Posted by: Texiwill
Edward L. Haletky, Virtualization, Virtualization security, VMware, VMware ESX, VMware ESX 3.5, VMware ESXi, VMware scripting
A common question that arises on the VMware Communities Forum is how to backup VMware ESX so that you can restore the backup if there is a problem, the theory being that this would be faster than reinstalling the server.
As stated within the VMware KB article 1000761 it is possible to restore ESX to identical hardware; however, you need to reinstall ESX first and restore the data you backed up while making changes to how the system boots, else the Universally Unique Identifier (UUID) written by the installation will not work anymore as you have overwritten the data from your backup.
This method will restore everything effectively to identical hardware, however if you want to use new hardware, perhaps with different PCI devices, then the restoration would fail to properly configure the new devices. It may even fail to properly configure NICs if there are any IRQ differences between the supposed identical hardware.
So in these cases you would have to at least verify the configuration and fix anything that was broken. This could lead to a set of unknowns from a security perspective. You are after all trusting the backup was restored properly and if it was not, then you could end up with security issues. So the verification step would have to be extremely well documented.
It is far easier to reinstall VMware ESX to the hardware and to use a either a installation document, kickstart, or other type of script to configure all the devices for you using either the Remote CLI or the VMware ESX CLI.
When restoring VMware ESX or VMware ESXi the best tool to have will be very good installation documentation that is easy to follow and has graphics and text for every step of the configuration. These documents could be reviewed for security concerns, and used to derive the scripts that could do the work for you.