2.5 Before Installing ZENworks Endpoint Security Management

There are a few questions the ZENworks Endpoint Security Management administrator needs to consider prior to beginning installation:

How will your users receive their ZENworks Endpoint Security Management security policies?

The options for policy distribution center around whether users should be able to receive a policy update anywhere, including outside the central network, or if they should receive them only when they are in (or connected via VPN) a secured network. For organizations planning to frequently update their ZENworks Endpoint Security Management security policies, a Multi-Server installation is recommended that places the Policy Distribution Service on a Web server outside the DMZ.

What type of server deployments are available to you?

If your organization only has a few servers available, then a Single-Server installation deployment may be necessary. If server availability isn't an issue, then the size of your client deployment and the number of users operating outside the firewall should be taken into consideration.

What is your available SQL Server deployment?

ZENworks Endpoint Security Management creates three SQL databases at installation. If your deployment is small, you can install the SQL database server on the same server as the Management Service. For larger deployments, a separate SQL database server should be employed to receive the data from the Policy Distribution and Management Services.

The following RDBMS types are allowed:

If you are using Microsoft SQL Server 2005 or Microsoft SQL Server 2008, you need to configure your SQL server to support ZENworks Endpoint Security Management. The screenshots in the following procedure are for 2005, but the configuration steps are the same for 2008.

  1. Make sure you have Microsoft SQL Server Management Studio.

    Management Studio is included with the Standard and Enterprise editions. If you are using the Express edition (for an evaluation installation), you can download Management Studio Express from the Microsoft Download Center.

  2. Launch Management Studio (Start menu > All Programs > Microsoft SQL Server 2005 (or 2008) > SQL Server Management Studio).

  3. Right-click your SQL server (TC2K3 in the above screen shot), then click Properties.

  4. Select Security, then make sure that Server Authentication is set to SQL Server and Windows Authentication mode.

  5. Click OK, then exit Management Studio.

  6. Launch SQL Server Configuration Manager (Start menu > All Programs > Microsoft SQL Server 2005 (or 2008) > Configuration Tools > SQL Server Configuration Manager).

  7. Expand the SQL Server Network Configuration section, select Protocols for MSSQLSERVER (where MSSQLSERVER is your server), then make sure that TCP/IP is enabled as shown below.

  8. Expand the SQL Native Client Configuration section, select Client Protocols, then make sure that TCP/IP is enabled as shown below.

  9. Exit SQL Server Configuration Manager.

Will you use existing certificates to establish SSL communication, or will you use Novell Self-Signed Certificates?

For disaster recovery and failover designs, you should use enterprise, or otherwise-issued, Certificate Authority (VeriSign, GeoTrust, Thawte, and so forth) SSL certificates for full deployments of ZENworks Endpoint Security Management. When using your own certificates, the Web service certificate and root CA should be created on the machine designated as the Policy Distribution Service, then distributed to the appropriate machines. To create an Enterprise Certificate Authority, see the step-by-step instructions for securely setting up a certificate authority, available at on the Microsoft Web site.

For evaluations or small deployments (fewer than 100 users), you can use ZENworks Endpoint Security Management self-signed certificates. Novell SSL Certificates are installed onto the servers when running the typical installation.

How will you deploy your Endpoint Security Clients?

The Endpoint Security Client software can be deployed either individually onto each endpoint or through an MSI push. Instructions on creating an MSI package can be found in Section 8.2, MSI Installation.

Do you want policies to be machine-based or user-based?

Policies can be distributed to a single machine, where every user who logs on receives the same policy, or policies can be set for individual users or groups.

Each installation has several pre-requisites. It is recommended that each check list of prerequisites be complete before running the installation for any component. Please review the lists on the following pages: