Blog Entry

(View Disclaimer)

This is part 1 of 5 parts I plan to post about Course 3113 over the next couple weeks. The course is called "Upgrading to and Exploring New Features in Novell ZENworks 11 Configuration Management." It's 3 days worth of content so I can't share it all here, but I can highlight some of the most interesting parts.

My hope is obviously to generate interest in the course, but also to impart some useful information to make this post worth your time to read. So, from Section 3: Describing Location Awareness, here you go...

By way of introduction to the topic of Location Awareness, the manual states:

Whether a user is a mobile employee who travels frequently, a corporate office employee, or a work-from-home employee, you want to ensure that the user is connecting to the right ZENworks server, that the correct applications are available, and that the appropriate security policies are being applied to protect the device in its current network environment. ZENworks 11 allows you to create locations that are used by ZENworks Adaptive Agent to determine what should be available or enforced on a managed device.

The following objectives are covered in Section 3:

1. Describe Configuration and Security Locations
2. Define and Manage Network Environments
3. Create and Manage Locations
4. Configure the Closest Server Default Rule
5. Add Closest Servers to Locations

Creating and managing locations will be the focus today. In the Create and Manage Locations objective, the manual says:

Security requirements for a device can differ from location to location. You might, for example, have different personal firewall restrictions for a device located in an airport terminal than for a device located in an office inside your corporate firewall.

To make sure that a device’s security requirements are appropriate for whatever location it is in, Endpoint Security Management supports both global policies and location-based polices. A global policy is applied regardless of the device’s location. A location-based policy is applied only when the device’s current location meets the criteria for a location associated with the policy. For example, if you create a location-based policy for your corporate office and assign it to a laptop, that policy is applied only when the laptop’s location is the corporate office.

If you want to use location-based policies, you must first define the locations that make sense for your organization. A location is a place, or type of place, for which you have specific security requirements. For example, you might have different security requirements for when a device is used in the office, at home, or in an airport.

Locations are defined by network environments. Assume that you have an office in New York and an office in Tokyo. Both offices have the same security requirements. Therefore, you create an Office location and associate it with two network environments: New York Office Network and Tokyo Office Network. Each of these environments is explicitly defined by a set of gateway, DNS server, and wireless access point services. Whenever the Endpoint Security Agent determines that its current environment matches the New York Office Network or Tokyo Office Network, it sets its location to Office and applies the security policies associated with the Office location.

Unknown is the default location that is automatically created after you install ZENworks 11. If ZENworks Adaptive Agent is unable to find a location that matches its current environment, the managed device is associated with the Unknown location. You cannot delete or rename the Unknown location.

When you create a location, you provide a location name and then associate the desired network environments with the location.

In this course you will perform the following steps to create and test a location called “office” that defines a location for managed devices connected to the 172.17 network (in the course we provide virtual machines called XP-Admin and XP-WS, configured specifically for the course, as the lab environment).

To create the “office” location, do the following steps from the XP-Admin virtual machine:

1. In the ZCC, in the upper-left pane, select Configuration; then select the Locations tab.
• A Locations dialog screen is displayed.
2. Under the Locations heading, select New.
3. On the Step 1: Define Details screen, for Location Name, enter Office; then select Next.
4. On the Step 2: Assign Network Environments screen, verify that Create and assign Network
   Environment to the location is selected; then select Next.
5. On the Step 3: Define Details screen, select Next
6. On the Step 4: Network Environment Details screen, under the Gateways tab, select Add.
7. On the Add Gateway screen, enter the following information:
• IP Address: 172.17.0.1
• Select the Match Required check box.
8. Select OK; then select Next.
9. On the Step 5: Summary screen, select Finish

To test for awareness of the “office” location, do the following steps from the XP-WS virtual machine:

1. Select Start > All Programs > Accessories.
2. Right-click Command Prompt; then select Run As.
3. On the Run As screen, enter the following information:
• Select the The following user radio button
• Password: N0v3ll123
4. Select OK.
5. At the command prompt window, enter “zac ref bypasscache”
• The ref command is processed and the device information is refreshed.
• You will see the Configuration Location Change message box from the ZENworks icon.
6. Right-click the ZENworks icon; then select Show Properties.
• The ZENworks Adaptive Agent Properties are displayed and they verify that the Configuration Location displays the Office location you created.

If you like what you see here and would like to see more, Novell Training is offering this course online from July 26th - 28th for $1750 or 5 training credits. Click here to go to the registration link http://bit.ly/kVuyVv.

Please follow Novell Training on:
http://twitter.com/novell_training
http://www.facebook.com/NovellTraining

Disclaimer: As with everything else at Cool Solutions, this content is definitely not supported by Novell (so don't even think of calling Support if you try something and it blows up).

It was contributed by a community member and is published "as is." It seems to have worked for at least one person, and might work for you. But please be sure to test, test, test before you do anything drastic with it.