12.3 Creating and Managing Locations

Security requirements for a device can differ from location to location. You might, for example, have different personal firewall restrictions for a device located in an airport terminal than for a device located in an office inside your corporate firewall.

To make sure that a device’s security requirements are appropriate for whatever location it is in, Endpoint Security Management supports both global policies and location-based polices. A global policy is applied regardless of the device’s location. A location-based policy is applied only when the device’s current location meets the criteria for a location associated with the policy. For example, if you create a location-based policy for your corporate office and assign it to a laptop, that policy is applied only when the laptop’s location is the corporate office.

If you want to use location-based policies, you must first define the locations that make sense for your organization. A location is a place, or type of place, for which you have specific security requirements. For example, you might have different security requirements for when a device is used in the office, at home, or in an airport.

Locations are defined by network environments. Assume that you have an office in New York and an office in Tokyo. Both offices have the same security requirements. Therefore, you create an Office location and associate it with two network environments: New York Office Network and Tokyo Office Network. Each of these environments is explicitly defined by a set of gateway, DNS server, and wireless access point services. Whenever the Endpoint Security Agent determines that its current environment matches the New York Office Network or Tokyo Office Network, it sets its location to Office and applies the security policies associated with the Office location.

Unknown is the default location that is automatically created after you install ZENworks 11. If ZENworks Adaptive Agent is unable to find a location that matches its current environment, the managed device is associated with the Unknown location. You cannot delete or rename the Unknown location.

The following sections explain how to create locations:

12.3.1 Creating Locations

When you create a location, you provide a location name and then associate the desired network environments with the location.

  1. In ZENworks Control Center, click Configuration > Locations.

  2. In the Locations panel, click New to launch the Create New Location Wizard.

  3. On the Define Details page, specify a name for the location, then click Next.

    As you complete the wizard, if you need more information about any fields or options, click the Help button located in the upper-right corner of ZENworks Control Center.

  4. On the Assign Network Environments page:

    1. Select Assign existing network Environments to the Location.

    2. Click Add, select the network environments you want to define the location, then click OK to add them to the list.

    3. Click Next when you are finished adding network environments.

  5. On the summary page, click Finish to create the location and add it to the Locations list.

When you add a new location, the Unknown location is listed last, and its order cannot be changed.

For more information on how the location and the network environment are selected on a managed device, see Section 12.3.3, Location and Network Environment Selection on a Managed Device

The following information is displayed for each location you add to the list:

  • Name: The name assigned to the location.

  • Reference Count: The number of ZENworks objects that are associated to a location.

12.3.2 Managing Locations

The following table lists the tasks you can perform to manage locations:

Task

Steps

Additional Details

Edit a location

  1. Click the location name.

  2. Modify the fields as desired.

    If you need help with the options, click the Help button.

  3. Click Apply.

For an Unknown location, you can edit only the throttle rate (in the Details tab) and the Location Closest Servers settings (in the Servers tab).

If you choose to exclude the Closest Server default rule and do not configure Configuration and Authentication servers for a location, then the location is considered as a disconnected location. During the next general refresh of the managed device, the location is displayed as Unknown in the ZENworks icon properties page.

Delete a location

  1. Select the check box in front of the location.

  2. Click Delete.

You cannot delete the Unknown location.

You cannot delete a location that has ZENworks objects associated. To delete a location that has ZENworks objects associated, you must first remove the association and then delete the location.

Rename a location

  1. Select the check box in front of the location.

  2. Click Rename to display the Rename Location dialog box.

  3. Specify the new name in the Name field, then click OK.

The name must conform to the ZENworks object naming conventions. You cannot rename the Unknown location.

IMPORTANT:If the location is referenced by a Location Assignment policy (one of the security policies used with Endpoint Security Management), the Location Assignment policy must be republished before the name change will be reflected on assigned devices. For information about republishing a security policy, see Publishing Policies in the ZENworks 11 SP2 Endpoint Security Policies Reference.

Reorder the locations

  1. Select the check box next to the location you want to move.

    You can select multiple locations to move at one time.

  2. Click Move Up or Move Down to reposition the location.

The order of the list determines which location is used if the Adaptive Agent matches multiple locations.

For more information on how the location and the network environment are selected on a managed device, see Section 12.3.3, Location and Network Environment Selection on a Managed Device

When you add a new location, the Unknown location is listed last, and its order cannot be changed.

View the list of ZENworks Objects associated to a location

  1. Click the number in the Reference Count column.

The Relationships page displays the ZENworks objects such as policies and bundles that are associated to the location. A ZENworks object such as a bundle or policy is associated with a location only if it contains a reference to the location through system requirement or policy configuration.

The list displays the following information:

  • Name of the associated policy or bundle.

  • Type of the policy or bundle.

  • Location of the associated policy or bundle.

12.3.3 Location and Network Environment Selection on a Managed Device

The network environments within L1 are listed in the following order: NE1, NE2, and NE4.

The network environments within L2 are listed in the following order: NE2, NE3, and NE4.

The Adaptive Agent on the managed device detects that NE2, NE3 and NE4 all match on the managed device.