Monday, January 21, 2008

The transformation is almost complete - Part 3

This is the final part in the saga of my intention to migrate all my network equipment (servers and workstations) into virtual machines on a single piece of hardware.
In our last episode you may remember that I had ended up doing a swing migration of my SBS 2003 server onto a new machines. After a few hiccups I had it all working. Now the final task was to migrate the stand alone ISA 2004 server I use as a firewall device.
ISA 2004
Ok, so this machine does nothing except host ISA 2004 as a firewall and web proxy. It only has a small disk and very few apps installed. My concern was because it has two network cards that there might be issues (and I was right).
So, the first attempt was again to do a Storagecraft image of the original machine and then simply do a restore to a new clean Microsoft Virtual PC (no more attempts to migrate to Vmware, two strikes were enough to convince me that I needed to do more research to understand the process). After imaging the server I restore into a Virtual PC and Windows booted but I started having all kinds of issues with ISA 2004. My guess is that this stemmed from changing both network cards in the machine simultaneously. Now I could have sat down and tried to resolve things but since this was a firewall machine  and I'd never be completely sure whether I had fixed everything, I decided that it would be better (and quicker) to rebuild a new machine from scratch. Besides, there wasn't much software to install and once I had ISA 2004 running I "should" be able to simply import the rules from the old ISA box straight into the new box (in theory).
After installing Windows Server and then ISA 2004 I exported the firewall rules from the old server and attempted to import them into the new server. On attempting this I was greeted with the following :

Hmmm, not good, catastrophic failure eh? Thinking, thinking, thinking. Bing! Ah ha, the new ISA 2004 server doesn't have ISA 2004 Service Pack 3 installed. Installed that and now the import works! Yeah.
Problem was that ISA still wasn't working correctly. When I looked at the rules I saw that they still referred to the old listener, so I changed that, still no go. I cleaned up the rules, removing what I didn't need. Still no go. I checked the configuration and network cards. Still wouldn't work. When all else fails try a reboot. Guess what? It worked after that. So even if you make changes to ISA 2004 you may still need to reboot for them to take effect.
Ahhhhh, finally done. All the machines are now virtualized and I can dispose of all the old hardware. It had taken a long while and there were plenty more bumps in the road that I expected but I had managed to do what I had set out to achieve.
In my next post I'll summarize what I found along the way with some more thinking about the whole virtualization concept as I think it has particular relevance in the SMB market. For the record I've gone from 6 different pieces of hardware into a single piece. If that doesn't cut my electricity bill I don't know what will!