Over the last decade, Novell ZENworks has developed a reputation as one of the industry's most complete and capable solutions for centrally configuring and managing endpoints in complex and heterogeneous networking environments. With Novell ZENworks, thousands of organizations ( See http://www.novell.com/success ) have discovered the benefits of using a policy and user-based approach to simplify and automate software and patch deployment, asset tracking, endpoint security, OS migration and a long list of other routine endpoint management tasks. Novell ZENworks allows IT organizations to perfectly align their desktop environments with established business policies and shift more time, money and resources away from mundane, repetitive tasks and toward strategic IT initiatives.Novell ZENworks 11 represents another major step toward completely automated and nearly effortless endpoint management—by bringing the family of ZENworks products together under a single integrated platform and then extending all those capabilities to a wider range of Windows, Linux and Apple Mac platforms and devices.
Novell ZENworks 11 includes:
- An architecture that adapts to your environment with flexible choices for the platform OS, database, directory services and range of supported devices for management.
- A new identity-based, heterogeneous endpoint management platform that consists of a unified ZENworks Control Center console, a single ZENworks Adaptive Agent and ZENworks server software
- Integrated configuration, asset, patch and endpoint security management for Windows, Linux and Apple Mac endpoints.
- Optional Full Disk Encryption for Windows devices
- Managed device location awareness capabilities that add a new dimension to ZENworks Configuration Management, ZENworks Asset Management, ZENworks Patch Management and ZENworks Endpoint Security Management 11's identity-based approach.
- Power management and reporting for Green IT initiatives
- The use of standards-based protocols
- Network consumption control when rolling out new applications or installing updates
- Full manageability over the Internet using secure communication channels
- Simple and speedy installation, deployment and updates
- The ability to integrate seamlessly with your choice of user directory and database platforms
- Support for 64-bit hardware and operating systems
- Rapid installation with an appliance on VMware ESX(i) Hypervisor
Choosing the Best Management Paradigm for Your Business
Every feature found in Novell ZENworks 11 flows from the Novell vision of the Open Enterprise, which embraces the value of creating a simple, secure, productive and integrated IT environment that works across heterogeneous systems. Novell ZENworks 11 empowers IT organizations to manage systems in ways that support real users—with all their various security, location, device and other needs—while still maintaining simple, centralized control over the entire end user environment. As an essential corollary to this philosophy, Novell ZENworks 11 also gives IT departments the freedom to manage their systems according to the paradigm that best reflects their organization’s business policies—and the IT staff’s preferred working style.
With Novell ZENworks 11, IT departments can choose to manage systems tactically (on a device-by-device basis) or strategically (in synchronization with business policies) using any combination of four distinct management paradigms: management by exception, management by location, device-based management and finally user-based management.
Management by exception
When you evaluate any configuration management solution or paradigm, you should carefully consider two important criteria. First, how well does the management paradigm scale? And second, how large a burden does it place on your IT staff as they continually update the solution to accommodate changing business policies? Novell ZENworks 11 can provide the right answers to both of these questions. Novell pioneered the “management by exception” paradigm, and ZENworks 11 continues to offer it as a powerful tool for continuously adapting to changing business policies and practices with minimal IT effort.
In most situations, management by exception serves as a complement to policy-driven management paradigms. It allows for the strict, high-level enforcement of general configuration management rules across user or device groups, while still permitting exceptions at a more granular level to accommodate specialized needs.
For example, normal business policies may allow employees to remotely access the corporate network. However, applying this policy across the board to all desktops—including PCs in the finance and legal departments—could expose the company to regulatory penalties and corporate spies. Exception-based management allows IT departments to create and automatically enforce general access policies across the whole company, and then apply more restrictive policies to PCs and users in specific groups or departments. In this case, the additional stricter policy would restrict access to normal business hours, on-site, by authorized users. Exception-based management allows for complete flexibility, without requiring IT to manage separate policy silos for each type of user and machine.
Management by location
According to research from major analyst firms such as Gartner, IDC etc.. the number of traditional static desktops within our organizations is becoming smaller. Observational evidence confirms this as we see the number of laptops growing almost on a daily basis. Laptops have provided many benefits to todays modern workforce but they present I.T management challenges. Take the example of an application rollout. A laptop could be connected in an office, airport, hotel , home office or even across a 3G connection using a cell phone link, all of which have different conection characteristics which may not be suitable for distribution activities.
Our desktops are not immune from location based management challenges. We clearly do not want them reaching out over Wide Area Network links to communicate with our management system. As far as possible , all management activities using the network should occur locally; anything which needs touch the central site should only happen when network loading is low.
But it is not just management activities we wish to control based on device location. We also want to adjust the security posture. Many organizations take the view that devices inside the office network perimeter are reasonalbly safe but when outside they are at risk. Therefore items like firewall configuration, allowed plugable devices , encryption, wireless settings etc.. should be adjusted based on location.
The unique ability to use information about location adds a whole new dimension for management. You can create policies that reflect business requirements for any given location that a device may be in.
Many organizations base their configuration management practices on the devices they manage. In fact, this is the default method used by most competing configuration management products on the market today. In the absence of user-based and exception-based policy management, products that only target specific device configurations typically end up treating actual business policies and the needs of users as an afterthought because they essentially link a specific user to a specific device. By tying applications, policies and other configuration parameters to a specific managed device or set of managed devices, this approach often forces users into rigid roles instead of supporting them as dynamic participants in ever-evolving business processes. Because of these limitations, Novell ZENworks 11 places more emphasis on user-based management than device-based management.
However, to keep the solution as flexible as possible, Novell ZENworks 11 does offer device-based management capabilities that can be used in conjunction with other management paradigms to fill specialized needs. For example, call centers where multiple users share a single PC in shifts, manufacturing-floor PCs and public kiosks can all create situations where device-based management may be more appropriate than user-based management. In addition, companies that normally rely on user-based management may need the ability to quickly set up a device for ad hoc, tactical purposes. For example, quickly configuring a device to auto-run a presentation in a conference center might make more sense than creating a new “user” for that single instance.
With the Novell ZENworks 11 architecture, you have the option of using device-based management whenever it suits your specific needs. Because device-based management is very familiar to most IT professionals, and because it offers the fastest way to configure a machine before you create long-term user-based policies, device-based management is presented as the default management paradigm when you first install ZENworks 11.
User-based systems management—which leverages user identities, group roles and business policies—is the gold standard for automation, security and IT control. User- based management has always been a Novell specialty. And even though the underlying architecture of Novell ZENworks 11 has been dramatically enhanced, the full power and complete range of Novell ZENworks 11 user-based management capabilities has been preserved.
True user-based configuration management disassociates users from the specific devices they use. This makes it possible to treat users as the company’s most valuable managed asset and relegate devices to their proper role as tools that must serve the needs of users. Allowing people—rather than machines—to be managed as first-class configured entities means that policies, applications and other configuration details can “follow” users from machine to machine. User-based management also ties IT policies directly to business policies, which increases responsiveness to changing business conditions. Finally, a user- based approach leverages identity stores and business systems across the enterprise to eliminate errors, increase security, standardize workflows, document regulatory compliance and support effective decision-making.
The user-based paradigm represents a truly strategic approach to systems management, while device-based management is almost purely tactical. With Novell ZENworks 11, you can mix and match both approaches—based on your changing business and IT requirements—by using the management by exception paradigm. For example, Novell ZENworks 11 allows you to apply a policy to a specific device and then selectively override that policy based on the identity information of the user who is currently logged on. Conversely, you could choose to override a general user- and role-based policy based on a specific machine and its context, such as when a mobile device attempts to access the network from outside the firewall.
Novell ZENworks can offer your business a long list of unique benefits and advantages. It is based on the proven Novell ZENworks 11 platform that combines and integrates configuration, asset, patch, and endpoint security management for Windows, Linux and Apple Mac devices. It offers a single, modular architecture that maximizes flexibility and scalability, simplifies and speeds management throughout the device lifecycle, minimizes processing demands on managed clients, reduces bandwidth consumption for management processes and uses standards-based protocols to seamlessly integrate with your choice of user directory and object database. It lets you manage systems based on users identities, roles, groups and locations, so I.T can work hand-in-glove with the company’s business priorities and policies. Finally, it gives you a secure, web-based console for unified control over all your management tasks—from virtually anywhere.
Disclaimer: As with everything else at Cool Solutions, this content is definitely not supported by Novell (so don't even think of calling Support if you try something and it blows up).
It was contributed by a community member and is published "as is." It seems to have worked for at least one person, and might work for you. But please be sure to test, test, test before you do anything drastic with it.