Significant changes are coming with the next major release of ZENworks: things that are very different from earlier versions, yet still deliver the same solid value you have come to trust with your present ZENworks solutions. In this article, we'll dig into this new ZENworks product and discuss what is different, describe the exciting new features that are coming, which you've been asking for, and give you some tips to help your transition to this new version. Hey, we'll even get a little technical to keep those engineering juices flowing as you imagine how this new product will fit into your world.
Before we start the journey, let's understand how this release fits into the overall product roadmap for ZENworks. Today, several ZENworks products are available for your desktop and server management environments, including:
- ZENworks Desktop Management
- ZENworks Server Management
- ZENworks Handheld Management
- ZENworks Patch Management
- ZENworks Linux Management
- ZENworks Asset Management
- and the ZENworks Suite.
Novell recently announced some new ZENworks products to help you manage your data center, but we'll leave those for another article.
As the ZENworks product line moves forward with this release and beyond, the product family will split into three product areas:
- Change and Configuration Management (CCM)
- Data Center Management
- Update Services
> What's New
Several new and enhanced components make this solution quite different from earlier version of ZENworks iterations. Some examples of these are:
- completely integrated Web and command-line interfaces
- integration of ZENworks products
- direct access to the directory of your choice
- new supported platforms
- system updates
- new Web services architecture
Let's look at some brief descriptions of each of these new elements.
Web and Command-line Interfaces
In this new release there are no administration capabilities within ConsoleOne. The entire user interface has been revamped to be browser-based. This change reflects the ZENworks development team's new philosophy about how best to display administration information: the new approach is to provide you with direct access to your information, and to more of your information than ever before. When you hit the home page in the ZENworks Control Center, you see a detailed snapshot of the status of your ZENworks system. (See Figure 1.)
As you can see, the new home page gives you up-front information on what is happening in your network. You discover the number of each type of device you are managing, and their current status with regard to the policies and content you have sent those devices. Additionally, you can instantly view the most critical errors that have cropped up anywhere in the system. This information allows you to quickly prioritize and drill down into the problems for faster and more effective resolution.
In addition to a graphical interface, command-line interfaces let you access, create and manipulate the same administration configurations. It also contains a command-line tool for administration called "zman" and another tool call "zac" to manage the device. While not as full-functioned as the Web-based interface, these tools do expose many of the most useful capabilities through the command-line interface. These features enable you to automate some of your processes with scripts to administer your systems.
One of the most exciting new features is integration. Novell has merged the Desktop, Server, Handheld, Patch Management and Asset Management versions together into one system. Now you will have a single place where you can manage all things ZENworks.
The new ZENworks goes beyond integration of the Web-administrator interfaces. The next releases will integrate databases, back-end platforms and capabilities. When one release contains a feature, then all ZENworks products, where that capability is relevant, will have that same capability.
For example, if Novell introduces client throttling, then the next release of ZENworks Asset Management that is built on the new architecture will also have client throttling if it is relevant.
This next generation of ZENworks is the place to go to support your Vista 32-bit and 64-bit workstations in your environments. In addition to your Vista systems, it will also support Windows 2000 and Windows XP workstations. You can also run back-end services on Windows 2000 and Windows 2003 servers in addition to SUSE Linux Enterprise Server 10 servers. You will still be able to manage your Windows desktops from a SUSE Linux Enterprise Server for Linux server as well as the latest Open Enterprise Server for Linux server.
When installed, you have the choice of using the supplied Sybase database or you can choose to run your administration on an external Microsoft SQL 2000 or 2005 database. Oracle will be added in future releases.
One of the unique capabilities of ZENworks today is its integration with corporate directories. That integration gives administrators a single point of control over who gets what applications as per the policies based on their identity within the directory.
With this next release, this unique feature remains. The computer, content (application or policy) and the user all have identities in the system, then you describe their interactions through policies and assignments of content to computers and users. But the new version provides this ability differently than traditional ZENworks.
Traditional ZENworks understands eDirectory objects. ZENworks is the solution that placed workstation and application objects within the directory and provided administrative capabilities in ConsoleOne and iManager to allow you to describe those relationships. The next generation ZENworks can do the same, but it puts its objects in different places and accesses your directories differently.
It communicates with your chosen directories via LDAP, retrieving the required information for the system. Nothing about the directory object is stored in the new ZENworks system except the unique identifier (GUID) assigned to it by the directory. You can make assignments to users, user groups and containers within your chosen directories. When any information contained in the directory objects are required, it queries the directory with the GUID and recovers the data. The next release requires only read access to the directory. No schema changes are required, no specialized directory is necessary, and no synchronization of passwords or information between directories is required.
The entire user interface is browser-based and reflects the new philosophy about how best to display administration information: the new approach provides you with direct access to your information, and to more of your information than ever before.
Initially, this new release will support both eDirectory and Active Directory. This means if you choose Active Directory you won't be required to have an eDirectory for ZENworks anymore.
All other information, such as assignments between content, users and devices, are stored in the database. By looking up SQL tables, the system can determine who needs what content and what devices the user is currently running. It then delivers the content to the proper places to the users who have the proper rights.
It can handle links to multiple directories, which allows you to manage assignments across multiple trees or domains within the system. You can even create user groups containing users from different directories, mixing users from different trees and even domains in the same group.
Additionally, if you choose not to manage policies and content via users, you can define no directories and it will provide full management for your devices based on a device record regardless of the user on the machine.
And one more thing: now that ZENworks groups are just a set of GUIDs in a table in the database, you no longer have the performance penalties you may have seen assigning ZENworks applications to groups. Now, creating a group in the next version and assigning and determining content causes no performance issues in determining group membership.
Initially, this new release will support both eDirectory and Active Directory, which means if you choose Active Directory you won't be required to have an eDirectory for ZENworks anymore.
Tired of trying to find a patch or hotfix? Wondering which version of support pack is currently available for ZENworks? Well, these system update tasks are no longer a problem. Borrowing technology from ZENworks Asset Management, the next generation of ZENworks is automatically informed of all updates over the Internet and lets you decide when to upgrade to the next set of patches or updates.
The system will contact the Novell update system periodically over the Internet. When it detects an update, it downloads it and informs you of its availability. After receiving the update, you can try it on your test devices, approve it when you are ready, and then the system will take care of getting the update to the servers and to the clients.
Web Services Architecture
One completely new aspect is its internal architecture. The next generation ZENworks has been built into a Web-services architecture that performs SOAP calls to the back-end services. This new Webservices architecture has many advantages over the traditional systems, including:
- minimal communication over the wire
- industry standards-based transmissions
- easier updates and upgrades
- modular scalability
- platform independence
Now all communication between the client and the back-end systems use these SOAP calls. Even the command-line interfaces and the browser-based administration GUI use them. This new functionality enables it to encrypt all communication between the client and the servers and allows pass-through via all the routers throughout the Internet.
> What's Different
When you see the next generation of ZENworks, you'll immediately notice several components that set this version apart from earlier ZENworks versions. Let's talk for a moment about some of these differences.
Application Objects have been replaced with Bundles. Bundles are the new objects that represent content to be delivered to devices, but they are much more flexible than the old Application Objects. There used to be two common types of Application Objects; applications that were captured using the SnapShot tool, and those created manually to make registry or file deliveries. The new Bundles allow both prepackaged software and manually created files and registries to be delivered; however, for Windows, the only packaging standard supported is MSI. If you need to snapshot an application, you must use the provided AdminStudio tool, or other snapshot tools available in the market, that can capture installations and create MSI packages. Bundles go beyond delivery of content. They provide the ability to order a set of launchable actions that will execute when the system is performing a particular activity on a bundle including installing, launching the application, performing a verify, or uninstalling the application. We could spend a good amount of time drilling down into the various available actions, but that's beyond the scope of this article. Perhaps we'll address that topic in a future article.
Bundle groups are new components. You can now create a group that contains a set of bundles and then assign that group to users, devices or containers to have those bundles delivered to those users and devices. Now you can make a common set of applications and when you want to give another to the same team, just assign the bundle to that bundle group. (See Figure 2.)
Policy Packages are gone and now policies roam free of them and include system requirements. Only devices that meet the specified system requirements will enforce the policy. Initially, this may feel a bit chaotic because packages were meant to group similar policies together. But pulling policies out of packages provides freedom and eliminates some of the issues that arose from having the same policy, such as remote control, appear in both workstation and user packages and also not being sure which would apply and how. It includes interfaces in the administration Web site to show you which policies may be effective, and reports back from the device which policies are being enforced on it.
If you are a traditional ZENworks customer, you can prepare yourself for an easier transition by moving to the MSI Installation package format. These packages will move over more straightforward than other Application Object snapshorts.
If you are wondering about how best to prepare for this next generation of ZENworks, or when to consider putting it into your environment, we offer the following suggestions. It will be the first release that supports Windows Vista. Many customers are rolling out Vista in a slow or isolated manner, just upgrading small pockets of devices. This is a good time to begin your move. Introduce this new version into your environment when you put in Vista, then when you feel comfortable with its capabilities, begin to migrate your other Windows 2000 and XP systems over to your new ZENworks system. If you don't plan to have Vista in your environments quite yet, consider introducing the new version into a single site initially and then expanding the system as you desire.
If you are a traditional ZENworks customer, you can prepare yourself for an easier transition by moving to the MSI installation package format. These packages will move over more straightforward than other Application Object snapshots.
Either way. Novell and its partners will be providing migration tools to help you get your system up and running and bring over all the relevant applications and policies you have.
You now have a good overview of what's new and different in the next generation release, along with some other insights about where the ZENworks product line is heading. We covered how it improves upon traditional ZENworks by introducing a completely Web-based administration interface along with command-line support. We also discussed how it integrates all of the other ZENworks family products into a single interface and architecture. We sketched out the new features, such as Vista support, system updates and the ability to choose your directories and interface with them through the standards-based LDAP protocol. And let's not forget the new Web-services architecture that allows for easy updates, standard interfaces and more efficient communications. We highlighted some differences from the current version of ZENworks, particularly with only MSI installation package formats for Windows and the new highly flexible bundle objects as well as the new world of policies.
But we really just scratched the surface of this exciting new product. In future articles, we'll talk more about how to architect your new ZENworks system to provide for scalability and performance and help you prepare for the follow on release. We'll also dig more into bundles and how the new updated client works. (Hey, we now have one client; throttling; better statistics; back-end services redirection, DLU, and more.) And we'll visit on licensing, upgrades, migration and security.
Wow; those will be some great articles. Keep a close watch, and in the meantime, ask your Novell rep or authorized partner for more detailed information on this greatly improved new version of a powerful and time-saving IT solution.