3.2 Getting Ready to Use the ZENworks Middle Tier Server
The ZENworks Middle Tier Server can be installed on NetWare 6, NetWare 6.5, Windows 2000 servers, Windows Server 2003, SLES 9.x, SLES 10 (only on ZENworks 7 with SP1), or OES Linux platforms. The following sections provide details on where to find additional information about the prerequisites, installation steps, and configuration for the Middle Tier Server:
3.2.1 Preparing for the Middle Tier Server
It is important that you understand the procedure for preparing to install the Middle Tier Server. We recommend that you review the following documentation:
-
Platform Support for the Desktop Management Infrastructure
inPreparation
in the Novell ZENworks 7 Desktop Management Installation Guide. -
Prerequisites for the Workstation Running the Installation
inPreparation
in the Novell ZENworks 7 Desktop Management Installation Guide. -
ZENworks Middle Tier Server Limitations
inPreparation
in the Novell ZENworks 7 Desktop Management Installation Guide.
This documentation includes information that details the limitations of the ZENworks Middle Tier Server, hardware and software requirements, and other installation prerequisites.
If you plan to install the ZENworks Middle Tier Server on a SLES 9.x server , a SLES 10 server (only on ZENworks 7 with SP1), or OES Linux server, see Preparing a Linux Server for ZENworks Functions
in Preparation
in the Novell ZENworks 7 Desktop Management Installation Guide.
3.2.2 Installing ZENworks Middle Tier Server
The procedure you should use for installing ZENworks Middle Tier Server software on a Windows or NetWare server is detailed in Installing the ZENworks Middle Tier Server
and Installing the Desktop Management Server and the Middle Tier Server on the Same Machine
in Windows-Based Installation
in the Novell ZENworks 7 Desktop Management Installation Guide.
The options you can use for installing ZENworks Middle Tier Server software on a SLES 9.x, SLES 10 (used for ZENworks 7 with SP1 only), or OES Linux server are detailed in Installing ZENworks Desktop Management Services on Linux
in the Novell ZENworks 7 Desktop Management Installation Guide.
3.2.3 Configuring the ZENworks Middle Tier Server with NSAdmin
When the ZENworks Middle Tier Server software is installed, it creates new registry entries on the machine where it is installed. If you want to edit or configure the configuration parameters, you can edit the registry of the NetWare or Windows server where the ZENworks Middle Tier server is installed, or you can use the NSAdmin utility to change the configuration.
IMPORTANT:Use caution when changing NetWare registry settings. Some NetWare registry entries should be changed only under direction from Novell. Changing the entries could adversely affect the Middle Tier Server, NetStorage, ZENworks Desktop Management, and your NetWare server.
You can invoke the interface of the NSAdmin utility by opening Internet Explorer and entering the NSAdmin URL in the Address box. For example:
http://ip_address or dns_name/oneNet/nsadmin
It is necessary for users accessing this utility to have the appropriate rights for access. These rights are normally configured when the Middle Tier Server is installed. For more information, see Required Rights for NSAdmin Access
in the Novell ZENworks 7 Desktop Management Installation Guide.
IMPORTANT:Do not use a browser other than Internet Explorer (for example, Mozilla Firefox) to run the NSAdmin utility. Other browsers cannot run NSAdmin successfully.
It is not necessary to restart Tomcat or Apache or any other service in order for the changes made in NSAdmin to take effect.
If you are running the server on a port number other than port 80, use the following syntax to run the utility:
http://ip_address or dns_name:port/oneNet/nsadmin
If you run the server on a port number other than port 80, make sure that when you install the Desktop Management Agent, you configure the IP address for the Middle Tier Server accordingly.
The NSAdmin Web page displays a list of links in the left column that are used to access the various pages for editing and viewing Middle Tier Server configuration information in the registry. Descriptions and information for each NSAdmin page are described in the following sections.
IMPORTANT:The appearance and functionality of the NSAdmin page varies according to the version of the ZENworks Middle Tier Server you install.
-
ZENworks 7 Middle Tier Server installed on NetWare and Windows servers uses Xtier 2.6.2 (see Authentication Domains (Xtier 2.6.2 installation))
-
ZENworks 7 Middle Tier Server installed on Linux servers uses Xtier 3.1 (see Authentication Domains (Xtier 3.1x Installation))
-
ZENworks 7 Middle Tier Server with SP1 installed on NetWare, Windows, or Linux servers uses Xtier 3.1.4 (see Authentication Domains (Xtier 3.1x Installation))
Please consult the appropriate documentation to understand the differences between these versions of the Middle Tier.
General (Xtier 2.6.2 Installation)
The General page of the NSAdmin utility is the default display.
Figure 3-1 The General Page of the NSAdmin Utility
This page lets you view or edit the following configuration settings:
Proxy Username and Proxy Password: This is the admin username and password that you entered when you installed your Middle Tier Server. If you want the Middle Tier Server to use a different username and password for administrator access, enter it in the fields provided.
If you click the button, the value is set to whatever value appears in the column. If there is no value in the column, the value is set to blank (no value).
Location: This is the registered location you want users to enter as part of the Middle Tier Server URL to access the ZENworks Middle Tier Server. The default is oneNet.
If you change this registry setting on a ZENworks Middle Tier Server installed on NetWare, you must also edit a configuration file for the change to take effect. Edit the sys:\netstorage\xsrv.conf file and change the /oneNet setting in the section (first section) to the same setting you specified in NSAdmin.
Certificate Name: NetIdentity is the default certificate name. It is created automatically during the Middle Tier Server installation. If you purchased a certificate that you want to use or if you just want to use a different certificate, enter the certificate name in this field.
Any certificates used by the Middle Tier Server should reside in the same eDirectory context.
Session Timeout: This is the amount of time in seconds that the session will remain idle before it is terminated. If there is no Middle Tier Server activity for this amount of time, the user is required to log in again to the Middle Tier Server before being allowed file access.
Janitor Interval: This setting should not be changed except under direction from Novell.
Persistent Cookies: The setting can be turned on or off. With the value set to 0, is turned off. is turned on (the default) if there is no value or if the value is set to anything other than 0.
With turned off, the NetStorage or ZENworks Desktop Management session ends when the user closes the current browser or Web folder. Also, if the user has a current instance of ZENworks Desktop Management or NetStorage up in a browser window or Web folder and starts up a new browser instance or Web folder, the user is required to reauthenticate.
Turning off can be beneficial if you have workstations that are shared because as long as the browser instance is closed down, the next user of the workstation cannot accidentally or intentionally obtain access to your network through ZENworks Desktop Management or NetStorage.
Leaving turned on can be beneficial if your workstations are not shared because it prevents users from having to unnecessarily re-authenticate.
If the user selects the option in NetStorage or ZENworks Desktop Management, the session ends regardless of whether is turned on or off.
LDAP Port: Lets you change the LDAP port number if there is a conflict between Active Directory* and eDirectory for LDAP requests.
This conflict exists because the back end server is acting as a domain controller, which has Active Directory installed on it. The conflict is created by both eDirectory and Active Directory attempting to use the same default port (the default port number is 389). Active Directory normally wins the conflict. The Proxy User object type exists in eDirectory but not in Active Directory. Because of this, when the Middle Tier Server tries to bind as a Proxy User, the bind attempt fails. This is also the reason LDAP lookups fail.
General (Xtier 3.1.x Installation)
If you install the ZENworks 7 Middle Tier Server on a SLES 9.x server or on an OES Linux server, or if you install the ZENworks 7 with SP1 Middle Tier Server, the underlying Xtier kernel, version 3.1x (versus the Xtier version 2.6.2 installed with ZENworks 7 for Middle Tier installations on Windows and NetWare) displays a General page that looks like this:
Figure 3-2 The General Page of the NSAdmin Utility When Xtier 3.1x Is Installed
This page lets you view or edit the following configuration settings:
Proxy Username and Proxy Password: This is the admin username and password that you entered when you installed your Middle Tier Server. If you want the Middle Tier Server to use a different username and password for administrator access, enter it in the fields provided.
If you click the button, the value is set to whatever value appears in the column. If there is no value in the column, the value is set to blank (no value).
Location: This is the registered location you want users to enter as part of the Middle Tier Server URL to access the ZENworks Middle Tier Server. The default is oneNet.
If you change this registry setting on a ZENworks Middle Tier Server installed on NetWare, you must also edit a configuration file for the change to take effect. Edit the sys:\netstorage\xsrv.conf file and change the /oneNet setting in the section (first section) to the same setting you specified in NSAdmin.
Certificate Name: NetIdentity is the default certificate name. It is created automatically during the Middle Tier Server installation. If you purchased a certificate that you want to use or if you just want to use a different certificate, enter the certificate name in this field.
Any certificates used by the Middle Tier Server should reside in the same eDirectory context.
Session Timeout: This is the amount of time in seconds that the session will remain idle before it is terminated. If there is no Middle Tier Server activity for this amount of time, the user is required to log in again to the Middle Tier Server before being allowed file access.
Janitor Interval: This setting should not be changed except under direction from Novell.
Persistent Cookies: The setting can be turned on or off. With the value set to 0, is turned off. is turned on (the default) if there is no value or if the value is set to anything other than 0.
With turned off, the NetStorage or ZENworks Desktop Management session ends when the user closes the current browser or Web folder. Also, if the user has a current instance of ZENworks Desktop Management or NetStorage up in a browser window or Web folder and starts up a new browser instance or Web folder, the user is required to reauthenticate.
Turning off can be beneficial if you have workstations that are shared because as long as the browser instance is closed down, the next user of the workstation cannot accidentally or intentionally obtain access to your network through ZENworks Desktop Management or NetStorage.
Leaving turned on can be beneficial if your workstations are not shared because it prevents users from having to unnecessarily re-authenticate.
If the user selects the option in NetStorage or ZENworks Desktop Management, the session ends regardless of whether is turned on or off.
LDAP Port: Lets you change the LDAP port number if there is a conflict between Active Directory* and eDirectory for LDAP requests.
This conflict exists because the back end server is acting as a domain controller, which has Active Directory installed on it. The conflict is created by both eDirectory and Active Directory attempting to use the same default port (the default port number is 389). Active Directory normally wins the conflict. The Proxy User object type exists in eDirectory but not in Active Directory. Because of this, when the Middle Tier Server tries to bind as a Proxy User, the bind attempt fails. This is also the reason LDAP lookups fail.
Cookieless: Cookieless authentication is needed for some clients that use versions of WebDav that don't support cookies. For example, Apple clients use a WebDav version that does not support cookies. The setting is used by NetStorage.
The Cookieless option can be turned either on or off. With the value set to 0, Cookieless authentication is turned off (the default). Cookieless authentication can be turned on by setting the value to 1.
ClosestEDirServerDN: If used, this option requires the distinguished name of the closest eDirectory server where needed applications distributed by ZENworks Desktop Management might reside. The default value is .
This field works in conjunction with "Site Lists" defined for Application objects in ZENworks Desktop Management. When the user has logged on through a Middle Tier Server at his or her site and clicks on an Application icon, the Middle Tier Server determines the location of the nearest eDirectory server where a needed application (defined in the site list) has been stored. The application file is then distributed to the workstation and installed. For more information about Site Lists, see Section 36.3, Setting Up Site Lists in the ZENworks 7 Desktop Management Administration Guide.
The Site List feature is valuable when users move from one site to another and need access to applications on his or her home server, but distribution of those applications over a WAN may be time or cost prohibitive. When a closer eDirectory server contains the application(s) a user needs and site lists are set up, more efficient application distribution is realized.
Authentication Domains (Xtier 2.6.2 installation)
The Authentication Domains page lets you change or add the eDirectory server URLs and contexts that are required by the ZENworks Middle Tier Server. If you installed the ZENworks 7 Middle Tier Server on a Windows or NetWare server, it will look like this:
Figure 3-3 The Authentication Domains Page of the NSAdmin Utility when the Middle Tier Server’s Xtier Kernel, version 2.6.2, is Installed
This page also lets you change the eDirectory server that is designated as the Primary. For more information about eDirectory server URLs and contexts, see the NetStorage Administration Guide at http://www.novell.com/documentation/lg/nw6p.
The following list identifies the functions of the buttons on the Authentication Domains page:
Add Domain: Lets you add another eDirectory server IP address or DNS name.
Make Primary: Makes the eDirectory server URL listed above the button the Primary.
Remove Domain: Removes the eDirectory server URL from the list of URLs used by the Middle Tier Server.
Remove Context: Removes the context (if there is one) from the eDirectory server URL.
Add Context: Lets you add a context to the eDirectory server URL.
Add Host: Lets you list additional hosts for an Authentication Domain. Clicking the button lets you create a list of alternative hosts for the domain.
If the ZENworks Middle Tier Server cannot reach the host specified in the domain, it searches the list specified in the value field to find another server to use for authentication.
Enter DNS names or IP addresses of alternate servers separated by a comma delimiter in the field. For example, you could enter a string similar to the following:
Zenmaster.provo.novell.com,Zenmaster1.provo.novell.com
or
137.65.67.150,137.65.67.152
Authentication Domains (Xtier 3.1x Installation)
If you install the ZENworks 7 Middle Tier Server on a SLES 9.x server or on an OES Linux server, or if you install the ZENworks 7 with SP1 Middle Tier Server, the underlying Xtier kernel, version 3.1x (versus the Xtier version 2.6.2 installed with ZENworks 7 for Middle Tier installations on Windows and NetWare) displays an Authentication Domains page that looks like this:
Figure 3-4 Authentication Domains Page of the NSAdmin Utility when the Middle Tier Server’s Xtier Kernel, version 3.1 and later, is Installed
The Authentication Domains page lets you change or add the eDirectory server URLs and contexts that are required by the ZENworks Middle Tier Server.
For more information about eDirectory server URLs and contexts, see the NetStorage Administration Guide at http://www.novell.com/documentation/lg/nw6p.
The following list identifies the functions of the buttons on the Authentication Domains page:
Universal Password: Select this check box if you want to enable Universal Password.
Use eMail Address Names: Select this check box if you want to enable e-mail address names. This allows users to log in to the network through the ZENworks Middle Tier Server by using the same syntax they might be accustomed to when sending e-mail.
Although ZENworks 7 Desktop Management does not enable e-mail or dotted name logins by default (because of the complex process used by the Middle Tier Server to find the user and because of the network traffic this process might generate), both login methods can be used for authentication when using the Desktop Management Agent.
Authentication contexts configured for the Middle Tier must not contain any embedded dots.
NOTE:In ZENworks 7 Desktop Management with SP1, this check box is still present, but is non-functional. E-mail address name support is automatically enabled with this release.
Allow Dotted Names: Select this check box if you want to enable dotted name support. This functionality (dotted-name support) applies for the user name only, not the user's context. The ZENworks Middle Tier Server does not support authentication to a dotted name in the root context of the eDirectory tree: that is, authentication contexts configured for the Middle Tier must not contain any embedded dots. For more information, see TID 10098582 in the Novell Support Knowledgebase.
NOTE:In ZENworks 7 Desktop Management with SP1, this check box is still present, but is non-functional. Dotted name support is automatically enabled with this release.
Add Domain: Lets you add another eDirectory server IP address or DNS name.
Make Primary: Designates the eDirectory whose URL is displayed as the primary eDirectory server.
Remove Domain: Removes the eDirectory server URL from the list of URLs used by the Middle Tier Server.
Add Context: Lets you add a context to the eDirectory server URL.
Add Host: Lets you list additional hosts for an Authentication Domain. Clicking the button lets you create a list of alternative hosts for the domain.
If the ZENworks Middle Tier Server cannot reach the host specified in the domain, it searches the list specified in the field to find another server to use for authentication.
Enter DNS names or IP addresses of alternate servers separated by a comma delimiter in the field. For example, you could enter a string similar to the following:
Zenmaster.provo.novell.com,Zenmaster1.provo.novell.com
or
137.65.67.150,137.65.67.152
Remove Context: Removes the context (if there is one) from the eDirectory server URL.
Change Priority: Lets you change the priority for the context to the eDirectory server URL.
WebDav Provider
This page is not used for administration of the ZENworks Middle Tier Server. Do not change the values on this page.
iFolder Storage Provider
This page is not used for administration of the ZENworks Middle Tier Server. Do not change the values on this page.
NetWare Storage Provider
This page is not used for administration of the ZENworks Middle Tier Server. Do not change the values on this page.
Current Sessions
The Current Sessions page displays a report with information on the current ZENworks Middle Tier Server sessions. The report is in XML format and can be customized with a parser to provide specific information.
Figure 3-5 The Current Sessions Page of the NSAdmin Utility
Resource Usage
The Resource Usage page displays a detailed report of resource utilization (memory, etc.) for the ZENworks Middle Tier Server. The report is in XML format and can be customized with a parser to provide specific information.
Figure 3-6 The Resource Usage Page of the NSAdmin Utility
Statistics
The Statistics page displays a report with information like server up time, login failures, and number of sessions active on the ZENworks Middle Tier Server. The report is in XML format and can be customized with a parser to provide specific information.
Figure 3-7 The Statistics Page of the NSAdmin Utility
