Novell ZENworks 11: A First Look
Written by Sam Tessier, Product Manager, Novell
In some respects it's hard to believe that the release, of Novell ZENworks 10 Configuration Management was more than three years ago. With that release of ZENworks, Novell introduced an entirely new modular underlying architecture—one that was cross-platform, Web services based and directory agnostic.
Now we're writing the next chapter of this product's long history—Novell ZENworks Configuration Management 11. This release is packed with many new features and functions that broaden the platforms you manage and greatly extend how you can secure and manage those devices throughout their lifecycle.
Integrated Endpoint Security Management
In 2007, Novell acquired Senforce and gained endpoint security capabilities that differed greatly from the traditional device lifecycle management policies in ZENworks. Novell ZENworks Endpoint Security Management was made available as a standalone, non-integrated product. That has changed now with Novell ZENworks 11. Featuring fully integrated endpoint security management capabilities, ZENworks 11 represents the convergence of device lifecycle and endpoint security management from a single management console.
As with other ZENworks functions, communications to and from the ZENworks infrastructure happen via the Adaptive Agent on standard HTTP(s) protocols, and all features are managed via the ZENworks Control Center. Client self defense features prevent users from tampering with the security enforcement components of the ZENworks agent. Enforcement continues to be at the driver level for both network and storage security functions.
- Feature-specific policies—Granularly define security settings for the device, then combine them to implement a holistic policy.
- Policy groups—Combine security and configuration policies and make a single assignment for enforcement.
- User/device-assigned and global/location-specific policies—Merge policies to ensure the right set is applied for the combination of location, device and user. Merging is unique to endpoint security policies and does not apply to non-endpoint security policies.
- USB device management policies—Control what devices or types of devices users are allowed to access (if any). (See Figure 1.) and (See Figure 2.)
- Storage management features—Control access to storage devices and AutoPlay execution.
- Wi-Fi management—Limit access to protected networks and to specific wireless access points.
- Layer 2 firewall—Control all incoming and outgoing traffic on the managed device.
- VPN enforcement policies—Require the use of VPN in specified locations.
- Application control policies—Restrict application execution or Internet use by application.
- Data encryption policies—Configure the encryption of removable devices and folders or sub-folders on fixed disks.
Integrated Linux Device Management
Novell ZENworks has been managing both SUSE Linux Enterprise and Red Hat Enterprise Linux environments for several years via Novell ZENworks Linux Management. With the release of ZENworks 11, these Linux management capabilities have been extended to Novell ZENworks Configuration Management 11. This integration qualifies ZENworks 11 as a truly unified tool for Windows and Linux device management.
The Linux agent is Java based, and has multiple deployment options. Discovery and deployment functions are now extended to Linux devices via SSH, and allow for remote deployment of the ZENworks Adaptive Agent. The agent can also be “pulled” down via YaST, YUM or a single-file download. (See Figure 3.)
- Inventory—Conduct full hardware and package inventories and track change histories. Inventory integrates with Novell ZENworks Asset Management so you can map purchase records to installed packages.
- Linux OS deployment—Deploy Linux OSes on SUSE Linux Enterprise and Red Hat Enterprise Linux based distributions via integration with AutoYaST and KickStart. Continued support for Dell PowerEdge server bare-metal provisioning via Dell Tookit integration. Full support for ZENworks system variables within AutoYaST/Kickstart scripts, and improved Linux imaging capabilities for imaging EXT3 and ReiserFS partitions, even within LVM.
- Package and repository management—Graphically configure and schedule subscriptions to external package repositories such as YUM, Novell Updates, RedHat Network and Novell ZENworks Linux Management.
- Flexible Linux bundles—Deploy packages and files while performing required configuration tasks.
- External Service Policy—Centrally configure external repositories to specify which managed devices should have access.
- Bundles and bundle groups—Export to YUM format for easy consumption by unmanaged Linux devices on your network.
- Novell ZENworks Application Windows for Linux—Bring the power of Novell Application Launcher to the Linux desktop.
- Remote management—Get remote management for Linux devices via the ZENworks Control Center through integrated VNC and SSH clients.
- Puppet policies—Leverage the configuration management capabilities of the puppet project to configure your devices. There are currently hundreds of puppet recipes available on the Web.
Novell ZENworks 11 introduces numerous enhancements to the underlying core of the product. One such enhancement is a 64-bit JVM on 64-bit hardware and OS, allowing you to fully leverage the horsepower in today’s hardware.
In addition, new location awareness capabilities greatly extend your ability to assign policies and bundles based on 'where' a user or device is located. Location awareness adds a new dimension to the identity-driven nature of ZENworks and is available for both Windows and Linux device management. You can define "locations" that consist of various elements of data including networking hardware and addressing information. Locations can be used a) as system requirements for policies and bundles, b) to determine closest servers and c) as the basis for bandwidth throttling.
Other enhancements include:
- The Sandbox—A bundle and policy change management feature that helps ensure changes are only deployed to your production network when you publish them. (See Figure 4.)
- The ZENworks Control Center—Assign administrative authority to existing Novell eDirectory and MS Active Directory groups.
- Action level system requirements—Get more flexibility when it comes to building bundles for software delivery.
- Manual device creation and reconciliation—Pre-create devices and then have them reconciled based on serial number, MAC address and/or host name.
PC Power Management and Reporting
There are two actionable elements in power management—enacting changes across your environment and viewing the compliance of your devices with respect to your policies.
Managing the power settings on a device with previous versions of Novell ZENworks was possible with bundles that ran scripts or modified the registry. This has been made much simpler via a new power management policy. (See Figure 5.) As with other ZENworks policies, you can define over-arching power management policies that apply to everyone, and then assign separate policies for specific users/groups or types of devices. You can be even more granular with your policies by leveraging location awareness and having the power profile of a device be dependent upon its physical location. New reports in ZENworks 11 even allow you to view compliance with your power management policies.
Additionally, Intel vPro integration allows you to remotely perform power-on actions to supported devices on a scheduled basis, or even enhance other activities such as software distribution, patching and remote control.
Enhanced Patch Management
The patch management functions have been improved in ZENworks Patch Management 11 as well. Novell ZENworks Patch Management 11 provides cross-platform patch management for Windows, SUSE Linux Enterprise and Red Hat Enterprise Linux devices.
Most notably, you can now promote existing Novell ZENworks Configuration Management bundles to patches. This allows the discover applicable update (DAU) process to help you quickly identify the devices on your network that need a specific bundle and then target those devices. It allows you to track these bundles/devices via patch management reporting as well.
Also, new e-mail notification features make it easier than ever to determine when new patches are available for your environment.
Enhanced Reporting Services
The ZENworks Reporting Server is an optional component of Novell ZENworks and is based on the latest version of the BusinessObjects Enterprise engine. Leveraging this capability is as simple as installing the ZENworks Reporting Server on a primary server in an existing ZENworks zone. These reporting services allow you to execute canned reports and build new reports quickly and easily via a Web-based interface linked to the ZENworks Control Center.
Novell ZENworks Reporting Server has several key features, it allows you to:
- Leverage the expanded reporting universe, which includes endpoint security policies.
- Build custom reports (or leverage several new preconfigured reports) for information about any endpoint security management policy.
- Build custom power reports related to the “green” capabilities and power policies of your machines.
- Take advantage of new preconfigured reports for power policy and capability compliance reporting.
- Build custom reports for Linux repository subscriptions and leverage new preconfigured reports for subscription status using the new reporting universe objects for subscriptions.
Managed device support covers Windows XP, Windows Vista, Windows 7, Windows Embedded Standard 2009, WEPOS 2009, Windows 2003 Server—Standard and Enterprise, Windows 2008 Server—Standard and Enterprise, Windows 2008 R2 Standard and Enterprise, SUSE Linux Enterprise Desktop and SUSE Linux Enterprise Server (versions 10 and 11), and Red Hat Enterprise Linux 4.6+ and 5.3+ as managed devices.
The ZENworks Primary Server can be hosted on Windows 2003 Server, Windows 2008 Server, Windows 2008 R2 Server, SUSE Linux Enterprise Server 10 or 11, and Red Hat Enterprise Linux Server 5.5.
On the Horizon
Novell ZENworks 11 takes us into 2011 with new features that enhance how we provision, manage and secure our endpoints—but that's not all 2011 will offer. For the first half of the year, we are working on a support pack for ZENworks 11 that significantly increases platform support and security functions. And in late 2011, look for a ZENworks release that greatly enhances how ZENworks manages your endpoints across physical,virtual and cloud environments.
- 01. Novell ZENworks 11 +
- 02. What's New in ZENworks 11 White Paper +
- 03. Streamline Your Windows 7 Migration with Novell ZENworks 11 White Paper +
- 04. ZENworks 11 Demo +
- 05. "Relax: It's Only Windows 7" Virtual Event +