The Cisco IronPort virtual edition has been out for about a year now. It’s still not quite as mature as we would like for it to be; for example, it lacks support for Hyper-V, modifying the CPU core allocation to meet peak performance demands, etc.
One of the unsupported ‘configurations’ is virtual machine snapshots.
This is what I was advised by a TAC engineer:
“The software was written for physical hardware, and operations such as snapping an image and reloading it at a later point in time, is not supported.
Our appliances often have files open, and taking a snapshot while a file is being written, can leave you with a worthless snapshot, that can’t be executed. And thats only one of the problems you may encounter
…
I can confirm it is not supported, but nevertheless it will probably work when the machine is completely shut down. It will probably fail when the machine was ‘powered on’. There are no power states like pause or standby which would take the filesystem into a state that would be safe for a snapshot.
I can confirm, no problem if version mismatch due to a revert. A “revert” of the machine (CLI> revert) also results in such a mismatch, but this is automatically resolved.”
So as you can see, snapshotting your ESA isn’t technically supported HOWEVER if you follow the basic steps below you shouldn’t have any issues.
- Gracefully shut down the ESA
- Snapshot the VM
- Start the vESA – make any changes you wish
- Restore the snapshot if you run in to problems otherwise delete the snapshot
Please note that VM snapshots are not a replacement for configuration backups – you should still be backing up your vESA config on a regular basis!
The great thing about Cisco TAC is that they will try their best to help you even if you are running an unsupported configuration – however there’s only so much they can do before closing the ticket with reason: unsupported configuration 🙂