Novell Home

 

In March 2007 Novell announced its next generation of the ZENworks product named ZENworks Configuration Management. This new product is built on Web services technology, using a single adaptive agent, and a database rather than eDirectory to store all of the ZENworks information. Despite no longer requiring or putting objects into eDirectory, ZENworks Configuration Management still provides all the same capabilities, including both device and user-based management, that the traditional ZENworks Suite provides. And because the linkage to an Identity Directory is through LDAP, ZENworks Configuration Management can provide device- and user-based management to both eDirectory and Active Directory customers natively. In addition to new architecture, ZENworks Configuration Management also has an integrated patch solution with the Novell partner, PatchLink. The ZENworks Patch Management system you have is now integrated directly into ZENworks Configuration Management.

This article explains how you can introduce and migrate ZENworks Configuration Management into your system if you've been using the ZENworks Suite.

The task of a migration may seem overwhelming, but the ZENworks engineering team has been working on migration since the beginning of the development cycle.

> Migration, Not An Upgrade
The first thing you need to understand is that moving from the ZENworks Suite to ZENworks Configuration Management is a migration path—not an upgrade. You cannot install ZENworks Configuration Management on top of your existing ZENworks Suite installation. This may seem like an inconvenience, but in reality, it is a great benefit. It lets you introduce ZENworks Configuration Management into your environment without affecting any of your current ZENworks Suite implementation. Then as you get comfortable with it, you can migrate more and more devices over to the new system.

The task of a migration may seem overwhelming, but the ZENworks engineering team has been working on migration since the beginning of the development cycle. Development migration tools and methodology are in place to make the move as painless as possible. And since ZENworks Configuration Management has a modular infrastructure you can add components as you grow the number of managed devices.

 

At a high level, you can accomplish your migration in the following seven steps:

  1. Plan your ZENworks Configuration Management installation.
  2. Deploy your ZENworks Configuration Management back-end systems. Start small and add more as you need.
  3. Migrate existing content from your ZENworks Suite into your ZENworks Configuration Management system.
  4. Migrate initial pilot users and devices into ZENworks Configuration Management and make sure everything is working as desired.
  5. Migrate additional users and devices into the new system.
  6. Migrate patch management to ZENworks Configuration Management.
  7. Decommission existing ZENworks Suite system if appropriate.

> Plan and Deploy
You should understand the basic architecture of the new ZENworks Configuration Management product compared to your traditional ZENworks Suite. This information will help you as you plan and deploy your new system.

ZENworks Suite is a two-tiered architecture where clients on the individual devices communicate directly with eDirectory services on your servers to discover and apply policy and applications to devices and users on those devices. The eDirectory services provides replication of the ZENworks assignments throughout replicas of directory partitions on your network. ZENworks Suite inventory and other information is also stored in a centralized database. The agent in the ZENworks Suite holds the business logic and intelligence to discover assigned work and perform those actions.

ZENworks Configuration Management, on the other hand, is a three-tiered architecture where the client communicates to back-end Web services over HTTPS connections. Those Web services then communicate to the centralized database and the specified LDAP directories to gather assignments of content and policies for the particular device and user.

Then that information is passed back to the managed device all using SOAP (Simple Object Access Protocol) communication. Notice that with ZENworks Configuration Management, the business logic and intelligence is contained in the back-end Web services. These Web services tell the device agents what to do and where to get the content they need.

Because the business logic is performed on the back-end servers, those server resources have a greater strain, but it reduces the amount of traffic communicated over the wire, and the agents on those managed devices require fewer updates to incorporate new capabilities.

Additionally, no ZENworks information is stored in eDirectory or Active Directory; all ZENworks information will now be stored in the centralized database. For user-based assignments, only references to the user object eDirectory or Active Directory GUID will be placed in the database. This removes the requirement for some type of synchronization between your directories. And if you do not link ZENworks Configuration Management with any directory, you will have only device-based ZENworks features. Because the database is the source of all information, you must take special care in where the database is located and how it is maintained. The database will need to be regularly backed up, and for high-availability you might need to consider a clustered-server system. Think of ZENworks Configuration Management as a type of Web server farm system that has multiple back-end servers working with a single database with agents communicating over network connections.

The next ZENworks Configuration Management release will introduce satellite servers to place portions of the configuration, content and other services on local servers closer to your managed devices.

Once you have determined the layout for your ZENworks Configuration Management system and deployed a back-end service, it's time to copy content from your existing ZENworks Suite system into ZENworks Configuration Management. Note: Novell Consulting Services are well trained on both traditional ZENworks and the new ZENworks Configuration Management system and can help you plan, deploy and migrate to the new solution.

> Migrate Existing Content
You might have many types of ZENworks content scattered throughout your eDirectory tree, including workstation and handheld objects, policy packages and content objects known as Application Objects. This information can represent a significant amount of invested effort in the applications, policies and content you deliver to your desktops. The ZENworks engineering team recognized this effort and has written tools to move as much of this information as possible over to ZENworks Configuration Management.

The primary tool for migration is the Novell ZENworks Migration Console and is part of the ZENworks Configuration Management installation. This tool simultaneously connects to your eDirectory where your ZENworks Suite information resides and the ZENworks Configuration Management system where the information is going. Once the tool is connected to these two systems, run through the predefined steps and choose the content you want the migration tool to copy. Your existing ZENworks Suite information will remain untouched, thereby allowing your current system to continue to service your managed devices without any disruption while you introduce ZENworks Configuration Management into your environment.

The ZENworks Configuration Management migration tool can migrate information from ZENworks for Desktops 4.01, ZENworks Desktop Management 6.5 and ZENworks 7 Suite systems. The following sections describe the basic steps of the migration tool.

Installing and Launching the Migration Tool
First, install the Migration Tool. The tool, ZENMigration.exe, is located at http://<ZCM Primary Server>/zenworks-downloads/tools or on the Primary Server in the c:\Novell\ZENworks\install\downloads\tools directory. The ZENMigration.exe tool must be installed on a Windows server or workstation. Once you have installed the migration tool, launch and provide authentication information to the eDirectory tree and the local ZENworks Configuration Management zone. (see figure 1.) Note: Although the migration tool accesses eDirectory, it does not require a Novell client be installed.

Migrating Application Objects
Next, bring over the relevant application objects you want from your existing eDirectory system. Using the migration tool, browse to the eDirectory system and drag and drop the application objects into the right pane to migrate them to the zone. Drag over any number of application objects or containers from any location into the right pane. When a container is dragged, all objects of the type to migrate (applications, in this case) in the container and subcontainers will be migrated. (see figure 2.)

The new ZENworks Configuration Management system no longer supports the AOT/AXT format. Therefore, your applications must already be in MSI format or the migration tool will convert them. Once you have selected the desired application objects, press the Migrate Now button. The tool will collect the application object information and files and create a corresponding bundle in the new ZENworks Configuration Management zone. The tool will automatically show the status as it migrates each object.

 

Migrating Other Objects
Click on the additional steps: Imaging, Policies, Workstations and Associations to migrate the additional objects over to your new system. If you are not copying over specific objects, such as images, skip that step. With the migration tool, you can bring over your GPO (Group Policy Objects) that you created as well as other policies and images, so you don't have to start over with your new system. (see figure 3.) Remember that no objects in eDirectory are disturbed, and you can migrate as many times as you want. You can remove the objects created in ZENworks Configuration Management and migrate them again, so don't worry if you want to change things and try again.

Complete Copying ZENworks Suite Content
Once you have copied your ZENworks Suite content into the new system, and you are satisfied with the migration, you can begin deploying devices to receive this content.

Next, ensure that all is working properly prior to rolling out to the larger organization. Again, if you change your mind on what or how you migrated, just go into the ZENworks Configuration Management zone and remove the items you don't like and migrate them again.

> Migrate Devices to New System
Now that you have your initial ZENworks Configuration Management system in place, and you have migrated over some of your content, it's time to introduce devices into the zone and test the delivery of your policies and content to those pilot devices. By having a test pilot, you will learn what you like and don't like and possibly redesign a portion of your system, so everything is ready when you roll out to a larger audience.

Select the devices you wish to introduce as pilots into your zone. Deploy or install the agent on those devices and have them register to the ZENworks Configuration Management zone. You can place the agent on these devices either through ZENworks Configuration Management deployment capabilities, manual installation, inclusion of the agent in an image or using your traditional ZENworks Suite system. When the ZENworks Configuration Management agent is installed on a device, it will remove the previous ZENworks Suite agent and it will begin receiving management directions from the new ZENworks Configuration Management zone.

Test your pilot well and make sure all is working as desired. Once you are comfortable with the system, begin rolling out ZENworks Configuration Management agents to your other devices.

> Migrate Patch Management
Because traditional ZENworks Patch Management is now fully integrated into ZENworks Configuration Management, a Patch Management agent module will be delivered to the managed devices. Each primary server in your management zone can be a patch management server that retrieves patches from the network and delivers them to your managed devices.

When the ZENworks Configuration Management agent is installed on your devices, it does not remove any previously existing ZENworks Patch Management agent. There should be no conflict between the two patching agents and each should work independently allowing you to determine when you switch over to the new integrated patch management solution.

The patch management services on the primary servers will communicate securely back through the Internet to the patch servers and retrieve the patch information and content for delivery to managed devices serviced by that primary server. Within the same ZENworks Control Center, browser-based ZENworks Configuration Management console, you will see your vulnerabilities that have been discovered in your system and which devices need which patch. From this same Web console, you can approve and assign patches to be applied to the managed devices. Then the required patches will be delivered and installed on the device. (see figure 4.)

When you are ready to have ZENworks Configuration Management handle your patches, the traditional ZENworks Patch Management agent can be uninstalled either manually or through scripting commands delivered through ZENworks Configuration Management.

The Novell ZENworks Configuration Management is an exciting new technology that uses Web-based services to manage devices and users within your environment.

> Decommission ZENworks Suite
Your ZENworks Suite system will continue to function independently from the ZENworks Configuration Management. After you migrate all of your managed devices over to the new ZENworks Configuration Management zone and aren't managing any devices or content through your traditional ZENworks suite, consider retiring your ZENworks traditional services. But before you do, make sure you are comfortable removing the information, because it won't be available as a source for migration or to deliver services.

> Conclusion
Its three-tiered architecture provides greater flexibility and manageability. And with its LDAP connection to identity sources, ZENworks Configuration Management can deliver the same capabilities and features if you're using Active Directory or eDirectory. Novell ZENworks engineering provides migration tools that allow you to retain the content and policies you have in your existing ZENworks Suite systems and bring the content easily over into the new system.

Come on over to ZENworks Configuration Management and experience the new architecture and new features that will give you even more manageability of your devices.


© 2014 Novell