Microsoft Forefront TMG - Backup and restore capabilities

In this tutorial, I will show you how to export and import the entire Forefront TMG configuration (or some parts of the TMG configuration) for backup and test purposes.

Forefront TMG allows you to easily backup all or part of the configuration to respond to emergencies or simply clone a configuration with another forefront TMG server. Forefront TMG uses the VSS writer ( Volume Shadow Copy Service ) program to export the configuration to a .xml file and instruct the VSS provider to perform this XML file backup. In case of recovery, the VSS provider will use this file to restore the configuration by using Forefront TMG's import function.

Backup and restore the entire configuration

Launch the Forefront TMG management interface to backup or restore the entire TMG configuration. Backup for the entire TMG configuration must normally be part of your disaster recovery and prevention plan.

Launch the Export wizard .

If you want to export important information, specify a password with at least 8 characters to encrypt this information. If you also want to backup TMG administrative role user information, you need to enable the export user permissions check box.

Specify the location for the export file. The location of the saved file needs to be on an NTFS formatted partition to provide NTFS security permissions for the file and in case the server fails, you need to save the XML file on another server other than the TMG server.

Depending on the size of the TMG configuration, the export process may be quick or slow.

If you want to see the contents of the exported XML file, open this file in the Internet Explorer window or with the XML file viewer.

Page 2 : Import TMG configuration

---

Import TMG configuration

In the event of a disaster, you can completely import the entire Forefront TMG configuration. First, reinstall the operating system below if an operating system error occurs, then reinstall Forefront TMG with the default settings and launch the Forefront TMG management interface and import the TMG configuration.

Specify the location of the exported TMG configuration file.

You can completely import or overwrite the current TMG configuration. If you want to restore the entire TMG configuration, select the Overwrite (restore) option .

Select the information you want to import.

Specify the password used to protect the important information in the Forefront TMG export file to import (or override) the current TMG configuration.

The imported configuration will overwrite the existing configuration of Forefront TMG, so it is best to export the current configuration in case something goes wrong during the import process.

The import process may be fast or slow depending on the amount of information in the export file and computer configuration.

After the configuration has been successfully imported, you need to apply configuration changes, as shown in the figure below.

Backup and restore parts of TMG configuration

You can export almost everything of TMG configuration to an XML file. For example, you can export the entire set of rules for firewalls, protocol concepts, networks, etc. The figure below shows the export function for the entire Firewall Policy.

The next example displays the dialog of a set of URLs created by Forefront TMG in the Forefront TMG toolbox.

Page 3 : Import ISA Server 2006 configuration

---

Import ISA Server 2006 configuration

Supported users officially switch from ISA Server 2006 to Forefront TMG. First, export the ISA Server 2006 configuration and install Forefront TMG on the new server with Windows Server 2008 R2. After installing the operating system, launch the Forefront TMG installation. If you want to import the ISA Server 2006 configuration, close the Getting started wizard of Microsoft Forefront TMG (the Getting started wizard window will launch when you finish installing TMG) ​​and import (or override) the TMG configuration with the ISA Server configuration file 2006 has been exported.

Backup and restore using VSS Writer

You can backup and restore Forefront TMG configuration by using Volume Shadow Copy Service (VSS). In Forefront TMG, configuration is stored in an Active Directory Lightweight Directory Services instance (AD LDS). When you use VSS to backup and restore Forefront TMG configuration, Forefront TMG will call the AD LDS VSS Writer.

The name for this Writer is " ISA Writer ".

Writer ID for registration is 25F33A79-3162-4496-8A7D-CAF8E7328205 .

To see the VSS writer, launch the command prompt by executing the CMD.EXE file and enter the VSSadmin list Writers command. The screen below shows VSSadmin output.

Other things to backup

When performing a backup, it is better to back up the entire Forefront TMG Server with a backup program like the Windows Sever backup program.

For a normal recovery process, you just need to reinstall Forefront TMG and import the XML backup file. In the case of a complete operating system error, you need to reinstall the operating system, reinstall Forefront TMG and import the Forefront TMG backup file.

In case you lose the log files created by Forefront TMG and your security policy does not allow this. You must then backup the log files and databases created by the MSDE database or TMG log files.

Certificates

SSL certificates are not in the Forefront TMG backup. If you issued the certificate, then you need to export the certificates with other tools. SSL certificates are stored in the machine's internal certificate store. You can use Certutil.exe, a command line program to backup and restore SSL certificates or certificate MMC Snap In to export certificates from the graphical interface.

Conclude

In this article, we have introduced you to an overview of the ability to export and import the Microsoft Forefront TMG configuration. Forefront TMG allows you to perform backup and restore of Forefront TMG configuration or just part of the configuration.