1. Manuals
  2. Brands
  3. Novell Manuals
  4. Software
  5. ZENWORKS 10 CONFIGURATION MANAGEMENT SP3 - COMMAND LINE UTILITIES REFERENCE 10.3...
  6. System planning manual

Novell ZENWORKS 10 CONFIGURATION MANAGEMENT SP3 - SYSTEM PLANNING-DEPLOYMENT-BEST PRACTICES GUIDE 10.3 30-03-2010 System Planning Manual

System planning, deployment, and best practices guide
Hide thumbs Also See for ZENWORKS 10 CONFIGURATION MANAGEMENT SP3 - SYSTEM PLANNING-DEPLOYMENT-BEST PRACTICES GUIDE 10.3 30-03-2010:
Table of Contents

Advertisement

Quick Links

Download this manual See also: Reference Manual, Information Manual
AUTHORIZED DOCUMENTATION
System Planning, Deployment, and Best Practices Guide
Novell
®
ZENworks
10 Configuration Management SP3
®
10.3
March 30, 2010
www.novell.com
System Planning, Deployment, and Best Practices Guide

Advertisement

Table of Contents
loading

Related Manuals for Novell ZENWORKS 10 CONFIGURATION MANAGEMENT SP3 - SYSTEM PLANNING-DEPLOYMENT-BEST PRACTICES GUIDE 10.3 30-03-2010

Summary of Contents for Novell ZENWORKS 10 CONFIGURATION MANAGEMENT SP3 - SYSTEM PLANNING-DEPLOYMENT-BEST PRACTICES GUIDE 10.3 30-03-2010

  • Page 1 AUTHORIZED DOCUMENTATION System Planning, Deployment, and Best Practices Guide Novell ® ZENworks 10 Configuration Management SP3 ® 10.3 March 30, 2010 www.novell.com System Planning, Deployment, and Best Practices Guide...
  • Page 2 Further, Novell, Inc., reserves the right to make changes to any and all parts of Novell software, at any time, without any obligation to notify any person or entity of such changes.
  • Page 3 Novell Trademarks For Novell trademarks, see the Novell Trademark and Service Mark list (http://www.novell.com/company/legal/ trademarks/tmlist.html). Third-Party Materials All third-party trademarks are the property of their respective owners.
  • Page 4 System Planning, Deployment, and Best Practices Guide...

  • Page 5: Table Of Contents

    Load Testing in the Novell SuperLab........
  • Page 6 Novell eDirectory ........
  • Page 7 A.3.2 The ZENworks Content Repository ........96 Logging Information .
  • Page 8 System Planning, Deployment, and Best Practices Guide...

  • Page 9: About This Guide

    ZENworks 10 Configuration Management SP3 (10.3) documentation (http:// www.novell.com/documentation/zcm10/). Documentation Conventions In Novell documentation, a greater-than symbol (>) is used to separate actions within a step and items in a cross-reference path. ® A trademark symbol ( , etc.) denotes a Novell trademark.
  • Page 10 When a single pathname can be written with a backslash for some platforms or a forward slash for other platforms, the pathname is presented with a backslash. Users of platforms that require a forward slash, such as Linux*, should use forward slashes as required by your software. System Planning, Deployment, and Best Practices Guide...

  • Page 11: Zenworks Configuration Management: A Single Solution For Systems Management

    This guide is not meant to replace the other online resources that Novell provides to customers and partners, but to supplement that material so that you have a better understanding of certain design-related topics and requirements.

  • Page 12: The Management Paradigm

    1.2 The Management Paradigm All design features of the new ZENworks Configuration Management architecture flow from the basic Novell philosophy of the Open Enterprise: a simple, secure, productive, and integrated IT environment across mixed systems. ZENworks Configuration Management empowers IT staff to manage systems to support real users, with all their various security, location, device, and other needs, while keeping simple, centralized control over the entire end-user environment.

  • Page 13: The Solution: Zenworks Configuration Management

    This approach tends to force users into rigid roles instead of supporting users as dynamic participants in evolving business processes. For that reason, Novell has not focused on device-based management in the past.
  • Page 14 ITIL best practices and disciplines. To find out more about our vision, visit the Novell ZENworks Configuration Management product page (http://www.novell.com/zenworks) and download the white paper entitled A Blueprint for Better Management from the Desktop to the Data Center.

  • Page 15: Performing Pre-Design Activities

    A firm understanding of the organization’s business and technical requirements and the existing ® ® infrastructure components that will take part in the Novell ZENworks Configuration Management system is the first step in developing a solid design that meets the organization’s immediate and future needs.

  • Page 16: Perform A Technical Assessment

    The following list presents some ideas on how to perform the business assessment. You might think of more ideas; use your imagination and tailor your business assessment according to each organization's unique landscape. Hold informal workshops and invite leaders from each department. Survey departmental leaders and find out what they need to become more effective in their roles.

  • Page 17: Gather Other Critical Information

    Which network infrastructure components and design (DMZ, NAT, and so forth) must be supported? What is the directory services design, including which directory services are being utilized ® (Novell eDirectory , Microsoft* Active Directory*, and so forth), and for what purpose (Application support, LDAP, and so forth)? 2.3 Gather Other Critical Information You should also be familiar with other services that are running on the network and that rely on the infrastructure.

  • Page 18: Develop High-Level Design

    Is the customer using another framework product in its infrastructure, such as IBM* Tivoli*, CA Unicenter*, or HP* OpenView*? Does the customer leverage other products, such as SAP? What other major projects are currently taking place at the customers sites? 2.4 Develop High-Level Design After you have completed gathering data to use when building the design of the infrastructure, you can then develop a high-level design.

  • Page 19: Outputs From Pre-Design Activities

    2.6 Outputs from Pre-Design Activities As mentioned in Section 2.4, “Develop High-Level Design,” on page 18, there are two main outputs (or deliverables) from your pre-design activities: Assessment document: This document highlights all of your findings from the business and technical assessments that you perform.
  • Page 20 System Planning, Deployment, and Best Practices Guide...

  • Page 21: Gathering Critical Information For Design Activities

    Design Activities After you have created your high-level design, you need to gather additional information to help you ® ® design your specific implementation. Introducing Novell ZENworks Configuration Management into an environment involves the efforts, considerations, and input from multiple sources.

  • Page 22: Required Functionality

    ZENworks Adaptive Agents cannot check into the ZENworks Management Zone. Management Structure ® With the previous generation of ZENworks, the technology was tied closely to Novell eDirectory ® In traditional NetWare or eDirectory file and print environments, ZENworks is structured according to the design of eDirectory and was therefore based on geography.

  • Page 23: Staging And Grouping

    Rights: When files are stored in a traditional file and print model, the rights to these locations must be managed carefully. If users roam between sites, they might need access to all application repositories to ensure that applications can be installed and verified at any location. With ZENworks Configuration Management, bundles can be created to install applications from mapped network drives and UNC paths as before.

  • Page 24: Infrastructure Placement

    Early adopters: Identify early adopters who will test deployment in each business unit and geographical location. Home workers/VPN users: Identify home workers or users who use a VPN so they can help test deployment via DMZ and VPN connections. VIP users: Identify important users whose devices require special focus and attention. You might want to transition executive laptops and workstations at the end of deployment.

  • Page 25: Scalability Of The Primary Server

    The following sections contain more information: Section 3.2.1, “Factors Influencing Scalability,” on page 26 Section 3.2.2, “Load Testing in the Novell SuperLab,” on page 26 Section 3.2.3, “Achieving Scalability in the Real World,” on page 29 Gathering Critical Information for Design Activities...

  • Page 26: Factors Influencing Scalability

    Number and frequency of reports run by administrators 3.2.2 Load Testing in the Novell SuperLab ZENworks Configuration Management is tested in the Novell SuperLab in Provo, Utah to see how much load can be placed on the individual components, and more importantly, where the individual components start to break down and when performance is dramatically affected.
  • Page 27 All ZENworks Control Center settings used the default; after the 500-device test, retries were boosted to 800/10/20. Three test passes for each test were run (for example, three test runs with 250 devices). All devices were refreshed “simultaneously” (within 30 seconds). The bundles were chained with the first bundle being associated to a device group set to launch on refresh.
  • Page 28 Primary Servers. These are conditions that should not exist in a real-world environment; Novell runs these tests to see when the processes begin to break. A well-designed infrastructure should perform well for you regardless of the load you are placing on the servers.

  • Page 29: Achieving Scalability In The Real World

    3.2.3 Achieving Scalability in the Real World Section 3.2.2, “Load Testing in the Novell SuperLab,” on page 26 discussed testing in the Novell SuperLab to determine the limits of the ZENworks system. Scalability, on the other hand, is achieved through the proper placement of services, a well thought-out design, and the proper configuration of services within the ZENworks Configuration Management system itself.

  • Page 30: Scalability Of Satellite Devices

    A ZENworks Management Zone can scale to 40,000 devices. This has been validated in the SuperLab and is what Novell recommends as the upper limit to the Management Zone size. We also recommend that Primary Servers and the Database Server be on the same network, in the same data center.

  • Page 31: Factors Influencing Scalability

    3.3.2 Load Testing in the Novell SuperLab Novell performed Satellite device scale tests using both server-class and workstation-class operating systems. As with testing that was performed on the Primary Server, the purpose of the tests was to find the point where the systems began to reach their limits.
  • Page 32 The Novell Corporate Configurations Test (CCT) team, using the baseline test of 250 bundles (1 KB file bundles), had the following results: A server operating system (Windows 2003 Enterprise) machine can scale to 1,000 managed devices. A workstation operating system (Windows XP SP3) machine can scale to 250 managed devices.

  • Page 33: Achieving Scalability In The Real World

    The graph illustrates the probable scalability limitations of the Satellite device. Under normal load, and through the use of proper configuration parameters (for example, randomizing distributions and collections) we can comfortably conclude that a Satellite device running on server-class hardware and Windows Server can scale to approximately 1,000 managed devices, and a Satellite device running on workstation-class hardware and Windows XP or Vista can scale to approximately 250 managed devices.

  • Page 34: Scalability, Fault Tolerance, Maintenance, And Sizing Of The Database Server

    Have a dedicated set of Satellite devices for software and patch distributions if the frequency of distributions is high. You want to randomize the distribution of software and avoid massive numbers of devices hitting the Satellite device at the same time. Randomize the refreshes of managed devices at the site with Satellite devices.

  • Page 35: Microsoft Sql Server

    30 percent, an index should be rebuilt. To determine the fragmentation of the indexes in your database, use the dynamic memory view 'sys.dm_db_index_physical_stats'. Novell recommends that rebuilding indexes should be done at least once per week because the clustered indexes will be fragmented over 75 percent within a few days of insert/update activity.

  • Page 36: Oracle

    Here are two examples we have seen reported on a ZENworks Configuration Management installation on SQL Server 2005: Place data and log files on separate drives for database [zenworks_database] on server [server_name] Check database integrity at least every 14 days for database [zenworks_database] on server [server_name] The Best Practices Analyzer tool also indicates that log files and data files should be placed on separate hard drives to improve I/O, thus improving overall performance of the Database Server.

  • Page 37: Virtualization Considerations

    3.4.4 Database Sizing and Performance Considerations As a general rule of thumb, Novell has seen that the database size increases at a rate of approximately 1 GB per one thousand (1,000) devices in the Management Zone. However, this is not the only consideration to make when designing the Database Server. Best practices for fault tolerance, maintenance, and performance need to be considered along with the general calculations for overall database size.

  • Page 38: Ports Used By Zenworks Components

    Stateful Open on the Primary Server LDAP / LDAPS (TCP 389 / TCP 636) Used to transmit directory information between the Primary Server and Directory Server (Novell eDirectory or Microsoft Stateful Active Directory). Open on the Directory Server System Planning, Deployment, and Best Practices Guide...
  • Page 39 Port Description Sybase (TCP 22638) Used for JDBC* communication between Primary Servers and an internal or external Sybase database. Stateful Open on the Database Server SQL (TCP 1433) Used for JDBC communication between Primary Servers and an internal or external Microsoft SQL Server database. Stateful Open on the Database Server Oracle (TCP 1521)

  • Page 40: Network Considerations

    Port Description Agent Management Port (TCP 7628) Communication is between the Primary Server and the Agent. Open on managed devices used to send quick tasks to the managed device Remote Management Proxy Port (5750) Used by the remote management proxy to listen for the incoming remote management requests from the remote management viewer.
  • Page 41 information from managed devices quickly and efficiently. Generally speaking, delivering content across a WAN infrastructure to multiple managed devices is not an efficient use of network resources. The following formula defines how to calculate the maximum amount of data that can be transmitted to a device within a given one-hour period: Available Bandwith (Mbps) x 3600...

  • Page 42: Dns And Dhcp Services

    0.5 Mbps x 3600 = 11.25 MB per device per hour In a one-hour period, it is possible to transmit 11.25 MB to every device at SITE 2 if you use all of the bandwidth available to ZENworks Configuration Management. In this situation, you might not choose to place a Satellite device at this site because the level of bandwidth per device is relatively high.

  • Page 43: Time Synchronization

    For eDirectory customers, we recommend pointing the ZENworks Configuration Management Servers to eDirectory Time Sources via NTP. All clients usually use the same time source via the Novell Client , so the system is synchronized. For all customers, we recommend that a single source be used for synchronization.
  • Page 44 System Planning, Deployment, and Best Practices Guide...

  • Page 45: Performing Design Activities

    Performing Design Activities ® ® The design phase of any project is the most intensive part of any Novell ZENworks Configuration Management deployment or migration. This is where you conduct the most meetings, and identify granular details for the design document and the plan to get ZENworks Configuration Management successfully deployed across the infrastructure.

  • Page 46: Developing A Detailed Design

    Novell. Every intricacy of the design needs to be well documented because this will be a reference during the deployment and long after the deployment is completed.

  • Page 47: Device Folder And Group Structures

    The following sections contain information that should be addressed and documented in detail. These sections cover areas that Novell recommends as best practice when deploying ZENworks Configuration Management across the infrastructure. Section 4.2.1, “Device Folder and Group Structures,” on page 47 Section 4.2.2, “User Sources,”...

  • Page 48: User Sources

    4.2.2 User Sources User-based management requires an authoritative source of user information to govern access privileges, permissions, and configurations. The new architecture allows you link to multiple user directories for this information, including your choice of Active Directory, eDirectory , or both. Linking system management with authoritative user directories ensures that new hires, terminations, internal moves, and other business changes immediately result in the appropriate provisioning, deprovisioning, reconfiguration, and other system management changes.

  • Page 49: Role-Based Administrative Accounts

    If you do not do this, you will not be able to migrate user-based associations (including associations to user groups). You can connect to Novell eDirectory and Microsoft Active Directory for your user sources. After you connect to either of these LDAP directories, you define the containers within the directory that you want exposed.

  • Page 50: Configuration Settings For The Management Zone

    Roles Section in ZENworks Control Center Figure 4-2 4.2.4 Configuration Settings for the Management Zone The Management Zone Settings panel lets you manage the global configuration settings for your Management Zone. These global configuration settings are inherited by other objects (devices, users, and folders) within your Management Zone and remain in effect unless they are overridden at the folder or object level.

  • Page 51: Content Blackout Schedule

    System variables are used to define paths, names, and other items in your system. In addition to the predefined variables, Novell recommends using variables in bundles. This makes it much simpler to create, manage, and deliver applications moving forward. You need to standardize on this early and stay with your standard.

  • Page 52: Content Replication Schedule

    (new content or deleted content). Novell recommends changing the default value (5 Minutes) to at least 30 minutes to protect the system from heavy loads that could lead to utilization issues. This gives you enough time to ensure that content is always up-to-date across all your systems in the Management Zone.

  • Page 53: Device Refresh Schedule

    Remember, the tests Novell performs in the SuperLab are designed to test the breaking point of the components. In the real world, thousands of devices should not regularly contact a server in the Management Zone.

  • Page 54: Device Removal Schedule

    Device Refresh Schedule in ZENworks Control Center Figure 4-8 For more information, see “Device Management Settings” in the ZENworks 10 Configuration Management System Administration Reference. Device Removal Schedule This setting needs to be discussed in detail with the customer during the assessment and design phases to ensure that you are removing devices that should be removed.

  • Page 55: Dynamic Groups Refresh Schedule

    (and accurate) results. For your initial configuration, Novell recommends a daily refresh schedule (All days of the Week). This ensures that the membership lists of the dynamic groups accurately represent what you have registered in the system.
  • Page 56 Closest Server Rules in ZENworks Control Center Figure 4-10 Within each rule, there is a Server list for each function that a ZENworks Primary server performs for the agent (Collection, Configuration, and Content). Each server list is ordered and the devices use this order for failover in case of high server utilization or a server-down scenario.
  • Page 57 Servers can be members of multiple groups and L4 switch definitions. Servers that are members of an L4 switch definition or group are no longer listed at the top level of the server listing. If there are no matching Closest Server Rules for a given device, the managed device falls back to the default Closest Server Rule.

  • Page 58: Client Retries

    Effective Closest Server Rules Figure 4-13 Closest Server Rules can be configured at three levels: Management Zone, Folder and Device. The rules are evaluated on the device first. If no matching rule is found, the device's folder is evaluated. If there is no match on the device or the folder, the Management Zone rules are evaluated. Finally, if the Management Zone Closest Server Rules are not applicable, the default Closest Server Rules are used.

  • Page 59: Inventory Schedules

    “wait out” the busy period. These settings can be overridden on the device or folder level. During Novell testing, retries were set at 60/30/60. A server was never marked as Bad, and all content was delivered. No degradation of performance at the client was observed when the retries were set high.

  • Page 60: Device Discovery

    We recommend using a combination of inventory reporting and the advanced device search function to compare last scan dates with last contact dates, so you can ensure that devices are being scanned according to their schedules. Scan Schedule in ZENworks Control Center Figure 4-15 For more information, see “Inventory...
  • Page 61 Use the ZENworks Migration Wizard to migrate your devices from eDirectory and target them for deployment to avoid discovery of the initial assets that are already part of an existing ZENworks system. Use pilot groups. These tips help you discover assets and roll out the ZENworks Adaptive Agent in a very manageable way, which avoids failures for deployment and installation.

  • Page 62: Adaptive Agent Deployment

    Reference. 4.2.6 Adaptive Agent Deployment Novell ZENworks Configuration Management provides a variety of methods you can use to install the ZENworks Adaptive Agent to devices: Use ZENworks Control Center to deploy the agent from the ZENworks Server to the device.

  • Page 63: Registration Rules And Keys

    Default Deployment Packages The best option for accessing the default deployment packages is through ZENworks Control Center: 1 From the Home page in ZENworks Control Center, click Download ZENworks Tools in the left frame. 2 Download the default package that you require. We recommend using one of the following deployment methods: Use the Deployment task from ZENworks Control Center, after discovering or importing devices.
  • Page 64 The following sections contain more information: “Registration Rules” on page 64 “Registration Keys” on page 64 “Recommendations Regarding Registration” on page 64 “Registration” on page 65 Registration Rules If you don’t want to enter a registration key during deployment, or if you want devices to be automatically added to different folders and groups based on predefined criteria (for example, operating system type, CPU, or IP address), you can use registration rules.
  • Page 65 Registration Section in ZENworks Control Center Figure 4-16 New York City: Registers to folder New York City below USA. France: Registers to folder Paris below France. In combination with dynamic groups that are based on departments, it is possible to manage device registration very easily.

  • Page 66: Remote Management

    Registration in ZENworks Control Center Figure 4-17 For more information, see “Device Management Settings” in the ZENworks 10 Configuration Management System Administration Reference. 4.2.8 Remote Management All guidelines for Remote Management are concerned with the configuration settings for performance and security. “Security”...

  • Page 67: Inventory

    Password-Based Remote Management Authentication In password-based authentication, the remote operator is prompted to enter a password to launch the remote session on the managed device. There are two types of password authentication schemes: ZENworks Password: This scheme is based on the Secure Remote Password (SRP) protocol (version 6a).
  • Page 68 First Scan: The first time the agent is installed and a scan happens. Controlled by the Logins before first scan configuration setting in ZENworks Control Center. This setting should complement the build process of the devices. Recurring Scan: Controlled by the Inventory Scan Schedule. See “Inventory Schedules”...

  • Page 69: Application Management

    The following list provides examples of the types of folders that can be created: Create a folder for software vendors: Microsoft (Office, Internet Explorer, MediaPlayer) Adobe (Reader, Photoshop) SAP (Basis, HR) Novell Create a folder for special applications: Performing Design Activities...
  • Page 70 Database applications Software development Create a folder for tools: Windows tools (WinZip, WinRAR, UltraEdit, and so forth) Create a folder for base images. Create a folder for add-on images. Categorizing application and imaging bundles into separate folders also allows for administrator roles to be created so you can limit the bundles that an administrator can edit or assign to devices.
  • Page 71 Reference. Importing and Exporting Bundles Novell best practice dictates that a new application or change to an existing application in the environment should use a testing phase that does not affect the production network. We recommend that a development zone (DEV-ZONE) be created with its own ZENworks Configuration Management structure that mirrors the production network.
  • Page 72 2 Copy all files related to the application MSI (not all MSI files are self-contained) to the same application export directory. It is possible to place the application MSI is a separate folder; however, the following section of the file bundle_filename_ActionContentInfo.xml needs to be modified to specify the content location: includeAllFilesinSubFolders="false">E:\files\ApplicationX.msi</...
  • Page 73 It can take some time before an application has finished encrypting and injecting its data into the Web server. NetWare You can use the Novell Client (Client32 ) and existing mapped network drives or directly via UNC to provision application data to your managed devices.

  • Page 74: Policy Management

    Recommendation for the Delivery Mechanism Novell recommends using the ZENworks Configuration Management internal delivery mechanism (HTTP) for bundles and policies. Although it might be easier to use other delivery methods you will lose most of the benefits within ZENworks Configuration Management. Some of these benefits...
  • Page 75 To make sure that every device receives the required and effective settings, we recommend that you define the order in which policies are applied. There are four options you can use here, and you need to understand your policy requirements before you make these decisions: Apply device policies first, user policies last (user-assigned policy wins) Apply user policies first, device policies last (device-assigned policy wins) Use only device policies...

  • Page 76: Imaging

    Advantages to Assigning Group Policies through ZENworks Configuration Management With ZENworks Configuration Management, you can use plural group policies, meaning you can layer multiple group policies on top of each other, applying what is referred to as effective policies at the endpoint level. Using ZENworks Configuration Management to do this allows you to handle roaming users effectively, making policies available to end users no matter where they are logging in from.
  • Page 77 The following example shows the configuration requirements for a Foundry Networks ServerIronXL switch that was used for testing purposes in the Novell SuperLab. Other vendor products are similar when it comes to configuration and the parameters used. Refer to vendor documentation for further details.

  • Page 78: Zenworks Systems Update

    4.2.14 ZENworks Systems Update The System Updates feature allows you to obtain updates to the Novell ZENworks 10 Configuration Management software on a timely basis, and also allows you to schedule automatic downloads of the updates.

  • Page 79: Lab Testing And Validation

    Management design fits well within the existing environment. Things to include are: The design of directory services infrastructures, including Novell eDirectory and Microsoft Active Directory. If you can, replicate the directory services in the lab to ensure that the lab environment is isolated from the actual production systems.

  • Page 80: Documentation

    When building your lab, you do not need to build the entire lab with physical hardware. You are not testing the breaking point here. You are testing functionality and whether or not there are any major issues found with the overall design. You should use actual production hardware to test functionality at the device level, but the server infrastructure could be virtualized to save hardware costs.

  • Page 81: Deploying Zenworks Configuration Management

    Deploying ZENworks Configuration Management ® ® Deployment is the final stage of the implementation of Novell ZENworks Configuration Management across your enterprise. If you have planned properly, and documented everything well during your assessment and design phases, this stage of the project should be greatly simplified.

  • Page 82: Pre-Deployment Documentation

    Change Management. Security services groups, they need to be well informed that this is a planned organizational initiative. 5.2 Pre-Deployment Documentation Documentation is key to the success of every aspect of the project, including how you plan to deploy the services and agents. Everyone directly involved in the actual deployment, should have documentation that they can reference at all times, eliminating the chance of error.
  • Page 83 Image objects and image files. Policy objects and applicable policy files (for example, Group Policy files). Imported workstation objects. All associations for application objects and policy packages. The Migration Wizard can be found at the following locations: %zenworks_home%\install\downloads\tools https://servername-zenworks-setup/zenworks-setup/?pageId=tools It is important to note that if you are migrating from an eDirectory infrastructure (for user sources) to an Active Directory environment, you should take advantage of the migration capabilities built into the Migration Wizard for migrating associations.

  • Page 84: Wider Deployment

    Migration Utility. To list such applications for the migration, remove the AppFsRights attribute. For more information on removing attributes, search for the LDAP Attribute Remover article at the ZENworks Cool Solutions Community (http://www.novell.com/ communities/coolsolutions/zenworks). 5.6 Wider Deployment After you have completed the pilot deployments, you can move on to a wider deployment.

  • Page 85: Deployment And Migration Scenarios

    ZENworks Control Center. This simplifies the administrative effort. When deploying ZENworks Configuration Management to a new customer, Novell recommends that you consider the following steps: Section 6.1.1, “Build a Model Office Environment,” on page 85 Section 6.1.2, “Planning,”...

  • Page 86: Discovery And Deployment Methods

    Discovery and Deployment Methods A new ZENworks customer might not have a desktop management solution already in place. In this scenario, the customer needs to try various methods for deploying the ZENworks Adaptive Agent to new machines. ZENworks Configuration Management provides the ability to discover devices via IP or LDAP discovery routines and then to target remote deployments of the agent to these discovery devices.

  • Page 87: Planning

    An important part of any deployment is to identify which devices will be targeted and in which order. Novell recommends that logical groupings be made in the target environment before deploying the product. After ZENworks Adaptive Agents are deployed and represented in the...
  • Page 88 Internal marketing is an important tool to inform end users of IT projects that affect them. This normally comes in the form of intranet postings, internal promotions, posters, and so forth. Novell recommends that customers are encouraged to use these actions to ensure that the deployment process is managed effectively.

  • Page 89: Deployment

    Deploying ZENworks Configuration Management to managed devices is the most important part of any ZENworks project, this is the stage at which end-users’ productivity can become affected. Novell recommends using the following basic steps when deploying the product to a new environment: “Deploy the First ZENworks Primary Server and Database”...
  • Page 90 6. Configure user sources. Configure the link to the chosen user source and ensure that the user objects can be found by browsing the source. For more information, see “User Sources” in the ZENworks 10 Configuration Management System Administration Reference. 7.

  • Page 91: Migrating From A Previous Version Of Zenworks

    Section 6.2.1, “Application Deployment Strategy,” on page 91 Section 6.2.2, “Application and Policy Migration,” on page 92 Section 6.2.3, “Novell eDirectory ,” on page 92 Section 6.2.4, “Repurpose Hardware Used by Previous Zenworks Products,” on page 92 6.2.1 Application Deployment Strategy If a customer already has a mature deployment of ZENworks Desktop Management, it is likely that the customer manages an extensive application repository.

  • Page 92: Application And Policy Migration

    ZENworks 10 Configuration Management ZENworks Migration Guide. 6.2.3 Novell eDirectory If your organization's preferred server and directory platforms are Windows Server and Active Directory, and you're currently using ZENworks middle tier architecture and Identity Manager directory sync, ZENworks Configuration Management makes it possible to eliminate both of these stepping-stone technologies and interact directly with Active Directory for user authentication and content association.

  • Page 93: A Zenworks Services

    ZENworks Services ® ® This section explains some of the Novell ZENworks Configuration Management services in greater detail, and also provides some useful information regarding logging, backing up, and restoring the Certificate Authority. Section A.1, “ZENworks Services,” on page 93 Section A.2, “Useful URLs,”...

  • Page 94: Stopping A Zenworks Service

    To start all services: 1 Enter the following command at the server console prompt: /opt/novell/zenworks/bin/novell-zenworks-configure -c Start A.1.3 Stopping a ZENworks Service To stop a ZENworks service on a Windows Primary Server: 1 Click Start > Administrative Tools > Services.

  • Page 95: Useful Urls

    Used by PXE-enabled devices to check for Service assigned preboot policies and work. ZENworks Preboot Service novell-pbserv Used to provide imaging services to a device. This includes sending and receiving image files, discovering assigned Preboot bundles, acting as session master for multicast imaging, and so forth.

  • Page 96: Installation Directories

    You should specify a different disk drive to be your content repository. This is based on best practices that Novell outlines for ZENworks Configuration Management. In Windows, this is done by mounting the drive. Mounting is simply pointing an existing path to a hard drive partition without the use of mapped drive letters.
  • Page 97 If you do not need any of the content in the existing directory, delete the content-repo directory and re-create it. If the directory is not present in the path given above, create the path and content-repo directory. 3 Click Start, right-click the My Computer icon, then click Manage. You can also click Start, then enter at the Run command line.

  • Page 98: Logging Information

    A.4 Logging Information The Message Logger component of Novell ZENworks 10 Configuration Management lets the other ZENworks components such as zenloader and web services, ZENworks Management Daemon (ZMD), Remote Management, and Policy Enforcers log messages to different output targets. The output targets include the system log, local log, database, SMTP, SNMP trap, and UDP.

  • Page 99: Installation Log File

    On a ZENworks Server, the location of the local log file is: ZENworks Services: Linux: /var/opt/novell/log/zenworks/services-messages.log Windows: novell\zenworks\logs\services-messages.log ZENloader and its modules: Linux: /var/opt/novell/log/zenworks/loader-messages.log Windows: novell\zenworks\logs\loader-messages.log A message is an event that is generated by different components and modules. These events can be exceptions such as errors, warnings, information to a user, or a debug statement for a module.

  • Page 100: Backing Up And Restoring The Zenworks Certificate Authority

    A.5 Backing Up and Restoring the ZENworks Certificate Authority When you install ZENworks Configuration Management for the first time you are prompted to either create an internal Certificate Authority (CA) or provide the appropriate certificate information for an external CA. If you are using the built-in CA, it is important to keep in mind that the CA can be backed up and restored if you require this as part of a set of troubleshooting procedures.

  • Page 101: B The Zenworks Configuration Management Architecture

    The ZENworks Configuration Management Architecture ® ® The following sections are intended to be a reference for the Novell ZENworks Configuration Management architecture and should be used for education purposes. Because the architecture for ZENworks Configuration Management has changed dramatically, it is important to have a better understanding of these changes and how the system components interact now that the new architecture has been introduced to the marketplace.

  • Page 102: Standard Protocols

    Web Services Architecture Figure B-1 database identities file system persistence data model business logic web service Because it is a fully Web-based application, ZENworks Configuration Management uses Web services as the primary mechanism for communications between management servers, managed clients, identity and object stores, and the management console. No proprietary protocols are used. The following sections contain more information: Section B.1.1, “Standard Protocols,”...

  • Page 103: Zenworks Primary Server Architectural Components

    The following graphic illustrates this: ZENworks System Diagram Figure B-2 Relationships Connectivity Primaries Managed Devices Content Satellite Database LDAP Directory Managed Device B.1.2 ZENworks Primary Server Architectural Components A ZENworks Primary Server delivers the back-end infrastructure of ZENworks Configuration Management. The following items are the components of the ZENworks primary server: Apache* Tomcat is a servlet container that provides Web serving, Java servlet hosting, and SSL encryption and authorization.
  • Page 104 The system connects non-disruptively to your identity stores—Active Directory and Novell eDirectory—requiring no changes to your security policies. Because it’s based on more than two years of human factors research and input from users, the user interface works the way you work, so you can be productive almost immediately.

  • Page 105: Agent Architecture

    B.1.3 Agent Architecture The ZENworks Adaptive Agent consists of the following components: “Primary Agent” on page 105 “Core Plug-Ins” on page 105 “Feature-Specific Plug-Ins” on page 105 “Policy Enforcers” on page 105 Primary Agent The primary agent is responsible for maintaining connectivity to the ZENworks Primary Servers and listening for requests from the server.

  • Page 106: Detailed Zenworks Components Diagram

    ZENworks Adaptive Agent Architecture Figure B-4 HTTPS Novell ZENworks Primary Agent Tomcat J2EE Server (novell-zmd) HTTPS on TCP 2544 WSSDK Core Functionality Policy Policy (scheduling, Mgmt Coll Agent Servlet servlet comms, Servlet Servlet caching, etc.) Data Model GroupPol Handler Handler .NET Famework 2.0...
  • Page 107 ZENworks Configuration Management Architecture Figure B-5 Primary Agent Configuration Report Definition Database Refresh Manager Session Manager File Service Handler Common UI Tomcat System Requirements BOE Report Report Scheduled Events Server SOAP HTTP Post Message Logging HTTP Post Status Logging Settings Service Settings Assignment Service Assignment Manager...
  • Page 108 108 System Planning, Deployment, and Best Practices Guide...

  • Page 109: Java Memory Allocation

    ZENworks Configuration Management has different parameters that can be tuned for increased bundle delivery performance. Novell has conducted extensive testing to provide default parameters in ZENworks Configuration Management that provide the best performance for the greatest number of customers. This section should assist customers who need to tune the product to their specific environments.

  • Page 110: Threads

    Windows: Run from the Run line, then click the Java tab. ZENserverw ZENloaderw Linux: Edit /etc/init.d/novell-zenserver /opt/novell/zenworks/bin/ zenloader C.2 Threads Tomcat uses HTTP and HTTPS threads to service incoming and outgoing requests. HTTP threads are used for servicing content. Because the content is already encrypted, there is no need to send it securely.

  • Page 111: Client Retries

    64-bit JVM into ZENworks Configuration Management, these recommendations might be revised. Novell recommends keeping the HTTPS threads at the default of 200. HTTP threads can be increased up to 350 without seeing performance degradation. By increasing threads, client retries can be reduced while keeping the overall execution time the same.
  • Page 112 112 System Planning, Deployment, and Best Practices Guide...

  • Page 113: D Reference Materials

    Reference Materials ® This section contains references to useful information that is found online at the Novell Web site, as well as information that you can use to create your own Business Requirements and Technical Requirements surveys. The following sections contain more information: Section D.1, “Online Documentation,”...
  • Page 114 4. How many total devices do you want to manage? What types of devices (laptops, desktops, handhelds)? What platforms are they? 5. In terms of your people and locations, please provide some metrics for the following: How many data centers do you operate? Where are they specifically? What are the size breakdowns of your remote, typically lower bandwidth locations (for example, 10-50 users, 50-250 users, 250-1,000 users, etc.)? What is the bandwidth to your data center and to your remote locations? Best case? Worse...

  • Page 115: Sample Technical Requirements Survey Questions

    10. How do roaming users access your corporate infrastructure from remote locations (VPN, Access Management, etc.)? 11. Which directory services technologies do you have in place (Novell eDirectory , Microsoft Active Directory, Sun Directory Services, etc.)? Are you able to provide diagrams that show...

  • Page 116: Extended Port Chart Including Port Usage

    Desktop policy management Desktop and server OS provisioning Patch management Hardware inventory collection Software inventory collection Reporting License compliance Usage tracking Contract management Remote control Other forms of remote diagnostics Thin-client solutions Application virtualization Other forms of advanced scripting capabilities Homegrown processes (provide as much detail as possible on each of the homegrown applications you are currently using for systems management) 14.
  • Page 117 LDAP / LDAPS Used to transmit directory information between the Primary Server and (TCP 389 / TCP 636) Directory Server (Novell eDirectory or Microsoft Active Directory). Stateful Sybase (TCP 22638) Used for JDBC communication between Primary Servers and an Stateful internal or external Sybase database.
  • Page 118 Port Description MD DD Used for JDBC communication between Primary Servers and an (TCP 1433) internal or external Microsoft SQL Server database. Stateful Oracle Used for JDBC communication between Primary Servers and an (TCP 1521) internal or external Oracle database. Stateful ZENworks VNC Allows remote control and other remote...

This manual is also suitable for:

Zenworks 10 configuration management sp3

Table of Contents