ISA Server 2006 makes it easy to back up the entire configuration or parts of the configuration for backup purposes in case of emergency or to simply back up a configuration to clone this configuration with another ISA Server. ISA Server 2006 uses the VSS (Volume Shadow Copy Service) writer that exports the configuration to an .xml file and instructs the VSS provider to back up this XML-file. In case of a restore, the VSS provider uses this file to restore the configuration, using the ISA Server import functionality. After a backup or import is complete, the ISA Server VSS writer deletes the .xml file.
Figure 1: ISA Import / Export configuration
Figure 2: ISA Export Wizard
Figure 3: Export confidential data
Figure 4: The XML file
Figure 5: Export path
Figure 6: Import or Overwrite the configuration
Figure 7: Other Directories to back up
The following screenshot shows the Backup and Restore Feature of ISA Server 2006. At this point, it is possible to back up the entire ISA Server 2006 configuration with or without confidential information.
Figure 1: ISA Import / Export configuration
ISA Server 2006 provides a wizard which will help you export the configuration you want to back up. This wizard will help you to export the entire configuration with and without confidential information.
Figure 2: ISA Export Wizard
If you want to export confidential information like user passwords, RADIUS shared secrets, etc; you must enter a password, because this password is used to encrypt the export file.
Figure 3: Export confidential data
If you select Export user permission settings, the backup also contains administrative roles delegated to users and groups.
You can view the exported XML file with Microsoft Internet Explorer or any other XML capable viewer.
Tip:If you have the expertise, it is possible to modify parts of the XML file to customize some settings. After that it should be possible to import the modified XML file.
Figure 4: The XML file
Import process
After exporting the configuration to an XML file, you can use it for a normal backup or in case of emergency, or you can use the configuration to install a new ISA Server and restore the previously created backup file.
Figure 5: Export path
You should only import XML configuration files from a trusted source. Any other files may contain malicious code. There are some websites on the Internet that offer XML files for protocol definitions or entire firewall rules for specific or exotic protocols.
During the Import process you can specify if you want to Import or Overwrite (restore) the configuration. The overwrite process overwrites the entire existing configuration and is used to restore a damaged configuration.
Figure 6: Import or Overwrite the configuration
If you exported the ISA Server 2006 configuration with confidential information, you have to enter the password that you gave the export file if you want to import this confidential information.
After a successful import, click Apply to save the configuration.
Please note:It is not possible to back up an ISA Server 2006 Standard configuration and import it to ISA Server 2006 Enterprise and vice versa, because the internal format of these versions is different.
Other things to back up
What else should we have in our backup plan? It is always a good idea to back up the entire ISA Server with a backup program like the built in backup program NTBACKUP or with other backup programs like Arcserve and BackupExec.
For a normal restore process it could be enough if you reinstall ISA Server 2006 and import the XML backup file. In case of a complete operating system failure, reinstall the operating system, reinstall ISA Server and import the ISA Server backup file.
In this case you will lose any log files, created by ISA Server 2006. If your security policy disallows this you must back up the log files and database created by the MSDE database.
To create a backup of an MSDE database, use the OSQL utility:
BACKUP DATABASE mydb TO DISK = 'C:\MSDE\Backup\mydb.bak'
Figure 7: Other Directories to back up
You should also back up the entire ISA Server installation directory, because if you have for an example modified the Outlook Web Access Forms based templates to reflect your corporate design, you should also back up these files.
Figure 9: Export / Import specific ISA objects
Back up parts of the ISA Server 2006 configuration
As mentioned above, it is possible to back up parts of the ISA configuration. For example, it is possible to export the entire firewall rule base, a single firewall rule or specify parts of a firewall rule, called rule elements. It is also possible to export network objects, network rules and more.
Figure 9: Export / Import specific ISA objects
0 comments:
Post a Comment