1. Manuals
  2. Brands
  3. Novell Manuals
  4. Software
  5. ZENWORKS NETWORK ACCESS CONTROL 5.0 - INSTALLATION GUIDE...
  6. Installation manual

Novell ZENWORKS NETWORK ACCESS CONTROL 5.0 - INSTALLATION GUIDE 09-22-2008 Installation Manual

Hide thumbs
Table of Contents

Advertisement

Quick Links

Download this manual
AUTHORIZED DOCUMENTATION
Installation Guide
Novell
®
ZENworks
Network Access Control
®
5.0
September 22, 2008
www.novell.com
Novell ZENworks Network Access Control Installation Guide

Advertisement

Table of Contents
loading

Related Manuals for Novell ZENWORKS NETWORK ACCESS CONTROL 5.0 - INSTALLATION GUIDE 09-22-2008

Summary of Contents for Novell ZENWORKS NETWORK ACCESS CONTROL 5.0 - INSTALLATION GUIDE 09-22-2008

  • Page 1 AUTHORIZED DOCUMENTATION Installation Guide Novell ® ZENworks Network Access Control ® September 22, 2008 www.novell.com Novell ZENworks Network Access Control Installation Guide...
  • Page 2 Further, Novell, Inc., reserves the right to make changes to any and all parts of Novell software, at any time, without any obligation to notify any person or entity of such changes.
  • Page 3 All third-party trademarks are the property of their respective owners. This Novell software product includes open-source software components. Novell conforms to the terms and conditions that govern the use of the open source components included in this product. Users of this product have the right to access the open source code and view all applicable terms and conditions governing opens source component usage.
  • Page 4 Novell ZENworks Network Access Control Installation Guide...

  • Page 5: Table Of Contents

    1 Deployment Flexibility Deploying Novell ZENworks Network Access Control Inline ......11 Deploying Novell ZENworks Network Access Control Using DHCP ....12 Deploying Novell ZENworks Network Access Control Using 802.1X.
  • Page 6 Test Exceptions ............64 Novell ZENworks Network Access Control Installation Guide...

  • Page 7: What You Need To Get Started

    Chapter 3, “Installing Novell ZENworks Network Access Control,” on page 31 This Installation Guide helps you install and set up Novell ZENworks Network Access Control. The Novell ZENworks Network Access Control Users Guide (available on the CD in the /docs directory and through the online help links in Novell ZENworks Network Access Control) provides Novell ZENworks Network Access Control configuration information and task-based instructions.
  • Page 8 Novell ZENworks Network Access Control Installation Guide...

  • Page 9: Deployment Flexibility

    The Novell ZENworks Network Access Control ESs detect and test endpoints on the network for compliance. You can deploy each Novell ZENworks Network Access Control cluster in one of the following configurations: Inline —...
  • Page 10 The following figures illustrate various deployment methods: Single-server Installation, Quarantine Method, Inline Figure 1-1 Multiple-server Installation, Quarantine Method, Inline Figure 1-2 Single-server Installation, Quarantine Method, DHCP, Flat Network Figure 1-3 Novell ZENworks Network Access Control Installation Guide...

  • Page 11: Deploying Novell Zenworks Network Access Control Inline

    Access Control allows network access to only successfully tested endpoints (or when there is a grace period for failed tests). When a test or tests pass, Novell ZENworks Network Access Control inserts rules into the onboard firewall to allow all traffic from the endpoint. Novell ZENworks Network Access Control uses a proprietary method to uniquely identify each endpoint as it connects to the network, and does not install cookies or software on the end-user’s endpoint.

  • Page 12: Deploying Novell Zenworks Network Access Control Using Dhcp

    When you configure Novell ZENworks Network Access Control with a DHCP quarantine area, the Novell ZENworks Network Access Control ES must sit inline with your DHCP server. If this is not possible, you must configure a remote host for Device Activity Capture (DAC) as described in the User’s Guide, Remote Device Activity Capture with a quarantined endpoint, the ES responds to the...
  • Page 13 The following figure shows an example installation scenario for a simple (one LAN) setup with enforcement using ACLs on a router: Single-server Installation, DHCP Mode, Simple Example Figure 1-5 Deployment Flexibility...
  • Page 14 The following figure shows an example installation scenario for a complex (multiple LAN) setup with enforcement using ACLs on a router: Single-server Installation, DHCP Mode, Complex Example Figure 1-6 Novell ZENworks Network Access Control Installation Guide...

  • Page 15: Deploying Novell Zenworks Network Access Control Using 802.1X

    Figure 1-8 on page 16): 1 Use the built-in Novell ZENworks Network Access Control RADIUS server to proxy to any other RADIUS server. In this configuration, the switch performs the 802.1X authentication against the Novell ZENworks Network Access Control RADIUS server, which proxies the request to another RADIUS server.
  • Page 16 TIP: If the ES cannot see traffic on a mirrored port on a switch, you must configure a remote host for Device Activity Capture (DAC) as described in the User’s Guide, Remote Device Activity Capture. A sample deployment is shown in the following figure: 802.1X Enforcement Figure 1-8 Novell ZENworks Network Access Control Installation Guide...

  • Page 17: Installing The Network Interface Cards

    1.4.1 Inline The inline installation of Novell ZENworks Network Access Control, where the MS and ES are installed on a single server, requires two network interface cards (NICs) installed for Novell ZENworks Network Access Control to operate properly.

  • Page 18: 802.1X

    1 After installing Novell ZENworks Network Access Control, plug an Ethernet cable into only one of the interfaces. 2 Log into the Novell ZENworks Network Access Control MS as root and enter one of the following commands: 2a ethtool eth0...

  • Page 19: Deploying Novell Zenworks Network Access Control In Vpn Mode On A Different Network

    VPN clients, no modifications need be made. However, problems can arise if the following conditions are all true: Novell ZENworks Network Access Control is in a different logical subnet than that used by the VPN concentrator OR the VPN client endpoints.
  • Page 20 Novell ZENworks Network Access Control and the VPN concentrator itself are on the 10.1.90.0/24 subnet. Both Novell ZENworks Network Access Control and the VPN concentrator have a default route set through 10.1.90.254 which is a router or Layer 3 switch on the LAN (eth0) side of Novell ZENworks Network Access Control.
  • Page 21 2 Open the following file with a text editor, such as vi. /etc/rc.local 3 Add something like the following: # explicit routes for VPN subnets should go to the VPN router, # not the default gateway /sbin/route add -net 10.1.105.0/24 gw 10.1.90.131 Where, for other network configurations or additional VPN profiles you need to add routes appropriate to the subnet or subnets involved.
  • Page 22 Novell ZENworks Network Access Control Installation Guide...

  • Page 23: System Requirements

    Section 2.1, “General System Requirements,” on page 23 Section 2.2, “Important Browser Settings,” on page 24 2.1 General System Requirements ® ® The following hardware and software is required to install and operate Novell ZENworks Network Access Control. ZENworks Network Access Control System Requirements Table 2-1...

  • Page 24: Important Browser Settings

    Novell ZENworks Network Access Control server. To allow pop-up windows in Internet Explorer: Internet Explorer browser>>Tools>>Pop-up blocker>>Pop-up blocker settings 1 Enter the IP address or partial IP address of the Novell ZENworks Network Access Control Novell ZENworks Network Access Control Installation Guide...

  • Page 25: Active Content

    Mozilla browser>>Edit>>Preferences>>Privacy & Security>>Popup Windows 1 Select the Block unrequested popup windows check box. 2 Click Allowed sites. 3 Enter the IP address or partial IP address of the Novell ZENworks Network Access Control 4 Click Add. 5 Click OK.

  • Page 26: Minimum Font Size

    3 Click OK. 2.2.3 Minimum Font Size In order to properly display the Novell ZENworks Network Access Control user interface, do not specify the minimum font size. To clear the Internet Explorer minimum font size: IE browser>>Tools>>Internet options>>General tab>>Accessibility button 1 Make sure all of the check boxes are cleared on this window.

  • Page 27: Page Caching

    2 Click OK. 3 Click OK. To clear the Mozilla minimum font size: Mozilla browser>>Edit>>Preferences>>Appearance>>Fonts 1 Select None from the Minimum font size drop-down list. 2 Click OK. To clear the Windows or Linux Firefox minimum font size: Firefox browser>>Tools>>Options>>Content>>Fonts & Colors, Advanced 1 Select None in the Minimum font size drop-down list.

  • Page 28: Temporary Files

    4 Click Clear Now. 5 Click OK. To delete temporary files in Mac Firefox: Firefox menu>>Preferences>>Privacy 1 In the Private Data area, click Settings. The Clear Private Data window appears. 2 Select the Cache check box. Novell ZENworks Network Access Control Installation Guide...
  • Page 29 3 Click OK. 4 Click Clear Now. 5 Close the Privacy window. System Requirements...
  • Page 30 Novell ZENworks Network Access Control Installation Guide...

  • Page 31: Installing Novell Zenworks Network Access Control

    For first-time installations, use the install CD. Create an install CD from an International Organization for Standardization (ISO) image downloaded from the Novell Web site, or request one from Novell. The installation process loads both the Novell ZENworks Network Access Control application and the custom, hardened operating system (OS) on which Novell ZENworks Network Access Control runs.

  • Page 32: Creating The Installation Cd From The Novell Zenworks Network Access Control Download

    Section 3.1.2, “Creating the Installation CD from the Novell ZENworks Network Access Control Download,” on page 32), and then you can use that CD to install the Novell ZENworks Network Access Control software (see Section 3.1.3, “Installing Novell ZENworks Network Access Control,”...

  • Page 33: Installing Novell Zenworks Network Access Control

    When you install the Novell ZENworks Network Access Control software for the first time, you need to put the Novell ZENworks Network Access Control CD directly into the computer that will be the Novell ZENworks Network Access Control server (MS or ES). You cannot install any other software on this computer.
  • Page 34 Access Control v5.0 Users Guide). Locating and Verifying Server Hardware To verify the server requirements: 1 Locate the computer you will be using for the Novell ZENworks Network Access Control server. 2 Verify that this computer has the following: 2a Processor — Pentium 4 Linux —...
  • Page 35 For example: 255.255.0.0. Default gateway IP address — The IP address of your Internet connection—the IP address of the network endpoint that knows how to route packets outside of your local network. For example 10.0.16.1. Installing Novell ZENworks Network Access Control...
  • Page 36 Novell ZENworks Network Access Control server root password — The passwords you give to your Novell ZENworks Network Access Control servers (MS and ESs) when logging in as the root user. Note: This is not the Novell ZENworks Network Access Control user interface administrator password.
  • Page 37 — This is the default option that works on most systems. noacpi — If your system hangs shortly after install is entered, use this option which disables the [Advanced Configuration and Power Interface (ACPI)] allowing the Novell ZENworks Network Access Control system to use the chroot command.
  • Page 38 TIP: Use the [Tab], [spacebar], and [Enter] keys to navigate between fields and make selections on the install screens. 6 On the Network Configuration for eth0 screen, enter the IP address of the Novell ZENworks Network Access Control MS/ES installation, as shown in Figure 3-3 on page The Netmask value is prepopulated;...
  • Page 39 (FQDN). Select OK. The Time Zone Selection screen appears: TIP: Select simple names that are short, easy to remember, have no spaces or underscores, and the first and last character cannot be a dash (-). Installing Novell ZENworks Network Access Control...
  • Page 40 10 On the Time Zone Selection screen, select the time zone. Select OK. The Root Password screen appears: TIP: Make sure that you select a root password that is easy for you to remember but difficult for others to guess. Install Screen, Root Password Figure 3-7 Novell ZENworks Network Access Control Installation Guide...
  • Page 41 11 On the Root Password screen, enter a root password for the Novell ZENworks Network Access Control server. Enter a secure password that you can remember, and retype the password to confirm it. Select OK. The Novell Novell ZENworks Network Access...
  • Page 42 16 The server reboots and starts Novell ZENworks Network Access Control. 17 Log in to the Novell ZENworks Network Access Control server and perform the initial configuration as described in “Initial Configuration” on page Creating a Multiple-server Installation To install the MS and ES on different servers:...
  • Page 43 Linux: Mozilla Firefox v1.5 or later, Mozilla v1.7 Mac OS X: Mozilla Firefox v1.5 or later 2 Using https://, point your browser to the IP address or host name of the Novell ZENworks Network Access Control server (for example, https://10.0.64.25).
  • Page 44 4a If you do not wish to accept the license agreement, click I do not accept this license agreement, or 4b Read the Novell ZENworks Network Access Control End-User License Agreement (EULA) and select I Accept this license agreement. 4c Click Next. The Enter management server settings window appears.
  • Page 45 9 On the Enter license key window, in the License key field copy and paste your Novell ZENworks Network Access Control license key, which was emailed to you as a text file. Click Next. The Create administrator account window appears.
  • Page 46 ESs to the cluster. To create (name) the Enforcement cluster: 1 Using https://, point your browser to the IP address or host name of the Novell ZENworks Network Access Control server (for example, https://10.0.64.25).
  • Page 47 Novell ZENworks Network Access Control Home Window Figure 3-15 NOTE: The Novell ZENworks Network Access Control home window displays the System configuration menu option only for users with administrator permissions. You will see different menu options based on your permissions, which are defined as user roles.
  • Page 48 3 Select System Configuration. The System configuration, Enforcement clusters & servers window appears: Enforcement Clusters & Servers Figure 3-16 Novell ZENworks Network Access Control Installation Guide...
  • Page 49 7 Before Novell ZENworks Network Access Control is fully functional, you must select the operating parameters for each cluster; however, you do not have to do this now. When you are ready to configure the clusters, refer to the “Adding a cluster” section in the Novell ZENworks Network Access Control Users Guide.
  • Page 50 5 Enter the SSH password for the SSH username account on this enforcement server in the SSH Password text box. 6 Re-enter the SSH password for the SSH username account on this enforcement server in the Re-enter SSH Password text box. Novell ZENworks Network Access Control Installation Guide...
  • Page 51 IMPORTANT: The MS must have the same version of software installed as the ES you are adding or you will get an exception error. If you are upgrading an existing system, upgrade the MS, then add new ESs. The upgrade process will automatically upgrade any existing ESs. Installing Novell ZENworks Network Access Control...
  • Page 52 Novell ZENworks Network Access Control Installation Guide...

  • Page 53: Configuring Novell Zenworks Network Access Control

    Network Access Control operating parameters Novell ZENworks Network Access Control Home window>>System configuration The Novell ZENworks Network Access Control Users Guide provides detailed instructions for configuring Novell ZENworks Network Access Control. If you experience problems, or have questions, contact Novell Support (http://www.novell.com/ support) or call (800) 858-4000).
  • Page 54 Novell ZENworks Network Access Control Installation Guide...

  • Page 55: A Installation And Configuration Check List

    Internet connection with outbound SSL communications * NOTE: You must have access to the following: For license validation and test updates: http://nacupdate.novell.com port 443 * For software and operating system updates: http://nacdownload.novell.com port 80 * Workstation running one of the following browsers with 128-bit encryption: * Windows: Mozilla Firefox 1.5 or later...

  • Page 56: Installation Location

    Upgrade link: (provided to Novell subscribers through email) A.4 IP Addresses, Hostname, Logins, and Passwords NOTE: This Installation and Configuration Checklist is a list of the items used in Novell ® ZENworks Network Access Control including passwords; however, Novell recommends as a security best practice that you never write down passwords.

  • Page 57: Multiple-Server Installations

    Time zone: * -------------- ________________________________________________________________ MS/ES server root password: * __________________________________________________ MS/ES Database password:* ___________________________________________________ Novell ZENworks Network Access Control user interface administrator account name: * _____________________________ Novell ZENworks Network Access Control user interface administrator account password: * _________________________ SMTP server IP address: _______________________________________________________ A.4.2 Multiple-server Installations...
  • Page 58 Novell ZENworks Network Access Control user interface administrator account name: * ___________________________________________________________________________ Novell ZENworks Network Access Control user interface administrator account password: * ___________________________________________________________________________ SMTP server IP address: ______________________________________________________ Enforcement Server 1 Required fields are indicated by a red asterisk (*).

  • Page 59: Proxy Server

    Time zone: * _______________________________________________________________ ES server root password: * ____________________________________________________ ES Database password:* ______________________________________________________ Novell ZENworks Network Access Control user interface administrator account name: * ___________________________________________________________________________ Novell ZENworks Network Access Control user interface administrator account password: * ___________________________________________________________________________ Enforcement Server 3 Required fields are indicated by a red asterisk (*).

  • Page 60: Quarantine

    RADIUS server type (local or remote IAS): ________________________________________ Local RADIUS server type end-user authentication method: Manual: ------------------- ________________________________________________________________ Windows domain: Domain name: * Administrator user name: * Administrator password: * Domain controllers: * Novell ZENworks Network Access Control Installation Guide...

  • Page 61: 802.1X Devices

    Additional credentials user name: * Additional credentials password: * Open LDAP: Server: * Identity: * Password: * Base DN: * Filter: * Password attribute: * End-user credentials user name: * End-user credentials Password: * A.6.2 802.1X Devices Required fields are indicated by a red asterisk (*). Define 802.1X devices globally for all clusters, or on a per-cluster basis.

  • Page 62: Dhcp

    Accessible services and endpoints for all clusters: Web sites: ______________________________________________________________ Hostnames: _____________________________________________________________ IP addresses / ports: ______________________________________________________ Networks: ______________________________________________________________ Windows domain controller: _______________________________________________ Accessible services and endpoints for cluster 1: Web sites: ______________________________________________________________ Hostnames: _____________________________________________________________ Novell ZENworks Network Access Control Installation Guide...

  • Page 63: Notifications

    IP addresses / ports: ______________________________________________________ Networks: ______________________________________________________________ Windows domain controller: _______________________________________________ Accessible services and endpoints for cluster 2: Web sites: ______________________________________________________________ Hostnames: _____________________________________________________________ IP addresses / ports: ______________________________________________________ Networks: ______________________________________________________________ Windows domain controller: _______________________________________________ Accessible services and endpoints for cluster 3: Web sites: ______________________________________________________________ Hostnames: _____________________________________________________________ IP addresses / ports: ______________________________________________________...

  • Page 64: Section A.8, "Test Exceptions

    Cluster 2 endpoint testing exceptions (endpoints that are whitelisted or blacklisted): MAC addresses: ------------- _________________________________________________________ IP addresses: ____________________________________________________________ NetBIOS names: _________________________________________________________ Cluster 3 endpoint testing exceptions (endpoints that are whitelisted or blacklisted): MAC addresses: ------------- _________________________________________________________ IP addresses: ____________________________________________________________ NetBIOS names: _________________________________________________________ Novell ZENworks Network Access Control Installation Guide...

This manual is also suitable for:

Zenworks network access control 5.0

Table of Contents