Novell ZENworks 11: A First Look
Written by Sam Tessier, Product Manager, Novell
In some respects it's hard to believe that the release, of Novell ZENworks 10 Configuration Management was more than three years ago. With that release of ZENworks, Novell introduced an entirely new modular underlying architecture—one that was cross-platform, Web services based and directory agnostic.
Now we're writing the next chapter of this product's long history—Novell ZENworks Configuration Management 11. This release is packed with many new features and functions that broaden the platforms you manage and greatly extend how you can secure and manage those devices throughout their lifecycle.
Integrated Endpoint Security Management
In 2007, Novell acquired Senforce and gained endpoint security capabilities that differed greatly from the traditional device lifecycle management policies in ZENworks. Novell ZENworks Endpoint Security Management was made available as a standalone, non-integrated product. That has changed now with Novell ZENworks 11. Featuring fully integrated endpoint security management capabilities, ZENworks 11 represents the convergence of device lifecycle and endpoint security management from a single management console.
As with other ZENworks functions, communications to and from the ZENworks infrastructure happen via the Adaptive Agent on standard HTTP(s) protocols, and all features are managed via the ZENworks Control Center. Client self defense features prevent users from tampering with the security enforcement components of the ZENworks agent. Enforcement continues to be at the driver level for both network and storage security functions.
- Feature-specific policies—Granularly define security settings for the device, then combine them to implement a holistic policy.
- Policy groups—Combine security and configuration policies and make a single assignment for enforcement.
- User/device-assigned and global/location-specific policies—Merge policies to ensure the right set is applied for the combination of location, device and user. Merging is unique to endpoint security policies and does not apply to non-endpoint security policies.
- USB device management policies—Control what devices or types of devices users are allowed to access (if any). (See Figure 1.) and (See Figure 2.)
- Storage management features—Control access to storage devices and AutoPlay execution.
- Wi-Fi management—Limit access to protected networks and to specific wireless access points.
- Layer 2 firewall—Control all incoming and outgoing traffic on the managed device.
- VPN enforcement policies—Require the use of VPN in specified locations.
- Application control policies—Restrict application execution or Internet use by application.
- Data encryption policies—Configure the encryption of removable devices and folders or sub-folders on fixed disks.
Integrated Linux Device Management
Novell ZENworks has been managing both SUSE Linux Enterprise and Red Hat Enterprise Linux environments for several years via Novell ZENworks Linux Management. With the release of ZENworks 11, these Linux management capabilities have been extended to Novell ZENworks Configuration Management 11. This integration qualifies ZENworks 11 as a truly unified tool for Windows and Linux device management.
The Linux agent is Java based, and has multiple deployment options. Discovery and deployment functions are now extended to Linux devices via SSH, and allow for remote deployment of the ZENworks Adaptive Agent. The agent can also be “pulled” down via YaST, YUM or a single-file download. (See Figure 3.)
- Inventory—Conduct full hardware and package inventories and track change histories. Inventory integrates with Novell ZENworks Asset Management so you can map purchase records to installed packages.
- Linux OS deployment—Deploy Linux OSes on SUSE Linux Enterprise and Red Hat Enterprise Linux based distributions via integration with AutoYaST and KickStart. Continued support for Dell PowerEdge server bare-metal provisioning via Dell Tookit integration. Full support for ZENworks system variables within AutoYaST/Kickstart scripts, and improved Linux imaging capabilities for imaging EXT3 and ReiserFS partitions, even within LVM.
- Package and repository management—Graphically configure and schedule subscriptions to external package repositories such as YUM, Novell Updates, RedHat Network and Novell ZENworks Linux Management.
- Flexible Linux bundles—Deploy packages and files while performing required configuration tasks.
- External Service Policy—Centrally configure external repositories to specify which managed devices should have access.
- Bundles and bundle groups—Export to YUM format for easy consumption by unmanaged Linux devices on your network.
- Novell ZENworks Application Windows for Linux—Bring the power of Novell Application Launcher to the Linux desktop.
- Remote management—Get remote management for Linux devices via the ZENworks Control Center through integrated VNC and SSH clients.
- Puppet policies—Leverage the configuration management capabilities of the puppet project to configure your devices. There are currently hundreds of puppet recipes available on the Web.
- 01. Novell ZENworks 11 +
- 02. What's New in ZENworks 11 White Paper +
- 03. Streamline Your Windows 7 Migration with Novell ZENworks 11 White Paper +
- 04. ZENworks 11 Demo +
- 05. "Relax: It's Only Windows 7" Virtual Event +