1.5 Understanding Remote Management Join Proxy

Join Proxy is a Primary Server or a Satellite with the Join Proxy role that acts as a proxy by accepting and maintaining connections from Windows managed devices that are in a private network.

Figure 1-2 Remote Management Join Proxy - Satellite Server with Join Proxy role

Join Proxy satellite server allows multiple Windows devices that are in a private network on the other side of a firewall or router that is behind NAT (Network Address Translation) to connect to it for remote management operations. For details, see Join Proxy Rolein ZENworks Primary Server and Satellite Reference.

Join Proxy when used for remote management operations joins two connections together. The first connection being the one that the managed device maintains with the proxy server while the second one is the connection that comes from the viewer machine of the administrator.

The following information is good to know when remote managing a device using Join Proxy:

It is recommended to expose the LDAP source in a demilitarized zone (DMZ) to access identity information. If you do not want to expose the LDAP source, you can use the SKIP_RM_RIGHTS_CHECK system variable.

Add the SKIP_RM_RIGHTS_CHECK (with value as true) and initiate the remote management connection from ZCC, the application skips verifying rights on the device and the current logged in user on the device when using rights-based authentication. For more information, see Adding System Variables in ZENworks Control Center Reference.

It is safe and secure to use the SKIP_RM_RIGHTS_CHECK system variable as rights validation happens when the remote management connection is initiated from ZCC and only the subsequent validation is skipped when rights ticket is verified by managed device.

Functionality Limitations

When using the SKIP_RM_RIGHTS_CHECK system variable, the remote control of a device might fail for non-super administrators as the SKIP_RM_RIGHTS_CHECK system variable has the following functionality limitations: