Typically when you want to remote control a device that is in private network or on the other side of a firewall or router that is behind NAT (Network Address Translation), you need to install a remote management proxy server on the same NAT environment that the device is in. This requires an interface machine. This is difficult in a situation when a managed device is moved out of the zone to home. Because each individual home is a NAT environment and you cannot have a single remote management proxy for devices across different NAT environments.
However the Join Proxy satellite server allows multiple Windows devices that are in a private network on the other side of a firewall or router that is behind NAT (Network Address Translation) to connect to it for remote management operations.
Join Proxy is a proxy that joins two connections together. The first connection being the one that the managed device maintains with the proxy server while the second one is the connection that comes from the viewer machine of the administrator.
In ZENworks, Join Proxy is a role that is typically assigned to the Primary Servers while you can also assign this role to Satellites.
You can add Join Proxy role to a ZENworks 11SP3 Windows or Linux managed device to make it a Join Proxy server for performing remote management operations on Windows managed devices that are in a private network.
As part of configuration, you need to perform the following:
In ZENworks Control Center, first select a device for which you want to assign the Join Proxy role. You can choose either a Primary Server or a Satellite as the Join Proxy. If you select a Primary Server, there is no need to further configure the server. If you plan to use a Satellite, then you need to assign the Join Proxy role to the Satellite server using the following steps
In ZENworks Control Center click> or .
In the Servers or Workstations panel, select the check box for the Satellite that you want to configure.
In the Configure Satellite Server dialog box, select the check box next to, then click .
In the Join Proxy Role Settings dialog box, specify theon which the Join Proxy listens for connection. The default port number is 7019.
NOTE:This is required only if the Join Proxy is running a firewall or is behind a network firewall.
Specify the maximum number of devices to be allowed to connect to the Join Proxy. The default value is 100, but you can change it to any value up to 100.
Specify the frequency interval at which the Join Proxy should check if the devices are still connected to it or not. The default value is one minute.
If you specify a lower value in this field, status updates are quicker in the database. However, this might result in higher traffic on the network, depending upon the number of devices connected to the Join Proxy.
NOTE:Based on the frequency specified here, Join Proxy will send packets to all the managed devices connected to it to detect the connection status and update it in the database. This enables remote operators to connect to managed devices through Join Proxy for performing remote sessions on Windows managed devices that are in a private network.
Clickto return to the Configure Satellite Server dialog box.
For details on Satellite Roles, seeZENworks 11 SP3 Primary Server and Satellite Reference.
After assigning the Join Proxy role to the device, you need to create a location by providing a location name and then associate the desired network environments with the location. For details, seeZENworks 11 SP3 Location Awareness Reference.
After creating the location, You also need to configure the Join Proxy Closest Server rules for the location and network environment so that the managed device connects to the closest Join Proxy servers defined for them in the location. You need to modify the list of the closest servers for the location or locations in which you want to use a Join Proxy. Typically at least the unknown location is configured to use a Join Proxy.
In ZENworks Control Center, click the created location and click thetab
Clickin the Join Proxy Servers list.
In the Select Join Proxy Servers dialog, click eitheror to select a device or a server.
You can choose either a Primary Server or a Satellite as the Join Proxy. If you select a Primary Server, there is no need to further configure the server. For more details, see
Click. The selected servers get listed under Join Proxy servers.
Clickor as necessary to change its order in the list.
You need to refresh the managed device after associating the Join Proxy to the locations, so that the device reads the new closest servers list. You will be able to see the Join Proxy server(s) in the ZENworks Agent status page, if the managed device is already in a location which has a Join Proxy configured.
Once you have enabled Join Proxy and configured the agent to use the Join Proxy in specific locations, you can start remotely managing the devices through the Join Proxy.
In ZENworks Control Center, select the device that you want to remote control.
Click thelink to get to the Join Proxy related fields. These are populated by default.
NOTE:If the managed device you are trying to remotely control is already connected to the Join Proxy, then theoption is selected by default and the values for the and options are populated.
Alternatively, if you are trying to launch remote operation without selecting a device and have manually entered an IP address /DNS name, then you need to enter the address and port of the Join Proxy.
Clickto initiate the remote session.
During the connection negotiation, initial connection is made with the Join Proxy. Thus by deploying the Join Proxy satellite or Primary Server in the demilitarized zone (DMZ), you can now remotely manage Windows devices regardless of whether they are behind one or more NATs.
Novell, Inc. makes no representations or warranties with respect to the contents or use of this documentation, and specifically disclaims any express or implied warranties of merchantability or fitness for any particular purpose. Further, Novell, Inc. reserves the right to revise this publication and to make changes to its content, at any time, without obligation to notify any person or entity of such revisions or changes.
Further, Novell, Inc. makes no representations or warranties with respect to any software, and specifically disclaims any express or implied warranties of merchantability or fitness for any particular purpose. Further, Novell, Inc. reserves the right to make changes to any and all parts of Novell software, at any time, without any obligation to notify any person or entity of such changes.
Any products or technical information provided under this Agreement may be subject to U.S. export controls and the trade laws of other countries. You agree to comply with all export control regulations and to obtain any required licenses or classification to export, re-export, or import deliverables. You agree not to export or re-export to entities on the current U.S. export exclusion lists or to any embargoed or terrorist countries as specified in the U.S. export laws. You agree to not use deliverables for prohibited nuclear, missile, or chemical biological weaponry end uses. Please refer to the Novell International Trade Services Web page for more information on exporting Novell software. Novell assumes no responsibility for your failure to obtain any necessary export approvals.
Copyright © 2014 Novell, Inc. All rights reserved. No part of this publication may be reproduced, photocopied, stored on a retrieval system, or transmitted without the express written consent of the publisher.
For Novell trademarks, see the Novell Trademark and Service Mark list.
All third-party trademarks are the property of their respective owners.