2.11 Configuring a Remote Management Proxy

When you install a Remote Management Proxy on a device, certain settings are configured on the device, by default. You can choose to edit the settings.

2.11.1 Remote Management Proxy Settings on a Windows Device

On a Windows device, the registry settings for the Remote Management proxy are available at HKLM\SOFTWARE\Novell\ZCM\Remote Management\Proxy.

ClientPort: Specifies the port number that the proxy uses to listen for any remote session requests from the Remote Management Viewer. The default value is 5750.

SessionEncryption: Specifies whether the initial flow of data between the proxy and the Remote Management Viewer is encrypted. The default value is True. The setting is not applicable after the proxy establishes a connection with the managed device. The session encryption is then governed by the Remote Management policy and the preferences of remote operator. You should leave this setting as True because setting it to False allows unauthenticated external processes other than the Remote Management Viewer to make connections to devices inside the private network.

SSLClientAuthentication: Specifies whether the proxy should accept connection requests from a viewer that does not have a valid certificate. The possible values are True and False. The default value is True.

2.11.2 Remote Management Proxy Settings on a Linux Primary Server or Satellite Server

On a Linux Primary Server or Satellite Server, the settings for the Remote Management proxy are available in the /etc/opt/novell/zenworks/repeater/nzrepeater.ini file. Some of the settings are:

viewerport: Specifies the port number that the Remote Management proxy uses to listen for any remote session requests from the Remote Management Viewer. The default value is 5750.

runasuser: Specifies the user that the proxy should impersonate. The Remote Management Proxy requires only user privileges to perform remote operations. The default value is zenworks. However, you can specify a different user.

strictimpersonation: Specifies if the remote session should continue as root when the user specified as the runasuser does not exist. The possible values are true or false. The default value is false, which indicates that the remote session continues as root when the user specified as the runasuser does not exist.

sslauth: Specifies whether SSL authentication is enabled or disabled. The possible values are 0 or 1. The default value is 1, which indicates that SSL authentication is enabled.

WARNING:Disabling SSL authentication is not recommended because it allows the external processes to access the network devices without any authentication.

verifyViewerCert: Specifies if the Remote Management Viewer certificates needs to be verified. This setting is applicable only when SSL authentication is enabled. The possible values are 0 or 1. The default value is 1, which indicates that the Remote Management Viewer certificates must be verified When a session is initiated from a stand-alone viewer, the remote operator might not have the required certificates that are chained to the root Certificate Authority. If this is a case, the proxy fails to connect to the server.

loggingenabled: Specifies whether the messages should be logged on the device. The possible values are true or false. The default value is true.

For information on other registry settings, see the /etc/opt/novell/zenworks/repeater/nzrepeater.ini file.