Backup for ISA Server
Upcoming SlideShare
Loading in...5
×
 

Backup for ISA Server

on

  • 2,099 views

 

Statistics

Views

Total Views
2,099
Views on SlideShare
2,099
Embed Views
0

Actions

Likes
0
Downloads
60
Comments
0

0 Embeds 0

No embeds

Accessibility

Categories

Upload Details

Uploaded via as Adobe PDF

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Processing…
Post Comment
Edit your comment

Backup for ISA Server Backup for ISA Server Document Transcript

  • Installation and Configuration Guide Installation and configuration guide Complete Backup solution for ISA Server Published: July 2008 Applies to: Winfrasoft Backup for ISA Server (Build 1.0.2530.0) Web site: http://www.winfrasoft.com Email: support@winfrasoft.com © 2006-2008 Winfrasoft Corporation. All rights reserved. This publication is for informational purposes only. Winfrasoft makes no warranties, express or implied, in this summary. Winfrasoft and Backup for ISA Server are trademarks of Winfrasoft Corporation. All other trademarks are property of their respective owners.
  • Information in this document, including URL and other Internet Web site references, is subject to change without notice. Unless otherwise noted, the example companies, organisations, products, domain names, e-mail addresses, logos, people, places and events depicted herein are fictitious, and no association with any real company, organisation, product, domain name, e- mail address, logo, person, place or event is intended or should be inferred. Complying with all applicable copyright laws is the responsibility of the user. Winfrasoft may have patents, patent applications, trademarks, copyrights, or other intellectual property rights covering subject matter in this document. Except as expressly provided in any written licence agreement from Winfrasoft, the furnishing of this document does not give you any licence to these patents, trademarks, copyrights, or other intellectual property. Microsoft, Active Directory, ISA Server, Windows and Windows Server are either registered trademarks or trademarks of Microsoft Corporation in the United States and/or other countries. The names of actual companies and products mentioned herein may be the trademarks of their respective owners. Copyright © 2006-2008 Winfrasoft Corporation. All rights reserved.
  • Table of Contents 3 Table of Contents TABLE OF CONTENTS .............................................................................................................. 3 INTRODUCTION ......................................................................................................................... 4 CONSIDERATIONS......................................................................................................................... 4 Server System Requirements ................................................................................................... 4 Language Requirements .......................................................................................................... 4 TECHNOLOGY .............................................................................................................................. 5 BACKUP FOR ISA SERVER EDITIONS ............................................................................................ 5 LICENSING ................................................................................................................................... 5 Running a trial ........................................................................................................................ 6 Licence Manager ..................................................................................................................... 6 PRODUCT ACTIVATION ................................................................................................................ 7 DEPLOYMENT SCENARIOS .................................................................................................... 8 OVERVIEW ................................................................................................................................... 8 CONFIGURATION CHANGES MADE TO ISA SERVER ...................................................................... 8 INSTALLING BACKUP FOR ISA SERVER ...................................................................................... 10 REMOVING BACKUP FOR ISA SERVER ....................................................................................... 19 CONFIGURING BACKUP FOR ISA SERVER ...................................................................... 22 STARTING THE CONFIGURATION WIZARD FOR ISA SERVER ...................................................... 22 THE WINFRASOFT ISA SELECTION FILE (.WIS) ......................................................................... 24 .WIS File Structure ................................................................................................................ 24 .WIS File Field Definitions .................................................................................................... 24 Protecting a .WIS file password ............................................................................................ 24 COMMAND LINE & SCRIPTING OPTIONS ........................................................................ 25 RUNNING BACKUP FOR ISA SERVER ................................................................................ 26 PERFORMING A BACKUP ............................................................................................................ 26 CREATING A BACKUP SCHEDULE ............................................................................................... 32 PRE-REQUISITES FOR RESTORATION ........................................................................................... 39 PERFORMING A RESTORE ........................................................................................................... 39 TROUBLESHOOTING.............................................................................................................. 45 COMMON RESTORE ISSUES ........................................................................................................ 45 RESTORE EVENT VIEWER MESSAGES......................................................................................... 46 SSL Certificate errors............................................................................................................ 46 3rd-party Web Filter errors .................................................................................................. 47 Web Proxy Cache errors ....................................................................................................... 48 IP Configuration errors ........................................................................................................ 49 ADDITIONAL INFORMATION .............................................................................................. 51 SUPPORT GUIDES ........................................................................................................................ 51
  • 4 Winfrasoft Backup for ISA Server Introduction Winfrasoft Backup for ISA Server is the world’s first compliance and disaster recovery solution for Microsoft ISA Server. Backup for ISA Server has been designed as a security product from the ground up to seamlessly integrate with Microsoft ISA Server installations. To date, there is no known method for an administrator to fully backup and restore an ISA Server, including configuration and log data with no down time. Backup for ISA Server is an application designed for both Standard and Enterprise Editions of ISA Server 2004/2006 systems to:-  Backup and restore ISA Server Enterprise Edition configuration settings.  Backup and restore ISA Server Enterprise and Standard edition’s array configuration settings.  Backup and restore Firewall log information of a stand-alone server or all servers in an enterprise array.  Backup and restore Web Proxy log information of a stand-alone server or all servers in an enterprise array.  Websense configuration information (optional depending on the purchased licence)  IP configuration and IP routing data  Schedule backups to run daily, weekly or monthly. Considerations Server System Requirements The minimum system requirements for Backup for ISA Server are:  Windows 2003 Server (32 bit)  Microsoft ISA Server o 2004 Standard / Enterprise Edition o 2006 Standard / Enterprise Edition  Microsoft .NET 2.0 Framework Language Requirements Backup for ISA Server is compatible with multi-lingual versions of Windows Server 2003, however, it is only available in UK English. Although multi-lingual versions of Windows Server 2003 can be used, Backup for ISA Server is ONLY compatible with the English version of ISA Server. Non-English versions of ISA Server are NOT supported. All configuration files are in Unicode format to support non-standard multi-lingual characters.
  • Introduction 5 Technology Winfrasoft has embraced the latest security industry standard technologies from Microsoft and other vendors to produce a highly secure and feature rich solution. Technologies included with Winfrasoft Backup for ISA Server include:  Managed code: Built on Microsoft .NET Framework 2.0  Authenticode signed binaries  Public / Private Key cryptography: Protects the integrity of backup archive.  256bit AES Encryption (FIPS 197 compliant) on backup archive files.  PPMd compression for backup archive files achieving over 95% compaction on average.  Soft-Token technology makes each customer installation unique and provides an additional layer of archive protection.  Seamlessly integrates with Window’s Task Scheduler.  Fully scriptable for use with other management or scheduling tools. Backup for ISA Server Editions Winfrasoft Backup for ISA Server is available in 2 editions:  Backup for ISA Server Enterprise Edition  Backup for ISA Server Standard Edition Each edition is specifically designed to cater for the appropriate version of Microsoft ISA Server deployed within an organisation. Backup for ISA Server Standard Edition is designed for use with Microsoft ISA Server Standard Edition only. Backup for ISA Server Enterprise Edition provides full backup and restore functionality for all nodes of a Microsoft ISA Server Enterprise Edition array. The log data from all array members are included in a single backup archive and can be restored individually. Backup for ISA Server Enterprise Edition can also be used with ISA Server Standard Edition. For those organisations that have Websense Enterprise or Websense Web Security Suite deployed on an ISA Server, Backup for ISA Server can also be used to backup and restore the Websense configuration data in the same backup archive. Licensing Winfrasoft Backup for ISA Server is licensed on a per server basis for a subscription period of typically one, two or three years. A licence file must be imported onto each server that the software is installed on, otherwise the application will not function. During the installation process you will be asked to browse for your licence file or request a trial licence over the Internet.
  • 6 Winfrasoft Backup for ISA Server Warning Organisational information within Backup for ISA Server Licences is a key component in the backup security process and, as such, the same licence should be applied to all installs of Backup for ISA Server within the organisation. Keep your licence file safe to prevent unauthorised distribution and activation of Backup for ISA Server licences. All deployments require product activation to be performed, including evaluation installations. Trial licences allow the full functionality of the product to be used with a limited time period, typically 14 days from issue. Note For detailed information on the licence types please read the licence agreement document available on the installation CD, during installation, or in the programs folder on the server. Running a trial A trial licence will allow you to make full use of the product during the validity period. You can check the About... screen to see how many days remaining are available. When Backup for ISA Server is first installed, Licence Manager will assist you in either installing a full licence or applying for a trial licence. Backup for ISA Server is not able to run without a valid licence file. If your trial licence expires you can contact Winfrasoft and requests a new licence file or purchase the software. When you receive a new licence you can use the Licence Manager form the Start Menu to install the new licence file. Licence Manager The Winfrasoft Licence Manager is a tool that allows users to request and install trial licences. It is also able to import purchased licences which replace trial licences. Licence Manager is first run during the installation process. It can be run again from the Start, All Programs, Winfrasoft Backup for ISA Server, Licence Manager menu item. Note Licence Manager requires HTTPS access to the Winfrasoft Activation servers. Before starting this operation, please ensure that the appropriate firewall rules have been configured. This can be configured by running Configuration Wizard for ISA Server and accepting the settings on the Access to Winfrasoft page.
  • Introduction 7 Product Activation Winfrasoft Backup for ISA Server requires product activation for all licence types. Product activation has been included in Backup for ISA Server to help you keep track of your licence usage. Product activation is a fast and secure process that is only done once per ISA Server or Array. The activation process is automatically run when the application is first run on a server. If activation fails for whatever reason the administrator will still be able to use Backup for ISA Server for a further 7 days without having activated the product. After the 7 day grace period has expired you will no longer be able to perform a backup, although a restore operation is permitted. Product activation is performed over a secure HTTPS SSL connection to protect the information transmitted during the activation process. The Winfrasoft activation server shall return a unique activation code to the calling server which is stored locally. This activation code is in turn checked each time the application starts up ensuring that it has a valid activation code each time it is run. The re-checking of the activation code does not require a connection back to Winfrasoft and is an entirely local operation. If the activation code is found to be invalid the server will attempt to re-activate with Winfrasoft, and if successful, store the new activation code on the local server. Each server detected within an ISA Server Enterprise array will be automatically activated by the server on which Backup for ISA Server is installed. All the activation codes are then stored on this server. Each array member will consume a licence from the purchased allotment. Should you install Backup for ISA Server on another array member in the same array it will also activate all the servers in the array. In this case the Winfrasoft activation server will reissue the same activation codes and thus will not use up extra licences. Note As each node in an ISA Enterprise array requires activation, please ensure that the purchased licence quantity is sufficient to cater for all nodes in the array.
  • 8 Winfrasoft Backup for ISA Server Deployment Scenarios Overview This deployment section assumes that the ISA Server is already configured and operational. Winfrasoft Backup for ISA Server has been designed to provide disaster recovery capabilities for Standard and Enterprise Edition deployments of Microsoft ISA Server. Backup for ISA Server also provides backup and restore functionality for Websense Enterprise and Web Security Suite installations on ISA Server. It is recommended that all deployment scenarios are tested in a lab prior to a live deployment. Note Backup for ISA Server functionality is dependent on the installed licence file. Websense enabled licences are required to backup and restore Websense Enterprise and Web Security Suite configuration information. Configuration Changes made to ISA Server Backup for ISA Server requires certain access permissions in order to function correctly. This section describes the modifications made to ISA Server during the installation process. Naturally, all configurations changes comply with the least-privilege access methodology and are removed during the uninstall process. Should any of the Backup for ISA Server rules be removed, they can be re-applied by rerunning the Configuration Wizard for ISA Server. Details Object Computer Set Name [Backup for ISA Server] File Servers Description Contains the server information of the fileserver used centralised backup storage area. Object Firewall Policy Name [Backup for ISA Server] File Server Access Description Allow ‘localhost’ access to remote File Servers. Definition Allow Microsoft CIFS(TCP and UDP) access from ‘localhost’ to ISA computer set ‘[Backup for ISA Server] File Servers’ Dependencies Computer Set ‘[Backup for ISA Server] File Servers’
  • Deployment Scenarios 9 Object URL Set Name Winfrasoft Activation Service Description HTTPs URL address for access to Winfrasoft’s activation server Definition https://activation.winfrasoft.com Object URL Set Name Winfrasoft Update Service Description HTTP URL addresses for access to Winfrasoft’s update server Definition http://update.winfrasoft.com/download/* http://update.winfrasoft.com/xml/* Object System Policy Name Allowed Sites Description Ensures this configuration group is Enabled; Adds URL Set ‘Winfrasoft Activation Service’; Adds URL Set ‘Winfrasoft Updates Service’ Definition Included Dependencies URL Set ‘Winfrasoft Activation Service’ URL Set ‘Winfrasoft Updates Service’ Object Firewall Policy (Enterprise Edition Only) Name [Backup for ISA Server] Intra Array Access Description Allow the Array member running Winfrasoft Backup for ISA Server to access resources on other Array members. Definition Allow Microsoft SQL(TCP and UDP) access from ‘Array Servers’ to ‘Array Servers’ Object Firewall Policy Name [Backup for ISA Server] File Server Access (Websense Only) Description Allow the Array member running Winfrasoft Backup for ISA Server to access fileserver resource access on other Array members. Definition Allow Microsoft CIFS(TCP and UDP) access from access from ‘Array Servers’ to ‘Array Servers’
  • 10 Winfrasoft Backup for ISA Server Installing Backup for ISA Server Winfrasoft Backup for ISA Server must be installed on:  Each ISA Server Standard Edition server or  At least ONE server in each ISA Server Array. Note You do NOT need to install Backup for ISA Server on more than one server per Enterprise Edition array. For backup redundancy, you may want to install Backup for ISA Server on more than one server per array and alternate the backup schedules. (1) To start the Backup for ISA Server installation from CD, insert the CD into the drive. Run the setup file located in the install folder: installWinfrasoft Backup for ISA Server Setup.exe To start the Backup for ISA Server installation from a web download, extract the files from the downloaded ZIP and run the setup file as follows: installWinfrasoft Backup for ISA Server Setup.exe This starts the setup wizard: Note Ensure that the user profile that you have logged onto the ISA Server with has administrative right and that the ISA Server firewall services are started. (2) Click Next to continue.
  • Deployment Scenarios 11 (3) After reading the licence agreement click I accept the terms of the licence agreement if you agree to the terms. Click Next to continue. (4) Browse to the folder where you wish to install the Backup for ISA Server software or use the default (recommended). Ensure that the destination drive has sufficient disk space for the applications installation. Click Next to continue.
  • 12 Winfrasoft Backup for ISA Server (5) Click Next to continue. The application files are copied.
  • Deployment Scenarios 13 The Config Wizard for ISA Server will start. This wizard helps you to configure your ISA Server for use with Backup for ISA Server. (6) Click Next to continue. Note If you intend to store backup archives on a remote server, ISA Server will require a firewall rule to allow access to the file server. If you do not have the required firewall access to the remote file server, then backup archives can only be stored locally. If there is an existing ISA Server rule that allows the localhost access to remote file servers then this step does not have to be performed. (7) If required, tick the Allow access to File Shares on server box. Enter the actual host name and the IP address of the file server that will store backup archives. Click Next to continue.
  • 14 Winfrasoft Backup for ISA Server Note Backup for ISA Server may require access to the Winfrasoft Activation and Winfrasoft Update services for activation, trial licence generation and updates. All information transmitted for licensing and activation purposes is 128bit SSL encrypted. (8) Select the required options and click Next to continue. Note When installed on ISA Server Enterprise Edition, Backup for ISA Server will require access to the SQL database data on other array members in order to back it up. The MSDE instances on the array members will be required to support TCP/IP connections. Access to file shares will also be required to allow for the backup of the Websense configuration (if installed). (9) Select the required options and click Next to continue.
  • Deployment Scenarios 15 (10) Click Finish to close the Config Wizard for ISA Server. (11) The changes are made to the MSDE and ISA configuration. Click OK to close. The Licence Manager will load to allow you to configuring your licence.
  • 16 Winfrasoft Backup for ISA Server (12) If you already have a purchased licence file select Import a purchased licence file and enter the full path to the licence file, or click Browse… to locate it. If you do not have a licence file skip to step 15. (13) Click Apply to import the selected licence
  • Deployment Scenarios 17 (14) Click Close when done. (15) If you already have a purchased licence file skip to step 18. If you do not have a licence file select Request a Trial Licence over the Internet (secured with SSL) and enter your details. Important Please enter valid details when applying for a trial licence as this information will be included in your licence file and will be written in each backup log. This information will also be used to generate a full licence if purchased.
  • 18 Winfrasoft Backup for ISA Server (16) Click Apply to request and install a trial licence. (17) Click Close when done. The main setup wizard returns. (18) Deselect the Run Winfrasoft Backup for ISA Server now if you do not want to start the application now. Click Finish to complete the setup.
  • Deployment Scenarios 19 Removing Backup for ISA Server To remove Backup for ISA Server from your ISA Server insert the CD into the drive and the maintenance installation process will automatically start. To remove Backup for ISA Server from your ISA Server insert the CD into the drive. Start the maintenance installation process by running the setup file located in the install folder: installWinfrasoft Backup for ISA Server Setup.exe Alternatively, the Uninstall process can be initiated using Windows Add or Remove Programs in Control Panel. In the list of applications installed on the ISA Server, highlight Winfrasoft Backup for ISA Server and then click Remove. (1) The installation wizard will start in maintenance mode: (2) Select Uninstall and click Next. (3) Click Next to continue.
  • 20 Winfrasoft Backup for ISA Server The removal process will remove all ISA rules and objects created by the Configuration Wizard. (4) Click OK to continue. If a licence file was found you will be asked if you would like to remove it from the system. If you plan to reinstall Backup for ISA Server you may wish to leave the licence file on the server, otherwise it can be removed. (5) Click either Yes or No.
  • Deployment Scenarios 21 (6) Click Finish to complete the setup. Note The uninstall process will not remove any created Backup for ISA Server backup files.
  • 22 Winfrasoft Backup for ISA Server Configuring Backup for ISA Server Winfrasoft Backup for ISA Server may require some configuration to allow it to work with specific settings within your network environment. The ISA Server Configuration Wizard is designed to assist in creating the required firewall rules and objects in ISA Server to allow the backup operations to function correctly. Note The Configuration Wizard for ISA Server should have already been run during the installation process but can be re-run as needed. Starting the Configuration Wizard for ISA Server Click the ISA Configuration Wizard link, from the first page of the Backup for ISA Server wizard. Or Select Config Wizard from the Start, All Programs, Winfrasoft Backup for ISA Server menu. This starts the Configuration Wizard for ISA Server.
  • Configuring Backup for ISA Server 23 Complete the wizard to change the configuration of ISA Server for use with Backup for ISA Server. For further details about the options in this wizard see the Installing Backup for ISA Server section.
  • 24 Winfrasoft Backup for ISA Server The Winfrasoft ISA Selection File (.WIS) A Winfrasoft ISA Selection file (.WIS) is a file which contains settings to be used with scheduled or scripted backup operations. This file is automatically created when the Backup for ISA Server Backup Wizard is used to create a schedule. The default file created by the Backup for ISA Server wizard is called WIBackup.WIS and is stored in the application install folder. A .WIS file can be created manually provided the file matches the required .WIS format. A .WIS file is XML based and has some minimum tag requirements See .WIS Backup Selection File Structure .WIS File Structure <WinfrasoftISASelectionFile> <BackupFolder>C:ISABackupISABackupbinDebug</BackupFolder> <BackupPassword>password</BackupPassword> <LogTrailingDays>10</LogTrailingDays> <IncludeISAArrayConfig>True</IncludeISAArrayConfig> <IncludeISAEnterpriseConfig>True</IncludeISAEnterpriseConfig> <IncludeISAFirewallLogs>True</IncludeISAFirewallLogs> <IncludeISAWebProxyLogs>True</IncludeISAWebProxyLogs> <IncludeWebsenseConfig>False</IncludeWebsenseConfig> </WinfrasoftISASelectionFile> .WIS File Field Definitions Field Value Considerations BackupFolder Path where backup archive will be Ensure path exists and that there is created. sufficient disk space available for archive. BackupPassword Password used to encrypt and decrypt Ensure password used is 8 characters or backup archive. more. Ensure that the WIS file is protected using the EncryptPassword switch to encrypt the plain text password. Protecting a .WIS file password A .WIS file contains the password which will be used for encrypting the backup archive files. The password in the .WIS files are encrypted by default when created by the Backup for ISA Server wizard. A manually created .WIS file must initially be created with a clear text password as per the file structure example above. Once created, run Backup for ISA Server with a /EncryptPassword switch to encrypt the password. The password is encrypted using information contained in the licence file thus the same licence file must be used to perform the backup. {ISABackup install path}ISABackup.exe /EncryptPassword MySelectionFile.WIS
  • Command line & scripting options 25 Command line & scripting options Backup for ISA Server can be scripted for use in custom scripts or for inclusion within 3 rd- party scheduling applications. To execute Backup for ISA Server in the command line, start a command prompt session and enter: {ISABackup install path}ISABackup.exe /{Switch} The following operations are available via command prompt: Option Function Required inputs /? Displays supported command prompt - switch options as above /Backup Starts an automated backup process Supply a Backup Selection File (.WIS) /ISAConfigWizard Runs the ISA Config Wizard to configure - the required ISA Server protocols and rules. /RemoveScheduledTask Removes the Backup for ISA Server task - listed in the Windows Task Scheduler. /EncryptPassword Encrypts the password in a manually Supply a Backup Selection File (.WIS) created Backup Selection File. See the Protecting a .WIS file password section. /DebugLog Enables debug logging output. - Only utilise this option when instructed to by a Winfrasoft support technician.
  • 26 Winfrasoft Backup for ISA Server Running Backup for ISA Server Winfrasoft Backup for ISA Server can backup a single ISA Server, or an entire ISA Server Enterprise Edition Array from a single location. Winfrasoft Backup for ISA Server is designed so that the restoration process can be performed on both the original ISA Server or on separate server. A backup archive from an ISA Server Enterprise server that contains multiple array members can be restored onto a single ISA Server Enterprise server for log analysis purposes. Performing a Backup To backup an ISA Server/ Array, run the Backup for ISA Server Wizard from the Start, All Programs, Winfrasoft Backup for ISA Server, Backup for ISA Server menu. You can also run the Backup for ISA Server Wizard by clicking the icon on the Quick Launch toolbar. (1) The Backup for ISA Server Welcome screen is displayed. (2) Click Next to continue
  • Running Backup for ISA Server 27 (3) Select the Backup ISA Server Configuration and Logs and click Next to continue. (4) Select which items to include in the backup archive based on the following table and click Next to continue. Items to Backup The ISA Array / Server Selecting this option ensures that ISA Server or Array configuration is included in the Configuration backup archive. ISA Server or Array configuration includes firewall rules, protocol definitions, network set definitions, user set definitions, cache configurations and VPN settings etc. The ISA Enterprise Selecting this option ensures that ISA Enterprise configuration is included in the Configuration backup archive. This option is only available with ISA Server Enterprise Edition. Enterprise configuration includes enterprise-wide defined configured firewall rules, protocol definitions, network set definitions, user definitions, cache configurations and VPN Static address pools. The ISA Server Web Proxy Selecting this option includes logs data generated by the ISA Server Web Proxy if Logs logging is enabled and configured to use MSDE. In an ISA Server Enterprise Edition deployment, Backup for ISA Server will connect to all servers in the Array and retrieve Web Proxy logs from each individual server.
  • 28 Winfrasoft Backup for ISA Server The ISA Server Firewall Selecting this option includes logs data generated by the ISA Server Firewall if logging Logs is enabled and configured to use MSDE. In an ISA Server Enterprise Edition deployment, Backup for ISA Server will connect to all servers in the Array and retrieve Firewall logs from each individual server. Websense Configuration Selecting this option includes the Websense configuration information. Note This option is only available with Backup for ISA server with Websense on an ISA Server with Websense deployment. (5) Select One Time and click Next to continue. (6) Select Now and click Next to continue.
  • Running Backup for ISA Server 29 This page will only be displayed if you selected to backup either the ISA Server Web Proxy logs, or the ISA Server Firewall logs. The Last x days option will backup all log files for the last x number of days. This will include all the log transactions generated on the current day up to the time of backup. Choosing a Date Range allows an administrator to backup log data that falls within the specified date range. (7) Select a log period to backup and click Next to continue. A network share can be specified provided the ISA Server has a firewall policy enabled allowing access to the file server resource and that the currently logged on user has write access to the share. A backup password is used to protect the contents of the backup archive. The password must be at least 8 characters long but does not have to be complex. Note Ensure that the target output directory for backups has significant free disk available to it as backups may be rather large. Always store passwords in a secure location. The password entered here will be used within the restoration process.
  • 30 Winfrasoft Backup for ISA Server (8) Select a backup folder where your backup archives will be written to and enter a password. Click Next to continue. (9) Click Finish to begin the backup process. Please take note of any error and warning messages displayed. Note Any Error or Warning information will be written to the Windows Application Event log.
  • Running Backup for ISA Server 31 (10) Click Close to complete the backup process.
  • 32 Winfrasoft Backup for ISA Server Creating a Backup Schedule To create a backup schedule for an ISA Server/ Array, run the Backup for ISA Server Wizard from the Start, All Programs, Winfrasoft Backup for ISA Server, Backup for ISA Server menu. You can also run the Backup for ISA Server Wizard by clicking the icon on the Quick Launch toolbar. (1) The Backup for ISA Server Welcome screen is displayed. (2) Click Next to continue (3) Select the Backup ISA Server Configuration and Logs and click Next to continue.
  • Running Backup for ISA Server 33 (4) Select which items to include in the backup archive based on the following table and click Next to continue. Items to Backup The ISA Array / Server Selecting this option ensures that ISA Server or Array configuration is included in the Configuration backup archive. ISA Server or Array configuration includes firewall rules, protocol definitions, network set definitions, user set definitions, cache configurations and VPN settings etc. The ISA Enterprise Selecting this option ensures that ISA Enterprise configuration is included in the Configuration backup archive. This option is only available with ISA Server Enterprise Edition. Enterprise configuration includes enterprise-wide defined configured firewall rules, protocol definitions, network set definitions, user definitions, cache configurations and VPN Static address pools. The ISA Server Web Proxy Selecting this option includes logs data generated by the ISA Server Web Proxy if Logs logging is enabled and configured to use MSDE. In an ISA Server Enterprise Edition deployment, Backup for ISA Server will connect to all servers in the Array and retrieve Web Proxy logs from each individual server. The ISA Server Firewall Selecting this option includes logs data generated by the ISA Server Firewall if logging Logs is enabled and configured to use MSDE. In an ISA Server Enterprise Edition deployment, Backup for ISA Server will connect to all servers in the Array and retrieve Firewall logs from each individual server. Websense Configuration Selecting this option includes the Websense configuration information. Note This option is only available with Backup for ISA server with Websense on an ISA Server with Websense deployment.
  • 34 Winfrasoft Backup for ISA Server (5) Select a backup schedule based on the following table and click Next to continue. The Daily option will be used in this example. Backup Schedule One Time This option allows you to perform a backup at a once off predetermined date and time. Daily This option allows you to perform a backup at a predetermined time of day either daily or every x number of days. Weekly This option allows you to perform a backup at a predetermined time on a weekly schedule. You can configure which days of the week backups will run. Monthly This option allows you to perform a backup at a predetermined time on a monthly schedule. You can configure which day of the month and in which months of the year backups will occur. Note When performing a backup with Backup for ISA Server no services are restarted and the backup process runs with a below normal thread priority. Although backups can safely be run during normal operational hours, it is recommended that backups are performed during off-peak times.
  • Running Backup for ISA Server 35 Daily Schedule options. Weekly Schedule options. Monthly Schedule options.
  • 36 Winfrasoft Backup for ISA Server Note The first backup will occur when the above conditions are met i.e. if today is Tuesday and you set the schedule to perform backups on Mondays only, the first backup will only occur on Monday of the following week. (6) Specify a Start time and Start date for when the daily backup run will occur and click Next to continue. This page will only be displayed if you selected to backup either the ISA Server Web Proxy logs, or the ISA Server Firewall logs. The Last x days option will backup all log files for the last x number of days. This will include all the log transactions generated on the current day up to the time of backup. Choosing a Date Range allows an administrator to backup log data that falls within the specified date range. (7) Select a log period to backup and click Next to continue. A network share can be specified provided the ISA Server has a firewall policy enabled allowing access to the file server resource and that the currently logged on user has write access to the share.
  • Running Backup for ISA Server 37 A backup password is used to protect the contents of the backup archive. The password must be at least 8 characters long but does not have to be complex. Note Ensure that the target output directory for backups has significant free disk available to it as backups may be rather large. Always store passwords in a secure location. The password entered here will be used within the restoration process. (8) Select a backup folder where your backup archives will be written to and enter a password. Click Next to continue. If you are scheduling a backup for an ISA Server Standard Edition server or an ISA Enterprise Edition server with ONE array member and a LOCAL CSS then it is recommended to use the default NT AUTHORITYSYSTEM (aka Local System) account. This does not require a specific service account to be created. If you are scheduling a backup for an ISA Server Enterprise Edition server with MORE THAN ONE array member or a remote CSS server then a specific service account must be used. The service account requires administrator rights on the ISA
  • 38 Winfrasoft Backup for ISA Server Servers and within the ISA Server Enterprise configuration. The service account does NOT require domain admin rights and should only be a domain user level account. Note A Local System account does not have access to resources on other servers. As such, backing up data on another server such as Enterprise data stored in a CSS or log data from another array member requires a specific service account. For security reasons it is recommended NOT to use an account which is a member of the Domain Administrators group. (9) Specify the service account and password (if required) and click Next to continue. (10) Click Finish to begin the backup schedule configuration. (11) Click Close to complete the backup schedule process.
  • Running Backup for ISA Server 39 Pre-requisites for restoration Backup for ISA Server requires the server to be pre installed with Windows 2003 and ISA Server 2004/2006 as well as all appropriate Windows and ISA Server Service Packs. This should be rebuilt to an equivalent level of the server which the backup was performed on whenever possible. As Backup for ISA Server does not backup SSL certificates and 3 rd-party web filter binaries, all instances of these objects must be manually installed on the target server prior to performing a restore. Additional information on this topic can be found under Common Restoration Issue. The restoration process within Backup for ISA Server does not dynamically change the target server IP configuration. The original IP configuration data and routing table will be restored as text files during the restore process. This information must be reconfigured with the OS manually. Note If you are restoring a backup onto the same server in a non-disaster recovery scenario then the pre-requisites will most likely already be in place. Performing a Restore To restore an ISA Server/ Array, run the Backup for ISA Server Wizard from the Start, All Programs, Winfrasoft Backup for ISA Server, Backup for ISA Server menu. You can also run the Backup for ISA Server Wizard by clicking the icon on the Quick Launch toolbar. Backup for ISA Server archive files have a file extension of .WIB. This file type is registered with Windows during the installation process thus you can simply double click a .WIB file to begin the restore process. In this case skip to step 5. (1) The Backup for ISA Server Welcome screen is displayed.
  • 40 Winfrasoft Backup for ISA Server (2) Click Next to continue. (3) Select Restore ISA Server Configuration and Logs and click Next to continue. (4) Browse for the .WIB file to restore and click Next to continue.
  • Running Backup for ISA Server 41 The log file of the selected backup archive is displayed. The information includes details of the configuration and log file data backed up as well as any error or warnings generated during the backup process. Note Information displayed on this page allows you to determine whether or not the data that you wish to restore is contained within the selected backup archive thus preventing a full restore from an incorrectly selected archive. (5) Verify the information and Click Next to continue. Non-greyed items indicate that they are available within the backup archive to be restored. If an option is greyed out (e.g. Websense Configuration) either the backup archive does not include that required data; or the current system is not capable of restoring the deselected options.
  • 42 Winfrasoft Backup for ISA Server Warning After entering an incorrect password 3 times the application will close. If the correct password is not known then a restore can not be performed. The same licence file must be installed on the restore server as was used to perform the backup as unique licence information is used during the encryption process to help protect the data. (6) Select the options that you wish to restore, enter the original backup password and click Next to continue. This page will only be displayed if you selected to restore either the ISA Server Web Proxy logs, or the ISA Server Firewall logs and the backup archive does contain this data. The All log data option will restore all logs contained within the backup archive. Choosing a Date Range allows an administrator to restore log data that falls within the specified date range. The minimum start and maximum end dates are fixed within the date range of the data stored in the backup archive. (7) Select a log period to restore and click Next to continue. If the restore process will overwrite existing log data then a warning is displayed. (8) Click Yes to proceed or No to change the restore options.
  • Running Backup for ISA Server 43 A list of the array information that is included in the backup archive is displayed. You can select which server’s data you wish to restore onto the restore server. To restore the entire array log data to the restore server tick the ISA Array and all array members will be selected. If you want to recover logs from one specific server only select that server. (9) Select which server’s log data should be restored and click Next to continue. (10) Click Finish to begin the restore process.
  • 44 Winfrasoft Backup for ISA Server Please take note of any error and warning messages displayed. Note Any Error or Warning information will be written to the Windows Application Event log. (11) Click Close to complete the restore process. Note Backup for ISA Server will not restore  SSL Certificates  3rd party web filter binaries When restoring Web Proxy and Firewall logs, Backup for ISA Server will modify the ISA Server Delete files older than (days) setting in the MSDE Database options to 0. This will allow Backup for ISA Server to restore log data from any date range preventing ISA Server automatically removing it.
  • Troubleshooting 45 Troubleshooting Common Restore Issues Restoration Issue Affect Resolution SSL Certificates not Restoration of the backup archive will All certificates configured on the backed installed on target ISA appear to work, however, the ISA Server up ISA Server must be manually installed Server firewall service may NOT start. on the target server prior to performing a Microsoft Firewall errors will be generated restore. in the Windows Event Log. See SSL Certificate errors 3rd-party Web filter plug-in 3rd-party web filters will not be Ensure that all 3rd-party web filters are is not installed on target operational. installed on the restore server prior to ISA Server Backup for ISA Server warning message performing a restore. will be generated in the event viewer. A warning will be displayed in ISA alerts. See 3rd-party Web Filter errors Web Proxy Cache drive on The cache database will not be recreated Ensure that the restoration server has target server has on the restored server. sufficient disk-space available to allow for insufficient disk space Backup for ISA Server warning message the cache database to be recreated on will be generated in the event viewer. the same drive as the ISA Server on which the backup was performed. See Web Proxy Cache errors Alternatively a new cache database can be created after the restore. Target server IP address ISA Server will attempt to bind publishing Modify the target server network adapter information incorrect rules and listeners to the local network IP address information to match the adapter and may fail. Firewall policies will information found within the restored IP not be functional and the ISA Server may Config and IP Routing files. not be able to process IP traffic correctly. Microsoft Firewall error messages will be generated in Event Viewer. See IP Configuration errors
  • 46 Winfrasoft Backup for ISA Server Restore Event Viewer Messages SSL Certificate errors Event ID: 14060 Event ID: 14001
  • Troubleshooting 47 3rd-party Web Filter errors Event ID: 2026 Event ID: 2003
  • 48 Winfrasoft Backup for ISA Server Web Proxy Cache errors Event ID: 14176 Event ID: 14172
  • Troubleshooting 49 IP Configuration errors Event ID: 21125 Event ID: 21265
  • 50 Winfrasoft Backup for ISA Server Event ID: 21216
  • Additional Information 51 Additional Information Support guides You cannot start the Microsoft Firewall service on a server that is running ISA 2004 or ISA 2006 if you enable SSL on a Web listener: http://support.microsoft.com/kb/940463 Microsoft ISA Server 2006 – Operations: (http://www.microsoft.com/technet/isa/2006/operations/default.mspx) For the latest information, see the Winfrasoft web site - http://www.winfrasoft.com. Do you have comments about this document? Send feedback to feedback@winfrasoft.com