View
1.814
Download
0
Category
Tags:
Preview:
Citation preview
© 2006-2008 Winfrasoft Corporation. All rights reserved. This publication is for informational purposes only. Winfrasoft makes no warranties, express or implied, in this summary. Winfrasoft and Backup for ISA Server are trademarks of Winfrasoft Corporation. All other trademarks are property of their respective owners.
Installation and Configuration
Guide
Installation and configuration guide
Complete Backup solution for ISA Server
Published: July 2008
Applies to: Winfrasoft Backup for ISA Server (Build 1.0.2530.0)
Web site: http://www.winfrasoft.com
Email: support@winfrasoft.com
Information in this document, including URL and other Internet Web site
references, is subject to change without notice. Unless otherwise noted, the
example companies, organisations, products, domain names, e-mail addresses,
logos, people, places and events depicted herein are fictitious, and no
association with any real company, organisation, product, domain name, e-
mail address, logo, person, place or event is intended or should be inferred.
Complying with all applicable copyright laws is the responsibility of the user.
Winfrasoft may have patents, patent applications, trademarks, copyrights, or
other intellectual property rights covering subject matter in this document.
Except as expressly provided in any written licence agreement from
Winfrasoft, the furnishing of this document does not give you any licence to
these patents, trademarks, copyrights, or other intellectual property.
Microsoft, Active Directory, ISA Server, Windows and Windows Server are
either registered trademarks or trademarks of Microsoft Corporation in the
United States and/or other countries.
The names of actual companies and products mentioned herein may be the
trademarks of their respective owners.
Copyright © 2006-2008 Winfrasoft Corporation. All rights reserved.
Table of Contents 3
Table of Contents TABLE OF CONTENTS .............................................................................................................. 3
INTRODUCTION ......................................................................................................................... 4
CONSIDERATIONS ......................................................................................................................... 4 Server System Requirements ................................................................................................... 4 Language Requirements .......................................................................................................... 4
TECHNOLOGY .............................................................................................................................. 5 BACKUP FOR ISA SERVER EDITIONS ............................................................................................ 5 LICENSING ................................................................................................................................... 5
Running a trial ........................................................................................................................ 6 Licence Manager ..................................................................................................................... 6
PRODUCT ACTIVATION ................................................................................................................ 7
DEPLOYMENT SCENARIOS .................................................................................................... 8
OVERVIEW ................................................................................................................................... 8 CONFIGURATION CHANGES MADE TO ISA SERVER ...................................................................... 8 INSTALLING BACKUP FOR ISA SERVER ...................................................................................... 10 REMOVING BACKUP FOR ISA SERVER ....................................................................................... 19
CONFIGURING BACKUP FOR ISA SERVER ...................................................................... 22
STARTING THE CONFIGURATION WIZARD FOR ISA SERVER ...................................................... 22 THE WINFRASOFT ISA SELECTION FILE (.WIS) ......................................................................... 24
.WIS File Structure ................................................................................................................ 24
.WIS File Field Definitions .................................................................................................... 24 Protecting a .WIS file password ............................................................................................ 24
COMMAND LINE & SCRIPTING OPTIONS ........................................................................ 25
RUNNING BACKUP FOR ISA SERVER ................................................................................ 26
PERFORMING A BACKUP ............................................................................................................ 26 CREATING A BACKUP SCHEDULE ............................................................................................... 32 PRE-REQUISITES FOR RESTORATION ........................................................................................... 39 PERFORMING A RESTORE ........................................................................................................... 39
TROUBLESHOOTING .............................................................................................................. 45
COMMON RESTORE ISSUES ........................................................................................................ 45 RESTORE EVENT VIEWER MESSAGES......................................................................................... 46
SSL Certificate errors ............................................................................................................ 46 3rd-party Web Filter errors .................................................................................................. 47 Web Proxy Cache errors ....................................................................................................... 48 IP Configuration errors ........................................................................................................ 49
ADDITIONAL INFORMATION .............................................................................................. 51
SUPPORT GUIDES ........................................................................................................................ 51
4 Winfrasoft Backup for ISA Server
Introduction Winfrasoft Backup for ISA Server is the world’s first compliance and disaster recovery
solution for Microsoft ISA Server.
Backup for ISA Server has been designed as a security product from the ground up to
seamlessly integrate with Microsoft ISA Server installations. To date, there is no known
method for an administrator to fully backup and restore an ISA Server, including
configuration and log data with no down time.
Backup for ISA Server is an application designed for both Standard and Enterprise Editions
of ISA Server 2004/2006 systems to:-
Backup and restore ISA Server Enterprise Edition configuration settings.
Backup and restore ISA Server Enterprise and Standard edition’s array
configuration settings.
Backup and restore Firewall log information of a stand-alone server or all servers in
an enterprise array.
Backup and restore Web Proxy log information of a stand-alone server or all servers
in an enterprise array.
Websense configuration information (optional depending on the purchased licence)
IP configuration and IP routing data
Schedule backups to run daily, weekly or monthly.
Considerations
Server System Requirements The minimum system requirements for Backup for ISA Server are:
Windows 2003 Server (32 bit)
Microsoft ISA Server
o 2004 Standard / Enterprise Edition
o 2006 Standard / Enterprise Edition
Microsoft .NET 2.0 Framework
Language Requirements Backup for ISA Server is compatible with multi-lingual versions of Windows Server 2003,
however, it is only available in UK English.
Although multi-lingual versions of Windows Server 2003 can be used, Backup for ISA
Server is ONLY compatible with the English version of ISA Server. Non-English versions of
ISA Server are NOT supported.
All configuration files are in Unicode format to support non-standard multi-lingual
characters.
Introduction 5
Technology Winfrasoft has embraced the latest security industry standard technologies from Microsoft
and other vendors to produce a highly secure and feature rich solution.
Technologies included with Winfrasoft Backup for ISA Server include:
Managed code: Built on Microsoft .NET Framework 2.0
Authenticode signed binaries
Public / Private Key cryptography: Protects the integrity of backup archive.
256bit AES Encryption (FIPS 197 compliant) on backup archive files.
PPMd compression for backup archive files achieving over 95% compaction on
average.
Soft-Token technology makes each customer installation unique and provides an
additional layer of archive protection.
Seamlessly integrates with Window’s Task Scheduler.
Fully scriptable for use with other management or scheduling tools.
Backup for ISA Server Editions Winfrasoft Backup for ISA Server is available in 2 editions:
Backup for ISA Server Enterprise Edition
Backup for ISA Server Standard Edition
Each edition is specifically designed to cater for the appropriate version of Microsoft ISA
Server deployed within an organisation.
Backup for ISA Server Standard Edition is designed for use with Microsoft ISA Server
Standard Edition only.
Backup for ISA Server Enterprise Edition provides full backup and restore functionality for
all nodes of a Microsoft ISA Server Enterprise Edition array. The log data from all array
members are included in a single backup archive and can be restored individually. Backup
for ISA Server Enterprise Edition can also be used with ISA Server Standard Edition.
For those organisations that have Websense Enterprise or Websense Web Security Suite
deployed on an ISA Server, Backup for ISA Server can also be used to backup and restore
the Websense configuration data in the same backup archive.
Licensing Winfrasoft Backup for ISA Server is licensed on a per server basis for a subscription period
of typically one, two or three years.
A licence file must be imported onto each server that the software is installed on, otherwise
the application will not function. During the installation process you will be asked to browse
for your licence file or request a trial licence over the Internet.
6 Winfrasoft Backup for ISA Server
All deployments require product activation to be performed, including evaluation
installations. Trial licences allow the full functionality of the product to be used with a
limited time period, typically 14 days from issue.
Running a trial A trial licence will allow you to make full use of the product during the validity period. You
can check the About... screen to see how many days remaining are available.
When Backup for ISA Server is first installed, Licence Manager will assist you in either
installing a full licence or applying for a trial licence. Backup for ISA Server is not able to
run without a valid licence file.
If your trial licence expires you can contact Winfrasoft and requests a new licence file or
purchase the software. When you receive a new licence you can use the Licence Manager
form the Start Menu to install the new licence file.
Licence Manager The Winfrasoft Licence Manager is a tool that allows users to request and install trial
licences. It is also able to import purchased licences which replace trial licences.
Licence Manager is first run during the installation process. It can be run again from the
Start, All Programs, Winfrasoft Backup for ISA Server, Licence Manager menu item.
Warning
Organisational information within Backup for ISA Server Licences is a key
component in the backup security process and, as such, the same licence
should be applied to all installs of Backup for ISA Server within the
organisation.
Keep your licence file safe to prevent unauthorised distribution and
activation of Backup for ISA Server licences.
Note
For detailed information on the licence types please read the licence
agreement document available on the installation CD, during installation, or
in the programs folder on the server.
Note
Licence Manager requires HTTPS access to the Winfrasoft Activation servers.
Before starting this operation, please ensure that the appropriate firewall
rules have been configured. This can be configured by running Configuration
Wizard for ISA Server and accepting the settings on the Access to Winfrasoft
page.
Introduction 7
Product Activation Winfrasoft Backup for ISA Server requires product activation for all licence types. Product
activation has been included in Backup for ISA Server to help you keep track of your licence
usage.
Product activation is a fast and secure process that is only done once per ISA Server or
Array. The activation process is automatically run when the application is first run on a
server. If activation fails for whatever reason the administrator will still be able to use
Backup for ISA Server for a further 7 days without having activated the product. After the 7
day grace period has expired you will no longer be able to perform a backup, although a
restore operation is permitted.
Product activation is performed over a secure HTTPS SSL connection to protect the
information transmitted during the activation process. The Winfrasoft activation server shall
return a unique activation code to the calling server which is stored locally. This activation
code is in turn checked each time the application starts up ensuring that it has a valid
activation code each time it is run. The re-checking of the activation code does not require a
connection back to Winfrasoft and is an entirely local operation. If the activation code is
found to be invalid the server will attempt to re-activate with Winfrasoft, and if successful,
store the new activation code on the local server.
Each server detected within an ISA Server Enterprise array will be automatically activated
by the server on which Backup for ISA Server is installed. All the activation codes are then
stored on this server. Each array member will consume a licence from the purchased
allotment. Should you install Backup for ISA Server on another array member in the same
array it will also activate all the servers in the array. In this case the Winfrasoft activation
server will reissue the same activation codes and thus will not use up extra licences.
Note
As each node in an ISA Enterprise array requires activation, please ensure
that the purchased licence quantity is sufficient to cater for all nodes in the
array.
8 Winfrasoft Backup for ISA Server
Deployment Scenarios
Overview This deployment section assumes that the ISA Server is already configured and operational.
Winfrasoft Backup for ISA Server has been designed to provide disaster recovery
capabilities for Standard and Enterprise Edition deployments of Microsoft ISA Server.
Backup for ISA Server also provides backup and restore functionality for Websense
Enterprise and Web Security Suite installations on ISA Server. It is recommended that all
deployment scenarios are tested in a lab prior to a live deployment.
Configuration Changes made to ISA Server Backup for ISA Server requires certain access permissions in order to function correctly.
This section describes the modifications made to ISA Server during the installation process.
Naturally, all configurations changes comply with the least-privilege access methodology
and are removed during the uninstall process.
Should any of the Backup for ISA Server rules be removed, they can be re-applied by
rerunning the Configuration Wizard for ISA Server.
Details
Object Computer Set
Name [Backup for ISA Server] File Servers
Description Contains the server information of the fileserver
used centralised backup storage area.
Object Firewall Policy
Name [Backup for ISA Server] File Server Access
Description Allow ‘localhost’ access to remote File Servers.
Definition Allow Microsoft CIFS(TCP and UDP) access from
‘localhost’ to ISA computer set ‘[Backup for ISA
Server] File Servers’
Dependencies Computer Set ‘[Backup for ISA Server] File Servers’
Note
Backup for ISA Server functionality is dependent on the installed licence file.
Websense enabled licences are required to backup and restore Websense
Enterprise and Web Security Suite configuration information.
Deployment Scenarios 9
Object URL Set
Name Winfrasoft Activation Service
Description HTTPs URL address for access to Winfrasoft’s
activation server
Definition https://activation.winfrasoft.com
Object URL Set
Name Winfrasoft Update Service
Description HTTP URL addresses for access to Winfrasoft’s update
server
Definition http://update.winfrasoft.com/download/*
http://update.winfrasoft.com/xml/*
Object System Policy
Name Allowed Sites
Description Ensures this configuration group is Enabled; Adds
URL Set ‘Winfrasoft Activation Service’; Adds URL
Set ‘Winfrasoft Updates Service’
Definition Included
Dependencies URL Set ‘Winfrasoft Activation Service’
URL Set ‘Winfrasoft Updates Service’
Object Firewall Policy (Enterprise Edition Only)
Name [Backup for ISA Server] Intra Array Access
Description Allow the Array member running Winfrasoft Backup for
ISA Server to access resources on other Array
members.
Definition Allow Microsoft SQL(TCP and UDP) access from ‘Array
Servers’ to ‘Array Servers’
Object Firewall Policy
Name [Backup for ISA Server] File Server Access (Websense
Only)
Description Allow the Array member running Winfrasoft Backup for
ISA Server to access fileserver resource access on
other Array members.
Definition Allow Microsoft CIFS(TCP and UDP) access from access
from ‘Array Servers’ to ‘Array Servers’
10 Winfrasoft Backup for ISA Server
Installing Backup for ISA Server Winfrasoft Backup for ISA Server must be installed on:
Each ISA Server Standard Edition server or
At least ONE server in each ISA Server Array.
(1) To start the Backup for ISA Server installation from CD, insert the CD into the drive.
Run the setup file located in the install folder:
install\Winfrasoft Backup for ISA Server Setup.exe
To start the Backup for ISA Server installation from a web download, extract the files
from the downloaded ZIP and run the setup file as follows:
install\Winfrasoft Backup for ISA Server Setup.exe
This starts the setup wizard:
(2) Click Next to continue.
Note
You do NOT need to install Backup for ISA Server on more than one server
per Enterprise Edition array. For backup redundancy, you may want to install
Backup for ISA Server on more than one server per array and alternate the
backup schedules.
Note
Ensure that the user profile that you have logged onto the ISA Server with
has administrative right and that the ISA Server firewall services are started.
Deployment Scenarios 11
(3) After reading the licence agreement click I accept the terms of the licence agreement if
you agree to the terms. Click Next to continue.
(4) Browse to the folder where you wish to install the Backup for ISA Server software or
use the default (recommended). Ensure that the destination drive has sufficient disk
space for the applications installation.
Click Next to continue.
12 Winfrasoft Backup for ISA Server
(5) Click Next to continue.
The application files are copied.
Deployment Scenarios 13
The Config Wizard for ISA Server will start. This wizard helps you to configure your
ISA Server for use with Backup for ISA Server.
(6) Click Next to continue.
(7) If required, tick the Allow access to File Shares on server box. Enter the actual host
name and the IP address of the file server that will store backup archives.
Click Next to continue.
Note
If you intend to store backup archives on a remote server, ISA Server will
require a firewall rule to allow access to the file server. If you do not have the
required firewall access to the remote file server, then backup archives can
only be stored locally. If there is an existing ISA Server rule that allows the
localhost access to remote file servers then this step does not have to be
performed.
14 Winfrasoft Backup for ISA Server
(8) Select the required options and click Next to continue.
(9) Select the required options and click Next to continue.
Note
Backup for ISA Server may require access to the Winfrasoft Activation and
Winfrasoft Update services for activation, trial licence generation and
updates. All information transmitted for licensing and activation purposes is
128bit SSL encrypted.
Note
When installed on ISA Server Enterprise Edition, Backup for ISA Server will
require access to the SQL database data on other array members in order to
back it up. The MSDE instances on the array members will be required to
support TCP/IP connections.
Access to file shares will also be required to allow for the backup of the
Websense configuration (if installed).
Deployment Scenarios 15
(10) Click Finish to close the Config Wizard for ISA Server.
(11) The changes are made to the MSDE and ISA configuration. Click OK to close.
The Licence Manager will load to allow you to configuring your licence.
16 Winfrasoft Backup for ISA Server
(12) If you already have a purchased licence file select Import a purchased licence file and
enter the full path to the licence file, or click Browse… to locate it. If you do not have
a licence file skip to step 15.
(13) Click Apply to import the selected licence
Deployment Scenarios 17
(14) Click Close when done.
(15) If you already have a purchased licence file skip to step 18. If you do not have a
licence file select Request a Trial Licence over the Internet (secured with SSL) and
enter your details.
Important
Please enter valid details when applying for a trial licence as this information
will be included in your licence file and will be written in each backup log.
This information will also be used to generate a full licence if purchased.
18 Winfrasoft Backup for ISA Server
(16) Click Apply to request and install a trial licence.
(17) Click Close when done.
The main setup wizard returns.
(18) Deselect the Run Winfrasoft Backup for ISA Server now if you do not want to start the
application now.
Click Finish to complete the setup.
Deployment Scenarios 19
Removing Backup for ISA Server To remove Backup for ISA Server from your ISA Server insert the CD into the drive and the
maintenance installation process will automatically start.
To remove Backup for ISA Server from your ISA Server insert the CD into the drive. Start the
maintenance installation process by running the setup file located in the install folder:
install\Winfrasoft Backup for ISA Server Setup.exe
Alternatively, the Uninstall process can be initiated using Windows Add or Remove Programs
in Control Panel. In the list of applications installed on the ISA Server, highlight Winfrasoft
Backup for ISA Server and then click Remove.
(1) The installation wizard will start in maintenance mode:
(2) Select Uninstall and click Next.
(3) Click Next to continue.
20 Winfrasoft Backup for ISA Server
The removal process will remove all ISA rules and objects created by the
Configuration Wizard.
(4) Click OK to continue.
If a licence file was found you will be asked if you would like to remove it from the
system. If you plan to reinstall Backup for ISA Server you may wish to leave the
licence file on the server, otherwise it can be removed.
(5) Click either Yes or No.
Deployment Scenarios 21
(6) Click Finish to complete the setup.
Note
The uninstall process will not remove any created Backup for ISA Server
backup files.
22 Winfrasoft Backup for ISA Server
Configuring Backup for ISA Server Winfrasoft Backup for ISA Server may require some configuration to allow it to work with
specific settings within your network environment. The ISA Server Configuration Wizard is
designed to assist in creating the required firewall rules and objects in ISA Server to allow
the backup operations to function correctly.
Starting the Configuration Wizard for ISA
Server Click the ISA Configuration Wizard link, from the first page of the Backup for ISA Server
wizard.
Or Select Config Wizard from the Start, All Programs, Winfrasoft Backup for ISA Server
menu.
This starts the Configuration Wizard for ISA Server.
Note
The Configuration Wizard for ISA Server should have already been run during
the installation process but can be re-run as needed.
Configuring Backup for ISA Server 23
Complete the wizard to change the configuration of ISA Server for use with Backup for ISA
Server. For further details about the options in this wizard see the Installing Backup for ISA
Server section.
24 Winfrasoft Backup for ISA Server
The Winfrasoft ISA Selection File (.WIS) A Winfrasoft ISA Selection file (.WIS) is a file which contains settings to be used with
scheduled or scripted backup operations. This file is automatically created when the Backup for
ISA Server Backup Wizard is used to create a schedule. The default file created by the Backup
for ISA Server wizard is called WIBackup.WIS and is stored in the application install folder.
A .WIS file can be created manually provided the file matches the required .WIS format. A
.WIS file is XML based and has some minimum tag requirements See .WIS Backup Selection
File Structure
.WIS File Structure <WinfrasoftISASelectionFile>
<BackupFolder>C:\ISABackup\ISABackup\bin\Debug</BackupFolder>
<BackupPassword>password</BackupPassword>
<LogTrailingDays>10</LogTrailingDays>
<IncludeISAArrayConfig>True</IncludeISAArrayConfig>
<IncludeISAEnterpriseConfig>True</IncludeISAEnterpriseConfig>
<IncludeISAFirewallLogs>True</IncludeISAFirewallLogs>
<IncludeISAWebProxyLogs>True</IncludeISAWebProxyLogs>
<IncludeWebsenseConfig>False</IncludeWebsenseConfig>
</WinfrasoftISASelectionFile>
.WIS File Field Definitions
Field Value Considerations
BackupFolder Path where backup archive will be
created.
Ensure path exists and that there is
sufficient disk space available for archive.
BackupPassword Password used to encrypt and decrypt
backup archive.
Ensure password used is 8 characters or
more.
Ensure that the WIS file is protected using
the EncryptPassword switch to encrypt
the plain text password.
Protecting a .WIS file password A .WIS file contains the password which will be used for encrypting the backup archive
files. The password in the .WIS files are encrypted by default when created by the Backup
for ISA Server wizard.
A manually created .WIS file must initially be created with a clear text password as per the
file structure example above. Once created, run Backup for ISA Server with a
/EncryptPassword switch to encrypt the password. The password is encrypted using
information contained in the licence file thus the same licence file must be used to perform
the backup.
{ISABackup install path}\ISABackup.exe /EncryptPassword MySelectionFile.WIS
Command line & scripting options 25
Command line & scripting options Backup for ISA Server can be scripted for use in custom scripts or for inclusion within 3
rd-
party scheduling applications. To execute Backup for ISA Server in the command line, start
a command prompt session and enter:
{ISABackup install path}\ISABackup.exe /{Switch}
The following operations are available via command prompt:
Option Function Required inputs
/? Displays supported command prompt
switch options as above
-
/Backup Starts an automated backup process Supply a Backup Selection File (.WIS)
/ISAConfigWizard Runs the ISA Config Wizard to configure
the required ISA Server protocols and
rules.
-
/RemoveScheduledTask Removes the Backup for ISA Server task
listed in the Windows Task Scheduler.
-
/EncryptPassword Encrypts the password in a manually
created Backup Selection File.
See the Protecting a .WIS file password
section.
Supply a Backup Selection File (.WIS)
/DebugLog Enables debug logging output.
Only utilise this option when instructed to
by a Winfrasoft support technician.
-
26 Winfrasoft Backup for ISA Server
Running Backup for ISA Server Winfrasoft Backup for ISA Server can backup a single ISA Server, or an entire ISA Server
Enterprise Edition Array from a single location.
Winfrasoft Backup for ISA Server is designed so that the restoration process can be
performed on both the original ISA Server or on separate server. A backup archive from an
ISA Server Enterprise server that contains multiple array members can be restored onto a
single ISA Server Enterprise server for log analysis purposes.
Performing a Backup To backup an ISA Server/ Array, run the Backup for ISA Server Wizard from the Start, All
Programs, Winfrasoft Backup for ISA Server, Backup for ISA Server menu.
You can also run the Backup for ISA Server Wizard by clicking the icon on the Quick
Launch toolbar.
(1) The Backup for ISA Server Welcome screen is displayed.
(2) Click Next to continue
Running Backup for ISA Server 27
(3) Select the Backup ISA Server Configuration and Logs and click Next to continue.
(4) Select which items to include in the backup archive based on the following table and
click Next to continue.
Items to Backup
The ISA Array / Server
Configuration
Selecting this option ensures that ISA Server or Array configuration is included in the
backup archive.
ISA Server or Array configuration includes firewall rules, protocol definitions, network
set definitions, user set definitions, cache configurations and VPN settings etc.
The ISA Enterprise
Configuration
Selecting this option ensures that ISA Enterprise configuration is included in the
backup archive. This option is only available with ISA Server Enterprise Edition.
Enterprise configuration includes enterprise-wide defined configured firewall rules,
protocol definitions, network set definitions, user definitions, cache configurations and
VPN Static address pools.
The ISA Server Web Proxy
Logs
Selecting this option includes logs data generated by the ISA Server Web Proxy if
logging is enabled and configured to use MSDE.
In an ISA Server Enterprise Edition deployment, Backup for ISA Server will connect to all
servers in the Array and retrieve Web Proxy logs from each individual server.
28 Winfrasoft Backup for ISA Server
The ISA Server Firewall
Logs
Selecting this option includes logs data generated by the ISA Server Firewall if logging
is enabled and configured to use MSDE.
In an ISA Server Enterprise Edition deployment, Backup for ISA Server will connect to all
servers in the Array and retrieve Firewall logs from each individual server.
Websense Configuration Selecting this option includes the Websense configuration information.
Note
This option is only available with Backup for ISA server with Websense on an ISA
Server with Websense deployment.
(5) Select One Time and click Next to continue.
(6) Select Now and click Next to continue.
Running Backup for ISA Server 29
This page will only be displayed if you selected to backup either the ISA Server Web Proxy
logs, or the ISA Server Firewall logs.
The Last x days option will backup all log files for the last x number of days. This will
include all the log transactions generated on the current day up to the time of backup.
Choosing a Date Range allows an administrator to backup log data that falls within the
specified date range.
(7) Select a log period to backup and click Next to continue.
A network share can be specified provided the ISA Server has a firewall policy enabled
allowing access to the file server resource and that the currently logged on user has write
access to the share.
A backup password is used to protect the contents of the backup archive. The
password must be at least 8 characters long but does not have to be complex.
Note
Ensure that the target output directory for backups has significant free disk
available to it as backups may be rather large.
Always store passwords in a secure location. The password entered here will
be used within the restoration process.
30 Winfrasoft Backup for ISA Server
(8) Select a backup folder where your backup archives will be written to and enter a
password. Click Next to continue.
(9) Click Finish to begin the backup process.
Please take note of any error and warning messages displayed.
Note
Any Error or Warning information will be written to the Windows Application
Event log.
Running Backup for ISA Server 31
(10) Click Close to complete the backup process.
32 Winfrasoft Backup for ISA Server
Creating a Backup Schedule To create a backup schedule for an ISA Server/ Array, run the Backup for ISA Server
Wizard from the Start, All Programs, Winfrasoft Backup for ISA Server, Backup for ISA
Server menu.
You can also run the Backup for ISA Server Wizard by clicking the icon on the Quick
Launch toolbar.
(1) The Backup for ISA Server Welcome screen is displayed.
(2) Click Next to continue
(3) Select the Backup ISA Server Configuration and Logs and click Next to continue.
Running Backup for ISA Server 33
(4) Select which items to include in the backup archive based on the following table and
click Next to continue.
Items to Backup
The ISA Array / Server
Configuration
Selecting this option ensures that ISA Server or Array configuration is included in the
backup archive.
ISA Server or Array configuration includes firewall rules, protocol definitions, network
set definitions, user set definitions, cache configurations and VPN settings etc.
The ISA Enterprise
Configuration
Selecting this option ensures that ISA Enterprise configuration is included in the
backup archive. This option is only available with ISA Server Enterprise Edition.
Enterprise configuration includes enterprise-wide defined configured firewall rules,
protocol definitions, network set definitions, user definitions, cache configurations and
VPN Static address pools.
The ISA Server Web Proxy
Logs
Selecting this option includes logs data generated by the ISA Server Web Proxy if
logging is enabled and configured to use MSDE.
In an ISA Server Enterprise Edition deployment, Backup for ISA Server will connect to all
servers in the Array and retrieve Web Proxy logs from each individual server.
The ISA Server Firewall
Logs
Selecting this option includes logs data generated by the ISA Server Firewall if logging
is enabled and configured to use MSDE.
In an ISA Server Enterprise Edition deployment, Backup for ISA Server will connect to all
servers in the Array and retrieve Firewall logs from each individual server.
Websense Configuration Selecting this option includes the Websense configuration information.
Note
This option is only available with Backup for ISA server with Websense on an ISA
Server with Websense deployment.
34 Winfrasoft Backup for ISA Server
(5) Select a backup schedule based on the following table and click Next to continue. The
Daily option will be used in this example.
Backup Schedule
One Time This option allows you to perform a backup at a once off predetermined date and time.
Daily This option allows you to perform a backup at a predetermined time of day either daily
or every x number of days.
Weekly This option allows you to perform a backup at a predetermined time on a weekly
schedule. You can configure which days of the week backups will run.
Monthly This option allows you to perform a backup at a predetermined time on a monthly
schedule. You can configure which day of the month and in which months of the year
backups will occur.
Note
When performing a backup with Backup for ISA Server no services are
restarted and the backup process runs with a below normal thread priority.
Although backups can safely be run during normal operational hours, it is
recommended that backups are performed during off-peak times.
Running Backup for ISA Server 35
Daily Schedule options.
Weekly Schedule options.
Monthly Schedule options.
36 Winfrasoft Backup for ISA Server
(6) Specify a Start time and Start date for when the daily backup run will occur and click
Next to continue.
This page will only be displayed if you selected to backup either the ISA Server Web Proxy
logs, or the ISA Server Firewall logs.
The Last x days option will backup all log files for the last x number of days. This will
include all the log transactions generated on the current day up to the time of backup.
Choosing a Date Range allows an administrator to backup log data that falls within the
specified date range.
(7) Select a log period to backup and click Next to continue.
A network share can be specified provided the ISA Server has a firewall policy
enabled allowing access to the file server resource and that the currently logged on user
has write access to the share.
Note
The first backup will occur when the above conditions are met i.e. if today is
Tuesday and you set the schedule to perform backups on Mondays only, the
first backup will only occur on Monday of the following week.
Running Backup for ISA Server 37
A backup password is used to protect the contents of the backup archive. The
password must be at least 8 characters long but does not have to be complex.
(8) Select a backup folder where your backup archives will be written to and enter a
password. Click Next to continue.
If you are scheduling a backup for an ISA Server Standard Edition server or an ISA
Enterprise Edition server with ONE array member and a LOCAL CSS then it is
recommended to use the default NT AUTHORITY\SYSTEM (aka Local System)
account. This does not require a specific service account to be created.
If you are scheduling a backup for an ISA Server Enterprise Edition server with
MORE THAN ONE array member or a remote CSS server then a specific service
account must be used. The service account requires administrator rights on the ISA
Note
Ensure that the target output directory for backups has significant free disk
available to it as backups may be rather large.
Always store passwords in a secure location. The password entered here will
be used within the restoration process.
38 Winfrasoft Backup for ISA Server
Servers and within the ISA Server Enterprise configuration. The service account does
NOT require domain admin rights and should only be a domain user level account.
(9) Specify the service account and password (if required) and click Next to continue.
(10) Click Finish to begin the backup schedule configuration.
(11) Click Close to complete the backup schedule process.
Note
A Local System account does not have access to resources on other servers.
As such, backing up data on another server such as Enterprise data stored
in a CSS or log data from another array member requires a specific service
account.
For security reasons it is recommended NOT to use an account which is a
member of the Domain Administrators group.
Running Backup for ISA Server 39
Pre-requisites for restoration Backup for ISA Server requires the server to be pre installed with Windows 2003 and ISA
Server 2004/2006 as well as all appropriate Windows and ISA Server Service Packs. This
should be rebuilt to an equivalent level of the server which the backup was performed on
whenever possible.
As Backup for ISA Server does not backup SSL certificates and 3rd
-party web filter binaries,
all instances of these objects must be manually installed on the target server prior to
performing a restore. Additional information on this topic can be found under Common
Restoration Issue.
The restoration process within Backup for ISA Server does not dynamically change the
target server IP configuration. The original IP configuration data and routing table will be
restored as text files during the restore process. This information must be reconfigured with
the OS manually.
Performing a Restore To restore an ISA Server/ Array, run the Backup for ISA Server Wizard from the Start, All
Programs, Winfrasoft Backup for ISA Server, Backup for ISA Server menu.
You can also run the Backup for ISA Server Wizard by clicking the icon on the Quick
Launch toolbar.
Backup for ISA Server archive files have a file extension of .WIB. This file type is registered
with Windows during the installation process thus you can simply double click a .WIB file to
begin the restore process. In this case skip to step 5.
(1) The Backup for ISA Server Welcome screen is displayed.
Note
If you are restoring a backup onto the same server in a non-disaster recovery
scenario then the pre-requisites will most likely already be in place.
40 Winfrasoft Backup for ISA Server
(2) Click Next to continue.
(3) Select Restore ISA Server Configuration and Logs and click Next to continue.
(4) Browse for the .WIB file to restore and click Next to continue.
Running Backup for ISA Server 41
The log file of the selected backup archive is displayed. The information includes details of
the configuration and log file data backed up as well as any error or warnings generated
during the backup process.
(5) Verify the information and Click Next to continue.
Non-greyed items indicate that they are available within the backup archive to be restored.
If an option is greyed out (e.g. Websense Configuration) either the backup archive does not
include that required data; or the current system is not capable of restoring the deselected
options.
Note
Information displayed on this page allows you to determine whether or not
the data that you wish to restore is contained within the selected backup
archive thus preventing a full restore from an incorrectly selected archive.
42 Winfrasoft Backup for ISA Server
(6) Select the options that you wish to restore, enter the original backup password and
click Next to continue.
This page will only be displayed if you selected to restore either the ISA Server Web Proxy
logs, or the ISA Server Firewall logs and the backup archive does contain this data.
The All log data option will restore all logs contained within the backup archive. Choosing a
Date Range allows an administrator to restore log data that falls within the specified date
range. The minimum start and maximum end dates are fixed within the date range of the data
stored in the backup archive.
(7) Select a log period to restore and click Next to continue.
If the restore process will overwrite existing log data then a warning is displayed.
(8) Click Yes to proceed or No to change the restore options.
Warning
After entering an incorrect password 3 times the application will close. If the
correct password is not known then a restore can not be performed.
The same licence file must be installed on the restore server as was used to
perform the backup as unique licence information is used during the
encryption process to help protect the data.
Running Backup for ISA Server 43
A list of the array information that is included in the backup archive is displayed. You can
select which server’s data you wish to restore onto the restore server. To restore the entire
array log data to the restore server tick the ISA Array and all array members will be selected.
If you want to recover logs from one specific server only select that server.
(9) Select which server’s log data should be restored and click Next to continue.
(10) Click Finish to begin the restore process.
44 Winfrasoft Backup for ISA Server
Please take note of any error and warning messages displayed.
(11) Click Close to complete the restore process.
Note
Any Error or Warning information will be written to the Windows Application
Event log.
Note
Backup for ISA Server will not restore
SSL Certificates
3rd party web filter binaries
When restoring Web Proxy and Firewall logs, Backup for ISA Server will
modify the ISA Server Delete files older than (days) setting in the MSDE
Database options to 0. This will allow Backup for ISA Server to restore log
data from any date range preventing ISA Server automatically removing it.
Troubleshooting 45
Troubleshooting
Common Restore Issues Restoration Issue Affect Resolution
SSL Certificates not
installed on target ISA
Server
Restoration of the backup archive will
appear to work, however, the ISA Server
firewall service may NOT start.
Microsoft Firewall errors will be generated
in the Windows Event Log.
See SSL Certificate errors
All certificates configured on the backed
up ISA Server must be manually installed
on the target server prior to performing a
restore.
3rd-party Web filter plug-in
is not installed on target
ISA Server
3rd-party web filters will not be
operational.
Backup for ISA Server warning message
will be generated in the event viewer.
A warning will be displayed in ISA alerts.
See 3rd-party Web Filter errors
Ensure that all 3rd-party web filters are
installed on the restore server prior to
performing a restore.
Web Proxy Cache drive on
target server has
insufficient disk space
The cache database will not be recreated
on the restored server.
Backup for ISA Server warning message
will be generated in the event viewer.
See Web Proxy Cache errors
Ensure that the restoration server has
sufficient disk-space available to allow for
the cache database to be recreated on
the same drive as the ISA Server on which
the backup was performed.
Alternatively a new cache database can
be created after the restore.
Target server IP address
information incorrect
ISA Server will attempt to bind publishing
rules and listeners to the local network
adapter and may fail. Firewall policies will
not be functional and the ISA Server may
not be able to process IP traffic correctly.
Microsoft Firewall error messages will be
generated in Event Viewer.
See IP Configuration errors
Modify the target server network adapter
IP address information to match the
information found within the restored IP
Config and IP Routing files.
46 Winfrasoft Backup for ISA Server
Restore Event Viewer Messages
SSL Certificate errors Event ID: 14060
Event ID: 14001
Troubleshooting 47
3rd-party Web Filter errors Event ID: 2026
Event ID: 2003
48 Winfrasoft Backup for ISA Server
Web Proxy Cache errors Event ID: 14176
Event ID: 14172
Troubleshooting 49
IP Configuration errors Event ID: 21125
Event ID: 21265
50 Winfrasoft Backup for ISA Server
Event ID: 21216
Additional Information 51
Additional Information
Support guides
You cannot start the Microsoft Firewall service on a server that is running ISA 2004 or ISA
2006 if you enable SSL on a Web listener:
http://support.microsoft.com/kb/940463
Microsoft ISA Server 2006 – Operations:
(http://www.microsoft.com/technet/isa/2006/operations/default.mspx)
For the latest information, see the Winfrasoft web site - http://www.winfrasoft.com.
Do you have comments about this document? Send feedback to feedback@winfrasoft.com
Recommended