensing
- License Key: Ensure your license key is set via the
LICENSE_KEYenvironment variable (as shown in the Docker command above). - Zero Trust Encryption: Click Generate Key to create your master encryption key. This key is used to encrypt your configurations locally before they are uploaded. CRITICAL: Store this key safely. IronDiff does not have access to this key and cannot recover your full configs without it.
Step 2: Agent Identity & Schedule
- Agent Site & Group: Define your Site Name (e.g., Customer Name) and Group Name (e.g., Branch Office). These identifiers determine how this Docker instance appears in your Cloud Portal.
- Backup Schedule: Set your backup frequency using standard Cron Notation. For example,
0 2 * * *will run a backup every day at 2:00 AM.
Step 3: Device Inventory
Add your network hardware to the inventory by providing:
- Name & Host: A descriptive name (or IP) and the reachable IP address of the device.
- Device Type: Select the appropriate driver for your hardware (e.g., Cisco IOS, Aruba).
- Credentials: Enter the SSH username and password.
- Logical Mapping: Assign a Site Name (usually the Customer) and Group Name (Location or Department) to organize your devices in the portal.
Step 4: Verification
Once a device is added, you can click Run Now to trigger an immediate backup.
- Success: The device will appear in your Cloud Portal dashboard, showing the first configuration version.
- Failure: If a backup fails, the system provides a real-time Log Output showing exactly where the connection or authentication failed.
Recommended: Auto-Updates
To ensure you always have the latest vendor redaction logic and security definitions, we highly recommend running Watchtower alongside IronDiff.
docker run -d \
--name irondiff-updater \
--restart unless-stopped \
-v /var/run/docker.sock:/var/run/docker.sock \
containrrr/watchtower \
--interval 86400 --cleanup \
irondiff
Supported Devices
IronDiff supports a wide range of networking hardware:
- Cisco: IOS, IOS-XE, ASA
- Aruba: AOS-S, AOS-CX
- Netgear ProSafe: SSH enabled
- MikroTik: RouterOS
- PFSense: XML-based configuration
- Fortinet: FortiGate
- Juniper: JunOS
Enterprise Features
For organizations requiring enterprise-grade security and user management:
- SAML Single Sign-On (SSO): Configure Enterprise Authentication to manage users via your existing IdP.
For detailed configuration of specific device types, refer to the Features page.