1.2 System Architecture

The ZENworks system architecture consists of components such as Primary Servers, Satellite Servers, and managed devices. These components are organized into management domains, referred to as Management Zones.

Figure 1-1 Management Zone

1.2.1 Primary Server

The Primary Server is the focal point of the ZENworks system. Depending on the number and location of the devices that you want to manage with ZENworks, you might need additional Primary Servers. The ZENworks services are added to each Primary Server (physical or virtual) during installation and configuration of the ZENworks software.

You can also set up the Primary Server by deploying ZENworks Appliance to the supported virtual infrastructure. ZENworks Appliance is built on the customized SUSE Linux Enterprise Server 10 SP2 (SLES 10 SP2) and is preinstalled with the ZENworks Server and ZENworks Reporting Server.

The Primary Server contains the following ZENworks components:

  • ZENworks services: The ZENworks software that provides software management, policy enforcement, inventory collection, imaging, and so forth. The main services are ZENworks Server Service, ZENworks Loader, ZENworks Imaging Service, and ZENworks Management Service.

  • Content repository: Contains the software, policies, and configuration metadata (stored in the database). The policies and software are available for delivery to managed devices within the system. The content is compressed and encrypted. By default, content is automatically replicated among all Primary Servers in the Management Zone, based on a schedule that you control. However, you can configure this to exclude certain servers.

  • ZENworks Configuration Management database: Contains information about the software bundles for delivery, the hardware and software inventory lists collected from devices, information about the ZENworks Control Center objects (devices, users, bundles, policies, and so on), centralized system messages, license tracking, usage data and other transactional data, and the actions scheduled to take place within the system.

    You can install the embedded Sybase SQL Anywhere database that is included with Configuration Management, or you can use an external Sybase SQL database, Oracle 10g Standard, or a Microsoft SQL database. For detailed information about the supported database versions, see Database Requirements in the ZENworks 10 Configuration Management Installation Guide.

    If you use the embedded database, it must reside on one Primary Server per Management Zone. Optionally, you can install an external database on a server that is not a Primary Server. By default, all Primary Servers require access to the ZENworks database, wherever it resides, to write their data.

    You can also specify that certain servers roll up their information to other servers.

    If you want to use a Microsoft SQL database, you might want to consider locating a Microsoft SQL database in a Microsoft server cluster for accessibility and reliability purposes.

1.2.2 Satellite

A Satellite is a managed device that can perform certain roles that a ZENworks Primary Server normally performs. A Satellite can be any managed Windows device (server or workstation) or an unmanaged Linux device (server or workstation). When you configure a Satellite, you specify which roles it performs (Imaging, Collection, or Content).

A Satellite can perform the following roles:

  • Imaging: Installs the Imaging services and adds the Imaging role to the device. With this role, the device can be used as an Imaging server to perform all the Imaging operations, such as taking an image and applying an image within as well as across subnets by using unicast or multicast imaging.

  • Collection: If you want to improve information roll-up access for a group of devices to minimize traffic to the ZENworks Primary Server that is hosting the ZENworks database, you can enable the Collection role on a device. For example, if you have devices that are rolling up information to a Primary Server outside of their network segment, you can minimize network traffic by enabling the Collection role on a device within the network segment to accept the information from the other devices in that segment. That Collection role device is then the only device from that segment that is rolling up information to the Primary Server.

  • Content: If you want to improve content access for a group of devices without creating another Primary Server, you can create the Content role on a device. For example, if you have devices that are accessing a Primary Server outside of their network segment, you can create the Content role on a device within the network segment to service those devices.

  • Authentication: If you want to speed up the authentication process of the devices with the ZENworks Management Zone, you can enable the Authentication role on a device. Satellite devices with the Authentication role can now speed the authentication process by spreading the workload among various devices and by performing authentication locally to managed devices.You can have multiple Satellite devices with the Authentication role. In addition, each Satellite with the Authentication role can have multiple user sources configured and each Satellite can have multiple connections to each user source to provide failover.

For more information, see Satellites in the ZENworks 10 Configuration Management System Administration Reference.

1.2.3 Managed Device

A managed device is a Windows server or workstation that you can use ZENworks to manage. The ZENworks Adaptive Agent must be installed on each device in order for it to be managed. The Adaptive Agent communicates with a Primary Server to enable delivery of software, enforcement of configuration policies, inventorying of hardware and software, and remote management of the device.

Each managed device attempts to contact its initial Primary Server. However, if content is unavailable on that Primary Server, the managed device requests it from another Primary Server or a Satellite Server with the Content role configured in the Management Zone, and continues until it finds a server that can provide the content.

A managed device can be registered in only one Management Zone and is therefore managed only in that zone.

1.2.4 Inventoried-Only Device

You might have devices where the Adaptive Agent cannot be installed, or devices where you do not want to install the Adaptive Agent. To inventory these devices, you can either install the Inventory-Only agent or run the Portable Collector.

For more information, see the ZENworks 10 Configuration Management Discovery, Deployment, and Retirement Reference.

1.2.5 Management Zone

A Management Zone consists of one or more Primary Servers and one or more managed devices. The Primary Servers in the zone work together to manage the devices. The zone’s information is stored in a database that resides on one of the Primary Servers or externally on another server that does not have ZENworks installed on it. The zone might also contain Satellites.