Backing Up IIS: A Primer

To back up a full IIS server certificate, you need to export the private-key and public-key information as well as remember the password that was assigned to the certificate key when it was created. You'll need this information to restore the backup in the future. To back up a certificate in IIS 5.0, follow the steps in the Microsoft article "How to Back Up an Internet Information Services 5.0 Server Certificate" (http://support.micro soft.com/support/kb/articles/q232/ 1/36.asp). To back up a server certificate in IIS 4.0, follow these steps:

1. Open ISM.
2. On the Microsoft Management Console (MMC) toolbar, click the Key Manager icon, which Figure 2 shows.
3. When Key Manager opens, expand the Local Computer node, then select the WWW service. Select the key you want to back up.
4. From the Key menu, choose Export Key, then select Backup File. You'll see the warning that Figure 3 shows. Click OK.
5. Enter a filename and location, then click Save.

Restoring server certificates. To restore a server certificate that you previously backed up on an IIS 5.0 machine, follow the steps in the Microsoft article "How to Import a Server Certificate for Use in Internet Information Services 5.0" (http://support.microsoft.com/support/kb/articles/q232/1/37.asp). To restore a certificate in IIS 4.0, follow these steps:

1. Open ISM.
2. Click the Key Manager icon.
3. Expand the Local Computer tree, then select the WWW service.
4. From the Key menu, choose Import Key, then select Backup File. (Note that although an option exists for restoring from a keyset, this option works only if this machine is the one on which the keyset was originally created and you haven't removed the certificate from the machine. The keyset option also assumes that you still have the original certificate request file and the certificate that the CA issued.)
5. In the Open dialog box, navigate to the backed-up key file, then click Open.
6. Enter the proper password. Note that although the certificate will appear in the list of certificates for the service, it's not yet active.
7. From the Computers menu, choose Commit Changes Now.

Diligence Is Key
This month, I've discussed different methods for backing up your Web servers, each of which has advantages and disadvantages. You can find another useful resource for backing up your IIS 5.0 machines at http://www .microsoft.com/technet/treeview/default.asp?url=/technet/prodtechnol/ iis/maintain/featusability/c02iis.asp (click the Configuring IIS Backup and Recovery link). Of course, you can take other steps to protect your server. For example, I run two different hard disks in my Web server and set them up as an NT mirror set. That way, I always have a redundant copy of my Web server.

The most important steps you can take to ensure the safety of your Web server are to properly plan your strategy, design your server's hardware and maintenance according to that server's needs, and diligently make backups and keep good records of changes and updates. Next month, I'll get back to debugging IIS. I'll show you how to address high CPU utilization problems.