ISA Server 2006 Backup and Restore Capabilities
ISA Server 2006 makes it easy to back up the entire configuration or parts of the configuration for backup purposes in case of emergency or to simply back up a configuration to clone this configuration with another ISA Server. ISA Server 2006 uses the VSS (Volume Shadow Copy Service) writer that exports the configuration to an .xml file and instructs the VSS provider to back up this XML-file. In case of a restore, the VSS provider uses this file to restore the configuration, using the ISA Server import functionality. After a backup or import is complete, the ISA Server VSS writer deletes the .xml file.
The following screenshot shows the Backup and Restore Feature of ISA Server 2006. At this point, it is possible to back up the entire ISA Server 2006 configuration with or without confidential information.
Figure 1: ISA Import / Export configuration
ISA Server 2006 provides a wizard which will help you export the configuration you want to back up. This wizard will help you to export the entire configuration with and without confidential information.
Figure 2: ISA Export Wizard
If you want to export confidential information like user passwords, RADIUS shared secrets, etc; you must enter a password, because this password is used to encrypt the export file.
Figure 3: Export confidential data
If you select Export user permission settings, the backup also contains administrative roles delegated to users and groups.
You can view the exported XML file with Microsoft Internet Explorer or any other XML capable viewer.
If you have the expertise, it is possible to modify parts of the XML file to customize some settings. After that it should be possible to import the modified XML file.
Figure 4: The XML file
After exporting the configuration to an XML file, you can use it for a normal backup or in case of emergency, or you can use the configuration to install a new ISA Server and restore the previously created backup file.
Figure 5: Export path
You should only import XML configuration files from a trusted source. Any other files may contain malicious code. There are some websites on the Internet that offer XML files for protocol definitions or entire firewall rules for specific or exotic protocols.
During the Import process you can specify if you want to Import or Overwrite (restore) the configuration. The overwrite process overwrites the entire existing configuration and is used to restore a damaged configuration.
Figure 6: Import or Overwrite the configuration
If you exported the ISA Server 2006 configuration with confidential information, you have to enter the password that you gave the export file if you want to import this confidential information.
After a successful import, click Apply to save the configuration.
It is not possible to back up an ISA Server 2006 Standard configuration and import it to ISA Server 2006 Enterprise and vice versa, because the internal format of these versions is different.
Other things to back up
What else should we have in our backup plan? It is always a good idea to back up the entire ISA Server with a backup program like the built in backup program NTBACKUP or with other backup programs like Arcserve and BackupExec.
For a normal restore process it could be enough if you reinstall ISA Server 2006 and import the XML backup file. In case of a complete operating system failure, reinstall the operating system, reinstall ISA Server and import the ISA Server backup file.
In this case you will lose any log files, created by ISA Server 2006. If your security policy disallows this you must back up the log files and database created by the MSDE database.
To create a backup of an MSDE database, use the OSQL utility:
BACKUP DATABASE mydb TO DISK = 'C:\MSDE\Backup\mydb.bak'
Figure 7: Other Directories to back up
You should also back up the entire ISA Server installation directory, because if you have for an example modified the Outlook Web Access Forms based templates to reflect your corporate design, you should also back up these files.
It is possible to create a recurring backup of the ISA Server 2006 configuration. This feature is not built into ISA Server 2006 but you can create a small script and use this script with the built in Task Scheduler from Windows Server 2003.
Create a Script with the following content and save the script with the .VBS extension.
Dim shareName: shareName = WScript.Arguments(0)
Dim xmldom : set xmldom = CreateObject("Msxml2.DOMDocument")
Dim fpc : set fpc = WScript.CreateObject("Fpc.Root")
Dim array : set array = fpc.GetContainingArray
set WSHNetwork = CreateObject("WScript.Network")
fileName=shareName & "\" & WSHNetwork.ComputerName & "-" & _
Month(Now) & "-" & Day(Now) & "-" & Year(Now) & ".xml"
array.Export xmldom, 0
To execute the script, use the following syntax:
Cscript ISA2006Back.vbs \\SERVERNAME\ISABACKUP
- Cscript is the command line interpreter to execute VB scripts.
- ISA2006Back.vbs is the VBS-Script to export the ISA configuration.
- \\ServerName is the Name of the Server to which you would copy the configuration.
- ISABACKUP is the name of the network share in which ISA Server 2006 should save the configuration.
As a next step you have to create a scheduled task that executes the script at specific times. There are several ways to create a new scheduled task. One way is to open Windows Explorer and navigate to the Windows\tasks directory.
Figure 8: ISA Export Wizard
Create a new task with the script you created earlier, specify a schedule time and create the task.
Back up parts of the ISA Server 2006 configuration
As mentioned above, it is possible to back up parts of the ISA configuration. For example, it is possible to export the entire firewall rule base, a single firewall rule or specify parts of a firewall rule, called rule elements. It is also possible to export network objects, network rules and more.
Figure 9: Export / Import specific ISA objects
In this article I showed you how to back up and restore the entire ISA Server configuration or parts of ISA objects like Firewall rules, network objects or other configuration objects. ISA Server 2006 provides an easy way to export specific data to an XML file. It is also possible to export an ISA configuration to another ISA Server to clone a configuration or parts of a configuration.
- How to Back Up and Restore an ISA Server Enterprise Configuration (Enterprise Edition)
- ISA Server 2006 and VSS Writer
- Export, Import, and Backup Functionality in ISA Server 2004
- How to back up a Microsoft Data Engine database by using Transact-SQL
- How to manage the SQL Server Desktop Engine (MSDE 2000) or SQL Server 2005 Express Edition by using the osql utility