ISA Server 2006 Backup and Restore Capabilities

ISA Server 2006 makes it easy to back up the entire configuration or parts of the configuration for backup purposes in case of emergency or to simply back up a configuration to clone this configuration with another ISA Server. ISA Server 2006 uses the VSS (Volume Shadow Copy Service) writer that exports the configuration to an .xml file and instructs the VSS provider to back up this XML-file. In case of a restore, the VSS provider uses this file to restore the configuration, using the ISA Server import functionality. After a backup or import is complete, the ISA Server VSS writer deletes the .xml file.



Get your copy of the German language “Microsoft ISA Server 2006 – Das Handbuch”


The following screenshot shows the Backup and Restore Feature of ISA Server 2006. At this point, it is possible to back up the entire ISA Server 2006 configuration with or without confidential information.



Figure 1:
ISA Import / Export configuration


ISA Server 2006 provides a wizard which will help you export the configuration you want to back up. This wizard will help you to export the entire configuration with and without confidential information.



Figure 2:
ISA Export Wizard


If you want to export confidential information like user passwords, RADIUS shared secrets, etc; you must enter a password, because this password is used to encrypt the export file.



Figure 3:
Export confidential data


If you select Export user permission settings, the backup also contains administrative roles delegated to users and groups.


You can view the exported XML file with Microsoft Internet Explorer or any other XML capable viewer.


Tip:
If you have the expertise, it is possible to modify parts of the XML file to customize some settings. After that it should be possible to import the modified XML file.



Figure 4:
The XML file


Import process


After exporting the configuration to an XML file, you can use it for a normal backup or in case of emergency, or you can use the configuration to install a new ISA Server and restore the previously created backup file.



Figure 5:
Export path


You should only import XML configuration files from a trusted source. Any other files may contain malicious code. There are some websites on the Internet that offer XML files for protocol definitions or entire firewall rules for specific or exotic protocols.


During the Import process you can specify if you want to Import or Overwrite (restore) the configuration. The overwrite process overwrites the entire existing configuration and is used to restore a damaged configuration.



Figure 6:
Import or Overwrite the configuration


If you exported the ISA Server 2006 configuration with confidential information, you have to enter the password that you gave the export file if you want to import this confidential information.


After a successful import, click Apply to save the configuration.


Please note:
It is not possible to back up an ISA Server 2006 Standard configuration and import it to ISA Server 2006 Enterprise and vice versa, because the internal format of these versions is different.


Other things to back up


What else should we have in our backup plan? It is always a good idea to back up the entire ISA Server with a backup program like the built in backup program NTBACKUP or with other backup programs like Arcserve and BackupExec.


For a normal restore process it could be enough if you reinstall ISA Server 2006 and import the XML backup file. In case of a complete operating system failure, reinstall the operating system, reinstall ISA Server and import the ISA Server backup file.


In this case you will lose any log files, created by ISA Server 2006. If your security policy disallows this you must back up the log files and database created by the MSDE database.


To create a backup of an MSDE database, use the OSQL utility:


BACKUP DATABASE mydb TO DISK = ‘C:\MSDE\Backup\mydb.bak’



Figure 7:
Other Directories to back up


You should also back up the entire ISA Server installation directory, because if you have for an example modified the Outlook Web Access Forms based templates to reflect your corporate design, you should also back up these files.


Automatic Backups


It is possible to create a recurring backup of the ISA Server 2006 configuration. This feature is not built into ISA Server 2006 but you can create a small script and use this script with the built in Task Scheduler from Windows Server 2003.


Create a Script with the following content and save the script with the .VBS extension.


Dim fileName
Dim WSHNetwork
Dim shareName: shareName = WScript.Arguments(0)
Dim xmldom : set xmldom = CreateObject(“Msxml2.DOMDocument”)
Dim fpc : set fpc = WScript.CreateObject(“Fpc.Root”)
Dim array : set array = fpc.GetContainingArray
set WSHNetwork = CreateObject(“WScript.Network”)
fileName=shareName & “\” & WSHNetwork.ComputerName & “-” & _
Month(Now) & “-” & Day(Now) & “-” & Year(Now) & “.xml”
array.Export xmldom, 0
xmldom.save(fileName)


To execute the script, use the following syntax:


Cscript ISA2006Back.vbs \\SERVERNAME\ISABACKUP


Explanation:



  • Cscript is the command line interpreter to execute VB scripts.
  • ISA2006Back.vbs is the VBS-Script to export the ISA configuration.
  • \\ServerName is the Name of the Server to which you would copy the configuration.
  • ISABACKUP is the name of the network share in which ISA Server 2006 should save the configuration.

Scheduled Task


As a next step you have to create a scheduled task that executes the script at specific times. There are several ways to create a new scheduled task. One way is to open Windows Explorer and navigate to the Windows\tasks directory.



Figure 8:
ISA Export Wizard


Create a new task with the script you created earlier, specify a schedule time and create the task.


Back up parts of the ISA Server 2006 configuration


As mentioned above, it is possible to back up parts of the ISA configuration. For example, it is possible to export the entire firewall rule base, a single firewall rule or specify parts of a firewall rule, called rule elements. It is also possible to export network objects, network rules and more.



Figure 9:
Export / Import specific ISA objects


Conclusion


In this article I showed you how to back up and restore the entire ISA Server configuration or parts of ISA objects like Firewall rules, network objects or other configuration objects. ISA Server 2006 provides an easy way to export specific data to an XML file. It is also possible to export an ISA configuration to another ISA Server to clone a configuration or parts of a configuration.


Related links


About The Author

Leave a Comment

Your email address will not be published. Required fields are marked *

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Scroll to Top