Configuring iChain 2.3 to Accelerate the Novell Application Launcher
Novell Cool Solutions: Feature
By David Wilkinson
Digg This -
Posted: 3 May 2006
Note: You should not have the Novell Client installed on the workstation. You should only have the ZENworks Desktop Management software installed. If the Novell Client is installed, you will not be able to access the applications in the application browser from the Internet.
In this Document you will see the following IP addresses and host names:
220.127.116.11 - CPL-LAB-DSW.novell.com - ZENworks and LDAP Server.
18.104.22.168 - Zenportal.novell.com - The Accelerator IP and DNS name.
Step 1: Create the LDAP Authentication Profile
a. Create a new LDAP authentication profile.
b. Set this authentication profile to use a NetIdentity Realm, the REALM name that is assigned is the Tree Name of the ZENworks server (if it hasn't been changed).
Figure 1 - LDAP authentication profile
Step 2: Create an iChain Certificate
a. Create a new certificate signing request (CSR) to be used with the accelerator. This certificate can allow a wildcard subject name, such as: ?*.novell.com?.
b. Set the RSA key size to 1024 (or 2048).
c. Use the Certificate Authority of the Zen server Tree to issue the Certificate. (This can be done with ConsoleOne (tools -> issue -> certificate).
d. Store the issued certificate and the Trusted Root Certificate of the Zen tree into a B64 encoded files.
e. Use the iChain admin GUI again to import the trusted root and the issued public key certificate.
The goal here is to have the Certificate assigned to the iChain accelerator and the Zen server to be issued by the same CA. For example:
Figure 2 - Assigning the certificate to the iChain Accelerator
Step 3: Configure the Accelerator
a. Set the name to "portal".
b. Set the DNS name to "zenportal.novell.com".
c. For the Cookie domain, use "novell.com".
d. For the Alternate host name, use the DNS name configured in the MyApps.html page.
e. Check "Return error if host name sent by browser does not match above DNS name".
f. Check "Enable Authentication". This should be configured with an LDAP Service Profile.
g. Check "Enable Secure Exchange". This encrypts data sent from the client to the iChain box.
h. Check "Allow pages to be cached at the browser". This needs to be enabled otherwise the browser will not be able to download the plugins to access the MyApps.html.
i. Click OK to continue.
Figure 3 - Accelerator configuration
Step 4: Add the LDAP authentication Profile
On the LDAP authentication profile page you should have all the basic settings as the server, port, username, password and LDAP context. But make sure you do not have "Allow authentication through HTTP authorization header" checked.
Click OK to continue.
Figure 4 - Adding the authentication profiles
Step 5: Set the Secure Exchange Options
The Secure Exchange options are illustrated below.
Figure 5 - Secure Exchange options
Click OK to continue.
Step 6: Set the Protected Resource Properties
In ConsoleOne, go to the properties of the iChain ISO object and set it up to look like the following:
Figure 6 - Protected Resource properties
Step 7: Import the Certificate
Export the certificate that was created on the iChain box and import it onto the LDAP server as a NDSPKI:Key Material object.
This certificate also need to be imported onto the workstation that will be accessing the application on the ZENworks server through iChain. This is done with the Microsoft Management Console.
a. Click Start > Run.
b. Enter "mmc.exe".
c. Select File > Add / Remove Snap-in.
d. Click Add, then Select Certificates.
e. Click Add, then Select Computer Account.
f. Click Local Computer.
g. Click Finish and then Close.
h. Click OK to close the Add / Remove Snap-in window.
i. Go to the Certificates folder as displayed in the screen shot above by expanding Console Root > Certificates > Trusted Root Certificates Authorities > Certificates.
j. Right-click the Certificates folder.
k. Right-click All Tasks > Import
l. Import your Certificate
m. Click Next on all the screens until the Wizard is finished importing.
Figure 7 - ConsoleOne certificate
Step 8: Log in to the Workstation
Once the Desktop Management software is installed you will have a ZENworks Desktop Management login box on the workstation.
a. Click Option. You will see that you can fill in a middle tier server. This is the accelerator DNS name.
b. Log in with a valid user name.
Figure 8 - Workstation login
Novell Cool Solutions (corporate web communities) are produced by WebWise Solutions. www.webwiseone.com