Simplified Branch Office Support and Server Deployment with Novell ZENworks 10 Configuration Management SP3
Written by Jason Blacket
Novell ZENworks® Configuration Management is all about making your IT life easier, especially when it comes to managing your endpoints. The release of Novell ZENworks 10 Configuration Management SP3 focuses on three main areas that support the “make IT easier” theme: improved branch office support; authentication enhancements; and easier, faster and more cost-effective deployment of ZENworks Configuration Management through a virtual appliance deployment option.
Satellite Support Enhanced
The branch office support improvements in this support pack focus on ZENworks satellite servers, which are managed devices you can set up in your branch offices and other locations to perform roles normally performed by primary ZENworks servers. Such roles include authentication, information collection, content distribution and imaging. The improvements provided in Novell ZENworks 10 Configuration Management SP3 deal primarily with giving you greater flexibility, control and WAN bandwidth optimization for replicating content between your satellite and primary servers.
The improvements provided in Novell ZENworks 10 Configuration Management SP3 deal primarily with giving you greater flexibility, control and WAN bandwidth optimization for replicating content between your satellite and primary servers.
The first of these improvements enables you to make content assignments for your bundles and policies at the folder level, instead of just the individual object level. (See Figure 1.) For example, if you want to replicate the entire contents of a folder containing a thousand bundles, instead of having to configure each individual bundle for replication, you can simply indicate that you want all of the folder’s content replicated. This is accomplished by doing the following:
- Go to the bundle folder’s details page in ZENworks Control Center, select the Settings tab and click Content.
- Choose Primary Server Replication or Satellite Server Replication.
- Indicate the replication status that you want for that bundle folder by marking either the Include or Exclude check box next to the content server.
- If you want to ensure that all subfolders—as well as individual bundles and policies—inherit the settings, click Force Inheritance in the Folder Task list in the left navigation pane.
Novell ZENworks 10 Configuration Management SP3 also gives you more flexible and granular control over scheduling content replication. Instead of limiting scheduling to a primary server basis using a basic reoccurring schedule, you can now schedule on a per-satellite basis and content-type basis. Additionally, you can schedule those different satellites and content types to replicate on different days and different times during the day. The new support pack also gives you more flexible control in terms of bandwidth throttling for scheduled content replication.
As an example, the granular scheduling and throttling controls allow you to make sure your critical patches replicate all day long with a large bandwidth throttle to ensure that critical content gets to your satellite servers as quickly as possible. For content that isn’t as time critical (typically the bulk of your content), you could schedule it to replicate on Mondays, Wednesdays and Fridays between 10 p.m. and 2 a.m., or some other time frame that fits your specific needs. If you need some of that content to replicate during working hours, you can reduce the bandwidth throttle so it doesn’t have as big an impact on your WAN traffic.
This support pack update also allows you to deploy new satellite servers in a way that doesn’t consume as much WAN bandwidth during the initial content replication process. When you open a new branch office and bring a new satellite server online, if you have large content repositories that you need delivered to that satellite—and especially if you have a very slow WAN link—you could potentially consume a lot of WAN bandwidth during the initial replication. Novell ZENworks 10 Configuration Management SP3 provides an offline content replication process that allows you to avoid this situation by moving the majority of your content offline rather than over the WAN.
To take advantage of offline content replication, simply do the following:
- Configure the new satellite device to not replicate any content.
- To export the content to be replicated to a removable storage device (such as a USB thumb drive), employ the zman command-line command on the primary server:
satellite-server-export-content (ssec) (Path To Device) (Export Directory) [Options]
- At the branch office, import the content from your removable storage device to your satellite server using the zac command-line command:
- Finally, configure the satellite to replicate content. This will ensure that only content changes will be replicated to the satellite over your WAN link.
Novell ZENworks 10 Configuration Management SP3 helps you reduce your WAN bandwidth footprint in the area of authentication as well. As mentioned earlier, one of the roles a satellite device can perform is that of an authentication server. (See Figure 2.) This is a new feature delivered in this support pack. Previously, only a primary server could perform LDAP authentication for your Novell eDirectory™ user sources. If you already have a local eDirectory replica, using a satellite authentication server can save you WAN bandwidth as well as speed up the authentication process. Instead of having to go over the WAN to authenticate to a primary server, you can keep authentication traffic local and spread the authentication workload among local satellite devices. As an authentication server, a satellite device can also provide local LDAP authentication for Active Directory user sources.
Authentication failover is another new authentication-related feature in Novell ZENworks 10 Configuration Management SP3—one that allows you to define multiple connections per user source. In other words, if your preferred user source replica becomes unavailable, the authentication process will fail over to another defined user source replica, allowing users to continue to authenticate and use ZENworks Control Center.
Novell ZENworks 10 Configuration Management SP3 helps you reduce your WAN bandwidth footprint in the area of authentication.
In an environment where you have multiple satellites or primary servers at a single site you can also use the Server Groups feature to randomize which authentication server a device uses. By having a different connection order for each primary and satellite server, you can randomize the load on your user source servers. This means that you will no longer have all of your clients authenticating to a single LDAP replica.
This support pack also brings Kerberos authentication support to Novell ZENworks Configuration Management. This means instead of being limited to user name and password, users can authenticate to Active Directory using a smartcard, fingerprint scanner or any other biometric device that generates a Kerberos ticket—and ZENworks will use that same Kerberos ticket for its authentication as well. Similar support has also been provided for eDirectory users that take advantage of the Novell Modular Authentication Service smart card method.
Server Deployment Virtualized
In an effort to make it easier, faster and less expensive to deploy Novell ZENworks Configuration Management servers, this support pack also allows you to deploy Novell ZENworks Configuration Management, Novell ZENworks Asset Management and Novell ZENworks Patch Management as a virtual appliance. The Novell ZENworks virtual appliance is essentially a pre-canned VMware virtual machine that includes pre-installed and pre-configured ZENworks Configuration Management, Sybase and ZENworks Reporting Server products, as well as a scaled-down SUSE Linux Enterprise Server 10 SP2 server that includes only those components required by ZENworks.
The basics of deploying the virtual appliance involve the following:
- Import the Novell ZENworks appliance image into your VMware infrastructure using the VMware VSphere Client application. (Note: The Novell ZENworks appliance image is stored in an open virtualization archive (.ova) format.)
- Power on the virtual machine containing the imported Novell ZENworks appliance image.
- When the configuration wizard launches, respond to the prompts to customize your instance of SUSE® Linux Enterprise Server, such as specifying the language, time zone, root password, IP address, etc.
- Likewise, provide the necessary information when the configuration wizard asks you to customize your Novell ZENworks Configuration Management appliance with an IP address and the typical ZENworks zone configuration values.
- Click Done and it’s ready to use.
Once it’s up and running, the Novell ZENworks virtual appliance can achieve near-native performance running as a virtual machine. This is largely due to the fact that it uses a streamlined version of SUSE Linux Enterprise Server. Another benefit of being scaled down is that it simplifies management. Essentially, the appliance is self-managed, with patches to the appliance environment all handled through system updates. Also, if you want to add one or more additional primary servers into the appliance’s new ZENworks management zone, you can easily create another instance of the appliance, bring it up and tell it to join the zone.
In addition to being easy to deploy and manage, the Novell ZENworks virtual appliance can reduce your Windows CAL fees—just as regular ZENworks servers running on native Linux machines do.
In an effort to make it easier, faster and less expensive to deploy Novell ZENworks Configuration Management servers, this support pack allows you to deploy ZENworks Configuration Management, ZENworks Asset Management and ZENworks Patch Management as a virtual appliance.
As you take advantage of Novell ZENworks 10 Configuration Management SP3, you’ll find a number of other items on its feature list. One of these is user-based license tracking with Novell ZENworks Asset Management. This feature makes it easier for you to track license compliance based on the number of user licenses actually being used rather than on a per-device basis. Another enhancement is the ability for Novell ZENworks Asset Management and Novell ZENworks Desktop Management 7 agents to coexist on the same machine. This gives you the flexibility to migrate to the latest version of Novell ZENworks Asset Management while letting you continue to use ZENworks Desktop Management until you complete your migration to Novell ZENworks 10 Configuration Management.
No matter how you look at it—whether it’s the branch office improvements, authentication enhancements, the drop-and-go ease of the ZENworks virtual appliance or any of its other features—Novell ZENworks 10 Configuration Management SP3 is all about making your IT life easier.