1. Manuals
  2. Brands
  3. Novell Manuals
  4. Software
  5. ZENWORKS ENDPOINT SECURITY MANAGEMENT 3.5
  6. Installation manual

Novell ZENWORKS ENDPOINT SECURITY MANAGEMENT 3.5 Installation Manual

Hide thumbs Also See for ZENWORKS ENDPOINT SECURITY MANAGEMENT 3.5:
Table of Contents

Advertisement

Quick Links

Download this manual See also: Administration Manual, Manual
AUTHORIZED DOCUMENTATION
Installation Guide
Novell
®
ZENworks
Endpoint Security Management
®
3.5
July 31, 2009
www.novell.com
ZENworks Endpoint Security Management Installation Guide

Advertisement

Table of Contents
loading

Related Manuals for Novell ZENWORKS ENDPOINT SECURITY MANAGEMENT 3.5

Summary of Contents for Novell ZENWORKS ENDPOINT SECURITY MANAGEMENT 3.5

  • Page 1 AUTHORIZED DOCUMENTATION Installation Guide Novell ® ZENworks Endpoint Security Management ® July 31, 2009 www.novell.com ZENworks Endpoint Security Management Installation Guide...
  • Page 2 Further, Novell, Inc., reserves the right to make changes to any and all parts of Novell software, at any time, without any obligation to notify any person or entity of such changes.
  • Page 3 Novell Trademarks For Novell trademarks, see the Novell Trademark and Service Mark list (http://www.novell.com/company/legal/ trademarks/tmlist.html). Third-Party Materials All third-party trademarks are the property of their respective owners.
  • Page 4 ZENworks Endpoint Security Management Installation Guide...

  • Page 5: Table Of Contents

    Contents About This Guide 1 ZENworks Endpoint Security Management Overview System Requirements ............10 About the ZENworks Endpoint Security Management Manuals.
  • Page 6 8 Endpoint Security Client 3.5 Installation Basic Endpoint Security Client 3.5 Installation ........55 MSI Installation.

  • Page 7: About This Guide

    We want to hear your comments and suggestions about this manual and the other documentation included with this product. Please use the User Comments feature at the bottom of each page of the online documentation, or go to the Novell Documentation Feedback site (http://www.novell.com/ documentation/feedback.html) and enter your comments there.
  • Page 8 ZENworks Endpoint Security Management Installation Guide...

  • Page 9: Zenworks Endpoint Security Management Overview

    ZENworks Endpoint Security Management Overview ® ® Novell ZENworks Endpoint Security Management consists of four high-level functional components: the Policy Distribution Service, the Management Service, the Management Console, and the Endpoint Security Client. The figure below shows these components in the architecture:...

  • Page 10: System Requirements

    1.1 System Requirements Server Requirements Table 1-1 Item Requirement Operating System Microsoft* Windows* 2003 Server (32-bit) Processor Determined by operating system Disk Space 500 MB if the Microsoft SQL database is not installed locally 5 GB if the Microsoft SQL database is local; a SCSI drive is recommended Software One of the following relational database management systems...

  • Page 11: About The Zenworks Endpoint Security Management Manuals

    1.2 About the ZENworks Endpoint Security Management Manuals The ZENworks Endpoint Security Management manuals provide three levels of guidance for the users of the product. Installation Guide: This guide provides complete installation instructions for the ZENworks Endpoint Security Management components and assists administrators in getting those components up and running.
  • Page 12 ZENworks Endpoint Security Management Installation Guide...

  • Page 13: Installing Zenworks Endpoint Security Management

    Installing ZENworks Endpoint Security Management ® ® The following sections contain additional information about installing Novell ZENworks Endpoint Security Management: Section 2.1, “Pre-installation Information,” on page 13 Section 2.2, “Installation Packages,” on page 13 Section 2.3, “Installation Options,” on page 14 Section 2.4, “Installation Order,”...

  • Page 14: Installation Options

    Server or Multi-Server installations. Single-Server installations are ideal for small deployments that do not require regular policy updates. Multi-Server installations are ideal for large deployments that require regular policy updates. Consult with Novell Professional Services to determine which installation type is right for you.
  • Page 15 The following RDBMS types are allowed: SQL Server 2005 and 2008 Standard SQL Server 2005 and 2008 Enterprise Microsoft SQL Server 2000 SP4 If you are using Microsoft SQL Server 2005 or Microsoft SQL Server 2008, you need to configure your SQL server to support ZENworks Endpoint Security Management.
  • Page 16 4 Select Security, then make sure that Server Authentication is set to SQL Server and Windows Authentication mode. 5 Click OK, then exit Management Studio. 6 Launch SQL Server Configuration Manager (Start menu > All Programs > Microsoft SQL Server 2005 (or 2008) > Configuration Tools > SQL Server Configuration Manager). 7 Expand the SQL Server Network Configuration section, select Protocols for MSSQLSERVER (where MSSQLSERVER is your server), then make sure that TCP/IP is enabled as shown below.
  • Page 17 8 Expand the SQL Native Client Configuration section, select Client Protocols, then make sure that TCP/IP is enabled as shown below. 9 Exit SQL Server Configuration Manager. Installing ZENworks Endpoint Security Management...

  • Page 18: Chapter 3, "Performing A Single-Server Installation," On

    Microsoft Web site. For evaluations or small deployments (fewer than 100 users), you can use ZENworks Endpoint Security Management self-signed certificates. Novell SSL Certificates are installed onto the servers when running the typical installation. How will you deploy your Endpoint Security Clients? The Endpoint Security Client software can be deployed either individually onto each endpoint or through an MSI push.

  • Page 19: Performing A Single-Server Installation

    Performing a Single-Server Installation ® ZENworks Endpoint Security Management Single-Server Installation (SSI) allows both the Policy Distribution Service and the Management Service to co-exist on the same server, which is not possible without using this installation option. The server must be deployed inside the firewall for security purposes, requiring users to receive policy updates only when they are inside the corporate infrastructure or connected via a VPN.

  • Page 20: Installation Steps

    NETBIOS or FQDN) matches the Issued to value for the certificate configured in IIS. If you are using your own certificates or have already installed the Novell Self Signed Certificate, you can validate SSL as well by trying the following URL from a machine that has...

  • Page 21: Starting The Service

    3.2 Starting the Service The combined Distribution and Management Service launches immediately following installation, with no reboot of the server required. The Management Console is used to manage both the Distribution and Management Services using the Configuration feature. For more information, see ZENworks Endpoint Security Management Administration Guide.
  • Page 22 ZENworks Endpoint Security Management Installation Guide...

  • Page 23: Performing A Multi-Server Installation

    Performing a Multi-Server Installation Multi-Server installation is recommended for large deployments or when the Policy Distribution Service should be placed outside the corporate firewall to ensure that users receive regular policy updates when they are outside the perimeter. Multi-Server installation must be done on at least two separate servers.
  • Page 24 ZENworks Endpoint Security Management Installation Guide...

  • Page 25: Performing The Policy Distribution Service Installation

    Performing the Policy Distribution Service Installation ® The server hosting the ZENworks Endpoint Security Management Policy Distribution Service should always be reachable by your users, whether within the network or out in the DMZ. Ensure that the required software is installed on the server prior to installation (see “System Requirements”...

  • Page 26: Installation Steps

    (valid data may be "Page under Construction"). Any certificate warnings must be resolved before installation, unless you opt to use Novell Self Signed Certificates instead. Ensure access to a supported RDBMS (Microsoft SQL Server 2000 SP4, SQL Server Standard, SQL Server Enterprise, SQL Server 2005).

  • Page 27: Typical Installation

    STDSDB. The three SQL database files (data, index, and log) are placed in: \Program Files\Microsoft SQL Server\mssql\Data 1 Novell SSL Certificates are created for the installation. If you want to use your own SSL certificates, use Custom Installation. These certificates must be distributed to all users.
  • Page 28 2 The installer detects the available SQL databases on the machine and network. Select a secured SQL database for the Policy Distribution Service and enter the database administrator's name and password (if the password is zero characters, the installer warns of the potential security issue).

  • Page 29: Custom Installation

    A custom installation displays the defaults used in the typical installation and permits the administrator to specify, or browse to, a different directory to place the software files. The administrator can select either to install a Novell self-signed SSL certificate or use one of their own.
  • Page 30 Setup Trusted Root Figure 5-5 2 The installer detects the available SQL databases on the machine and network. Select the secured SQL database for the Policy Distribution Service and enter the database administrator's name and password (if the password is zero characters, the installer warns of the potential security issue).
  • Page 31 4 Specify the password for the Policy Distribution Service agent. This is the username and password the service uses to log in to its SQL database. Distribution Service SQL Password Figure 5-7 5 Specify the Policy Distribution Service domain name. This must be the fully qualified domain name if the server resides outside the corporate firewall.

  • Page 32: Starting The Service

    This contains a ESM Setup Files Setup file and the file (Novell self-signing SSL certificate, if selected) required by ESM-DS.cer the Management Service. Use Browse to designate where this file should be saved on the server (default = installation directory).

  • Page 33: Performing The Management Service Installation

    Performing the Management Service Installation The Management Service should be installed on a secure server behind the firewall, and it cannot share the same server as the Policy Distribution Service (with the exception of a single server installation, see Chapter 3, “Performing a Single-Server Installation,” on page 19).

  • Page 34: Installation Steps

    Issued to value for the certificate configured in IIS. If you are using your own certificates, or you have already installed the Novell Self Signed Certificate, you can validate SSL as well by trying the following URL from a machine that has...

  • Page 35: Typical Installation

    6.1.1 Typical Installation A typical installation places the Management Service software files in the default directory: . The SQL database name is assigned as \Program Files\Novell\ESM Management Service STMSDB. The three SQL database files (data, index, and log) are placed in: \Program...
  • Page 36 2 Specify the name of the server to host the Management Service. Enter MS Server Name Figure 6-3 3 Novell SSL Certificates are created for the installation. If you want to use your own SSL certificates, perform a Custom Installation. These certificates must be distributed to all users.
  • Page 37 4 The installer detects the available SQL databases on the machine and network. Select the SQL database for the Management Service and specify the database administrator's username and password (if the password is zero characters, the installer warns of the potential security issue). The username and password cannot be a domain user;...
  • Page 38 License file for more details). If you have not yet purchased a ZENworks Endpoint Security Management license, select 60-Day Evaluation License to continue. Browse for Novell License File Figure 6-6 7 At the Copy Files screen, click Next, to begin the installation.

  • Page 39: Custom Installation

    2 Select the SSL Certificate type used for the Policy Distribution Service installation. If you used your existing (enterprise) certificate authority, click The Novell Distribution Service Used a certificate IIS was already configured with. If the Distribution Service installer created a Novell certificate, click The Novell Distribution Service installed a Novell self signed root certificate.
  • Page 40 Endpoint Security Clients. If you already have a certificate authority, click Use the existing certificate IIS is configured for.If you need a certificate, click Allow Novell to create, install, and use its own self-signed root certificate. The installer creates the certificates and the signing authority.
  • Page 41 Select MS SQL Database Figure 6-10 7 Set the database name (default is entered as STMSDB). 8 Select the SQL database for the Reporting Service and specify the database administrator's password for that database. Select Reporting Service Database Figure 6-11 9 Set the database name (default is entered as STRSDB) 10 If ZENworks Endpoint Security Management has already been purchased, a separate license file is provided.
  • Page 42 Browse for Novell License File Figure 6-12 11 At the Copy Files screen, click Next to begin the installation. 12 Select the file paths for the Management Service database’s data, index, and log files. 13 Select the file paths for the Reporting Service database’s data, index, and log files.

  • Page 43: Starting The Service

    The Management Console is used to manage the data on the Management Service (see the ZENworks Endpoint Security Management Administration Guide). Novell recommends installing the Management Console on this server. If you are installing the Management Console on a separate machine, copy the directory, either via a...
  • Page 44 ZENworks Endpoint Security Management Installation Guide...

  • Page 45: Performing The Management Console Installation

    Performing the Management Console Installation The Management Console can be installed on the Management Service server or on a secure PC that has direct communication with the Management Service server. Multiple Management Console installations can be configured to communicate with a single Management Service; however, it is highly recommended that access to the Management Console be limited to select users.

  • Page 46: Typical Installation

    A typical installation uses all the default server and SSL information contained in the file and uses the default directory: STInstParam.id \Program Files\Novell\ESM Management . No additional selections need to be made for Management Console installation, providing Console directory is on the machine.
  • Page 47 Enter Distribution Service Host Name Figure 7-2 2 Specify the Management Service hostname. 3 Specify the Management Service SQL database hostname. 4 Specify the Management Service SQL database name. Enter MS SQL database name Figure 7-3 Performing the Management Console Installation...
  • Page 48 Figure 7-4 7 Select the directory where the Management Console is installed. The default location is \Program Files\Novell\ESM Management Console After you install ZENworks Endpoint Security Management, you must create and configure a directory service before you can start managing devices in your system.

  • Page 49: Starting The Console

    7.2 Starting the Console To launch the Management Console login window, click Start > All Programs > Novell > ESM Management Console > Management Console. Log in to the Management Console by entering the administrator name and password. Before you can enter the username and password, you must be connected to the directory service's domain (see Section 7.2.1, “Adding eDirectory Services,”...

  • Page 50: Configuring The Management Console's Permissions Settings

    5 Uncheck Secure Authentication in the Service Connection options. 6 Specify the Account name using LDAP format. For example, in "cn=admin,o=acmeserver" cn is the user and o is the object where the user account is stored. 7 Specify the password for the account. NOTE: The password should be set to not expire and this account should never be disabled.
  • Page 51 After the Management Console is installed, all user groups within the domain are granted full permissions. The resource user should remove permissions from all but the groups and users who should have access. The resource user can set additional permissions for the designated users. The permissions granted have the following results: Management Console Access: The user can view policies and components, and edit existing policies.
  • Page 52 2 (Optional) To load users and new groups to this list: 2a Click the Add button on the bottom of the screen to display the Organization table. Permission Settings Organization Table Figure 7-9 2b Select the appropriate users and groups from the list. Use the Ctrl or Shift keys to select multiple users.
  • Page 53 Publish To Settings Figure 7-10 3 To assign users and groups to this user or group: 3a Click the Add button on the bottom of the screen to display the Organization table. 3b Select the appropriate users and groups from the list. Use the Ctrl and Shift keys to select multiple users.

  • Page 54: Publishing A Policy

    7.2.3 Publishing a Policy To Publish a security policy with the default settings: 1 Click Create New Policy. 2 Specify a name for the policy, then click Create. 3 Save the policy, then click the Publish tab. 4 Because Endpoint Security Client users must check in to display in the tree, select the top of the tree on the left, then double-click to populate the publishing field with all current groups and users.

  • Page 55: Endpoint Security Client 3.5 Installation

    Endpoint Security Client 3.5 Installation Use the Novell ZENworks Endpoint Security Client 3.5 for Windows XP (SP1 and SP2) and Windows 2000 SP4 clients. Click the appropriate ZENworks Security Client installer from the Installation Interface menu. The Endpoint Security Client installation begins. The following pages outline the installation process for both Basic and MSI installation.
  • Page 56 Uninstall Password Figure 8-1 4 Select how policies will be received (from Distribution Service for managed clients or retrieved locally for an unmanaged configuration [see Chapter 10, “ZENworks Endpoint Security Management Unmanaged Installation,” on page 71 for unmanaged details]). Management Settings Figure 8-2 5 Specify the Management Service information.

  • Page 57: Msi Installation

    This automatically installs the certificate onto the setup.exe machine (for example, for all users). This process can also be done with the Novell license. file. 8.2 MSI Installation This procedure creates a MSI Package for the Endpoint Security Client 3.5. This package is used by a system administrator to publish the installation to a group of users via an Active Directory policy, or through other software distribution methods.
  • Page 58 9 Copy the Management Service SSL certificate ( , or the enterprise certificate) and ESM-MS.cer the Novell License Key into this folder, replacing the default 0 KB files currently in the folder. The ESM-MS SSL certificate is available in the ZENworks Endpoint Security folder.
  • Page 59 Replace the Default Files in the MSI Package Figure 8-5 To set the MSI package to be pushed down to user groups like a Group Policy: 1 Open Administrative Tools - Active Directory Users and Computers, and open either Root Domain or OU Properties.

  • Page 60: Command-Line Variables

    /a /V"STDRV=stateful STBGL=1" Endpoint Security Client 3.5 will boot in All Stateful with strict white-listing enforced. NOTE: Booting in stateful can cause some interoperability issues (DHCP address delays, Novell network interop issues, and so forth). The following command line variables are available:...

  • Page 61: Distributing A Policy With The Msi Package

    Command Line Variable Description Notes STRBR=ReallySuppress No reboot after install completes. Security enforcement and client self defense are not fully functional until after the first reboot. STBGL=1 Strict white list enforcement on A policy MUST be created that application control. identifies the application on the white list, and distributed with this policy.

  • Page 62: User Installation Of The Endpoint Security Client 3.5 From Msi

    3 Open the folder the policy was exported into and copy the files. policy.sen setup.sen 4 Browse to the created MSI image and open the "\program files\Novell\ZENworks folder. Security Client\" 5 Paste the files into the folder. This will replace the default policy.sen...

  • Page 63: Endpoint Security Client 4.0 Installation

    The Endpoint Security Client 4.0 software can be installed on Windows Vista running Support Pack 1. Novell recommends that antivirus/spyware software that is interacting with valid registry functions be shut down during the installation of the Endpoint Security Client 4.0.
  • Page 64 Select the appropriate ZENworks Security Client installer directory from the Installation Interface menu. 1 Double-click to begin the installation process. Setup.exe 2 Choose the language you want for this installation, then click OK. Language choices include: Chinese Simplified Chinese Traditional English (the default) French German...
  • Page 65 7 Add an uninstall password and confirm the password, then click Next. 8 Select a policy type (either a User Based Policy, where each user has an individual policy, or a Computer Based Policy, where one policy is used for all users). Click Next. NOTE: Select User Based Policy if your network uses eDirectory as its Directory Service.

  • Page 66: Msi Installation

    9 Select how policies are to be received (managed through ESM servers for managed clients or retrieved locally for an unmanaged (standalone) configuration. Click Next. For details about an unmanaged installation, see Chapter 10, “ZENworks Endpoint Security Management Unmanaged Installation,” on page 10 (Optional) If you selected Manage through ESM servers in Step 9, type the name of the server...

  • Page 67: Completing The Installation

    3 Right-click the shortcut, then click Properties. 4 At the end of the Target field, after the quotes, press the Spacebar once to insert a space, then type For example: “ C:\Documents and Settings\euser\Desktop\CL-Release- 3.2.455\setup.exe" /a Several command line variables are available for MSI installation. See Section 8.2.1, “Command-line Variables,”...

  • Page 68: Command Line Variables

    10 Copy the Management Service SSL certificate ( , or the enterprise certificate) and ESM-MS.cer the Novell license key into this folder, replacing the default 0 KB files currently in the folder. The ESM-MS SSL certificate is available in the ZENworks Endpoint Security folder.

  • Page 69: Distributing A Policy With The Msi Package

    Command Line Variable Description Notes STRBR=ReallySuppress No reboot after the install completes. Security enforcement and client self defense are not fully functional until after the first reboot. STUPGRADE=1 Upgrade the Endpoint Security Client Upgrades the Endpoint Security 4.0. Client 4.0. STUNINSTALL=1 Uninstall the Endpoint Security Client Uninstalls the Endpoint Security...

  • Page 70: Running The Endpoint Security Client 4.0

    4 Browse to the created MSI image and open the \Program Files\Novell folder. ZENworks\Endpoint Security Client\ 5 Paste the files into the folder. This will replace the default policy.sen setup.sen files. policy.sen setup.sen 9.3 Running the Endpoint Security Client 4.0 The Endpoint Security Client 4.0 runs automatically at system startup.

  • Page 71: Zenworks Endpoint Security Management Unmanaged Installation

    ZENworks Endpoint Security Management Unmanaged Installation ® An enterprise can run the ZENworks Security Client and Management Console in an Unmanaged mode (without connection to the Policy Distribution Service, or the Management Service). This is available as an installation option, primarily intended for setting up simple evaluations. This option is also ideal for enterprises with little or no server space, or with basic security needs.

  • Page 72: Distributing Unmanaged Policies

    Management Console, and placed in the setup.sen directory. \Program Files\Novell\ESM Management Console\ 2 Create a policy in the Management Console (for more information, see the ZENworks Endpoint Security Management Administration Guide).

  • Page 73: Upgrading

    Upgrading To upgrade your software from one release to another, complete the following process: 1 Export all policies. For instructions, see “Exporting a Policy” in the ZENworks Endpoint Security Management Administration Guide. 2 Export all encryption keys. For instructions, see “Managing Keys”...
  • Page 74 ZENworks Endpoint Security Management Installation Guide...

  • Page 75: A Documentation Updates

    Documentation Updates This section contains information on documentation content changes that were made in this Novell ZENworks Endpoint Security Management Installation Guide after its initial release for version 3.5. The changes are listed according to the date they were published.
  • Page 76 ZENworks Endpoint Security Management Installation Guide...

Table of Contents