3.4 Enforcement Servers
The following sections contain more information:
3.4.1 Adding an ES
To add an ES:
Figure 3-3 System Configuration, Enforcement Clusters & Servers
-
Click Add an Enforcement server in the Enforcement clusters & servers area. The Add Enforcement server window appears.
Figure 3-4 Add Enforcement Server
-
Select a cluster from the Cluster drop-down list.
-
Enter the IP address for this ES in the IP address text box.
-
Enter the fully qualified hostname to set on this server in the Host name text box.
-
Enter one or more DNS resolver IP addresses, separated by a commas, semicolons, or spaces in the DNS IP addresses text box. For example, 10.0.16.100,10.0.1.1
-
Enter the password to set for the root user of the ES server’s operating system in the Root password text box.
-
Re-enter the password to set for the root user of the ES server’s operating system in the Re-enter root password text box.
-
Click ok.
3.4.2 Cluster and Server Icons
To view the cluster and server icons:
-
Move the mouse over the legend icon. The legend pop-up window appears.
-
Move the mouse away from the legend icon to hide pop-up window.
Figure 3-5 Enforcement Cluster Legend
3.4.3 Editing ESs
To edit ES settings:
-
Click the ES you want to edit. The Enforcement server window appears, as shown in Figure 3-6.
-
Click the Configuration menu option to access the Enforcement Server’s settings. The Configuration area is displayed:
Figure 3-6 Enforcement Server
-
Edit the following settings:
-
ES Network settings — Section 3.4.4, Changing the ES Network Settings
-
ES Date and time — Section 3.4.5, Changing the ES Date and Time
-
ES SNMP settings — Section 3.4.6, Modifying the ES SNMP Settings
-
Other settings — Section 3.4.7, Modifying the ES root Account Password
-
-
Click ok.
3.4.4 Changing the ES Network Settings
IMPORTANT:Back up your system immediately after changing the MS or ES IP address. If you do not back up with the new IP address, and later restore your system, it will restore the previous IP address which can show an ES error condition and cause authentication problems. See Section 3.15, Maintenance for instructions on backing up and restoring your system.
To change the ES network settings:
Modify any of the following Network settings you want to change:
-
Enter a new ES in the Host name text field. For example, garp.mycompany.com
-
Enter a new ES address in the IP address text field. For example, 192.168.153.35
-
Enter a new netmask in the Network mask text field. For example, 255.255.255.0
-
Enter a new gateway in the Gateway IP address text field. For example 192.168.153.2
-
Enter one or more DNS resolver IP addresses, separated by commas, semicolons, or spaces in the DNS IP addresses text box. For example: 10.0.16.100,10.0.1.1
NOTE:The Novell ZENworks Network Access Control ESs host name must be a fully qualified domain name (FQDN). For example, the FQDN should include the host and the domain name—including the top-level domain.
For example, waldo.mycompany.com. Select names that are short, easy to remember, have no spaces or underscores, and the first and last character cannot be a dash (-).
NOTE:You cannot change the ES IP address for a single-server installation. You can change the MS IP address for a single-server installation.
3.4.5 Changing the ES Date and Time
To change the ES date and time:
-
Select a Region from the Region drop-down list in the Date and time area.
-
Select a time zone from the Time zone drop-down list.
-
Click ok.
NOTE:See Section 3.5.7, Selecting the Time Zone for information on changing the time zone settings for the MS.
WARNING:Manually changing the date/time by a large amount (other than a time zone change) will require a restart of all servers. Rolling back the clock will have adverse effects on the system.
3.4.6 Modifying the ES SNMP Settings
To change the ES SNMP settings:
-
Select the Enable SNMP check box.
-
Enter a Read community string, such as Public2.
-
Enter the Allowed source network. This value must be either default or a network specified in CIDR notation.
3.4.7 Modifying the ES root Account Password
To change the ES root account password:
-
Enter the new password in the Root password text box in the Other settings area.
-
Re-enter the password in the Re-enter root password text box.
-
Click ok.
3.4.8 Viewing ES Status
There are two ways Novell ZENworks Network Access Control provides ES status:
-
The icons next to the server name (see Figure 3-5)
-
The Status window (see the following steps). The Enforcement server window allows you to view the following information:
-
Health status
-
Upgrade status
-
Process/thread status
-
System load average for the server
-
Current endpoints being tested/minute for the server
-
Percentage of memory used on the server
-
Disk space usage for the server
-
To view ES status:
-
Click the server for which you want to view the status. The Enforcement server window appears:
Figure 3-7 Enforcement Server, Status
-
Click ok or cancel.
3.4.9 Deleting ESs
NOTE:Servers need to be powered down for the delete option to appear next to the name in the Novell ZENworks Network Access Control user interface.
To delete ESs:
-
Click delete next to the server you want to remove from the cluster. The Delete Enforcement server confirmation window appears.
-
Click yes. The System configuration window appears.
3.4.10 ES Recovery
If an existing ES goes down and comes back up, it can participate in its assigned cluster, even if the MS is not available.
When a new ES is created, the MS must be available before the ES can participate in a cluster.