Novell Home

Configuring iChain 2.3 to Accelerate the Novell Application Launcher

Novell Cool Solutions: Feature
By David Wilkinson

Digg This - Slashdot This

Posted: 3 May 2006
 

Note: You should not have the Novell Client installed on the workstation. You should only have the ZENworks Desktop Management software installed. If the Novell Client is installed, you will not be able to access the applications in the application browser from the Internet.

In this Document you will see the following IP addresses and host names:

147.2.76.196 - CPL-LAB-DSW.novell.com - ZENworks and LDAP Server.
147.2.76.236 - Zenportal.novell.com - The Accelerator IP and DNS name.

Step 1: Create the LDAP Authentication Profile

a. Create a new LDAP authentication profile.

b. Set this authentication profile to use a NetIdentity Realm, the REALM name that is assigned is the Tree Name of the ZENworks server (if it hasn't been changed).

Figure 1 - LDAP authentication profile

Step 2: Create an iChain Certificate

a. Create a new certificate signing request (CSR) to be used with the accelerator. This certificate can allow a wildcard subject name, such as: ?*.novell.com?.

b. Set the RSA key size to 1024 (or 2048).

c. Use the Certificate Authority of the Zen server Tree to issue the Certificate. (This can be done with ConsoleOne (tools -> issue -> certificate).

d. Store the issued certificate and the Trusted Root Certificate of the Zen tree into a B64 encoded files.

e. Use the iChain admin GUI again to import the trusted root and the issued public key certificate.

The goal here is to have the Certificate assigned to the iChain accelerator and the Zen server to be issued by the same CA. For example:

Figure 2 - Assigning the certificate to the iChain Accelerator

Step 3: Configure the Accelerator

a. Set the name to "portal".

b. Set the DNS name to "zenportal.novell.com".

c. For the Cookie domain, use "novell.com".

d. For the Alternate host name, use the DNS name configured in the MyApps.html page.

e. Check "Return error if host name sent by browser does not match above DNS name".

f. Check "Enable Authentication". This should be configured with an LDAP Service Profile.

g. Check "Enable Secure Exchange". This encrypts data sent from the client to the iChain box.

h. Check "Allow pages to be cached at the browser". This needs to be enabled otherwise the browser will not be able to download the plugins to access the MyApps.html.

i. Click OK to continue.

Figure 3 - Accelerator configuration

Step 4: Add the LDAP authentication Profile

On the LDAP authentication profile page you should have all the basic settings as the server, port, username, password and LDAP context. But make sure you do not have "Allow authentication through HTTP authorization header" checked.

Click OK to continue.

Figure 4 - Adding the authentication profiles

Step 5: Set the Secure Exchange Options

The Secure Exchange options are illustrated below.

Figure 5 - Secure Exchange options

Click OK to continue.

Step 6: Set the Protected Resource Properties

In ConsoleOne, go to the properties of the iChain ISO object and set it up to look like the following:

Figure 6 - Protected Resource properties

Step 7: Import the Certificate

Export the certificate that was created on the iChain box and import it onto the LDAP server as a NDSPKI:Key Material object.

This certificate also need to be imported onto the workstation that will be accessing the application on the ZENworks server through iChain. This is done with the Microsoft Management Console.

a. Click Start > Run.

b. Enter "mmc.exe".

c. Select File > Add / Remove Snap-in.

d. Click Add, then Select Certificates.

e. Click Add, then Select Computer Account.

f. Click Local Computer.

g. Click Finish and then Close.

h. Click OK to close the Add / Remove Snap-in window.

i. Go to the Certificates folder as displayed in the screen shot above by expanding Console Root > Certificates > Trusted Root Certificates Authorities > Certificates.

j. Right-click the Certificates folder.

k. Right-click All Tasks > Import

l. Import your Certificate

m. Click Next on all the screens until the Wizard is finished importing.

Figure 7 - ConsoleOne certificate

Step 8: Log in to the Workstation

Once the Desktop Management software is installed you will have a ZENworks Desktop Management login box on the workstation.

a. Click Option. You will see that you can fill in a middle tier server. This is the accelerator DNS name.

b. Log in with a valid user name.

Figure 8 - Workstation login


Novell Cool Solutions (corporate web communities) are produced by WebWise Solutions. www.webwiseone.com

© 2014 Novell