Documentation

Welcome to the IronDiff documentation. Follow the steps below to get your industrial-strength network backup system up and running.

Deployment Overview

IronDiff is deployed as a Docker container. This ensures that it runs in a consistent, hardened environment regardless of your host operating system.

Prerequisites

• Docker: Installed and running on your host.
• Internet Access: Required for the initial pull and for the auto-updater to fetch security patches.
• Port 5000: Must be available on the host for the web configuration interface.

Quick Start (Docker)

1. Register

Ensure you have an account at /register. You will need your License Key during the setup process, which can be found in your dashboard under Settings.

2. Initial Setup

Create a directory to store your configuration and persistent data:

mkdir irondiff
cd irondiff

3. Launch the Container

Run the IronDiff container. We recommend using --restart unless-stopped to ensure your backups continue after a host reboot.

Important: Replace America/Denver with your actual local timezone and your-license-key-here with the key from your portal settings.

docker run -d \
  --name irondiff \
  --restart unless-stopped \
  -p 5000:5000 \
  -v ./config:/app/config \
  -v ./data:/app/data \
  -e TZ=America/Denver \
  -e LICENSE_KEY=your-license-key-here \
  irondiff/irondiff --daemon

Windows Users: Remove the backslashes (\) and run the entire command on a single line.

4. Initial Configuration

Navigate to https://<host-ip>:5000 in your browser.

Understanding the SSL Warning: To guarantee a zero-knowledge architecture, IronDiff does not route your device management through our cloud. The local Docker agent automatically generates a self-signed HTTPS certificate to encrypt traffic on your internal LAN. When accessing your local server on port 5000 for the first time, your browser will flag this certificate. You can safely bypass the warning and proceed to the login screen knowing your core switch passwords remain securely behind your firewall.

Step 1: Security & Licensing

• License Key: Ensure your license key is set via the LICENSE_KEY environment variable (as shown in the Docker command above).
• Zero Trust Encryption: Click Generate Key to create your master encryption key. This key is used to encrypt your configurations locally before they are uploaded. CRITICAL: Store this key safely. IronDiff does not have access to this key and cannot recover your full configs without it.

Step 2: Agent Identity & Schedule

• Agent Site & Group: Define your Site Name (e.g., Customer Name) and Group Name (e.g., Branch Office). These identifiers determine how this Docker instance appears in your Cloud Portal.
• Backup Schedule: Set your backup frequency using standard Cron Notation. For example, 0 2 * * * will run a backup every day at 2:00 AM.

Step 3: Device Inventory

Add your network hardware to the inventory by providing:

• Name & Host: A descriptive name (or IP) and the reachable IP address of the device.
• Device Type: Select the appropriate driver for your hardware (e.g., Cisco IOS, Aruba).
• Credentials: Enter the SSH username and password.
• Logical Mapping: Assign a Site Name (usually the Customer) and Group Name (Location or Department) to organize your devices in the portal.

Step 4: Verification

Once a device is added, you can click Run Now to trigger an immediate backup.

• Success: The device will appear in your Cloud Portal dashboard, showing the first configuration version.
• Failure: If a backup fails, the system provides a real-time Log Output showing exactly where the connection or authentication failed.

Recommended: Auto-Updates

To ensure you always have the latest vendor redaction logic and security definitions, we highly recommend running Watchtower alongside IronDiff.

docker run -d \
  --name irondiff-updater \
  --restart unless-stopped \
  -v /var/run/docker.sock:/var/run/docker.sock \
  containrrr/watchtower \
  --interval 86400 --cleanup \
  irondiff

Supported Devices

IronDiff supports a wide range of networking hardware:

• Cisco: IOS, IOS-XE, ASA
• Aruba: AOS-S, AOS-CX
• Netgear ProSafe: SSH enabled
• MikroTik: RouterOS
• PFSense: XML-based configuration
• Fortinet: FortiGate
• Juniper: JunOS

Enterprise Features

For organizations requiring enterprise-grade security and user management:

• SAML Single Sign-On (SSO): Configure Enterprise Authentication to manage users via your existing IdP.

For detailed configuration of specific device types, refer to the Features page.