Like previous versions of ZENworks Desktop Management, ZENworks 10 Configuration Management provides comprehensive management of Windows servers and workstations. However, its underlying architecture has changed extensively.
The following sections explain the architectural differences:
For additional information about the new architecture, see System Architecture
in the ZENworks 10 Configuration Management Enterprise Edition Getting Started Guide. This information is also contained in both the Standard and Advanced editions of the Getting Started Guide.
Your existing Novell ZENworks solution is powerful because:
It is flexible: The logic is in the object store, making it simple to move content and services around without having to perform major architectural overhauls.
It is simple: Services fit together very easily, and the architecture is very easy for administrators to understand, deploy, and manage.
It is scalable: No other systems management product on the market scales to the level of ZENworks (in fact, there are no known limits to how many users a single ZENworks system can manage).
You will want your new infrastructure to be as flexible, simple, and scalable as your existing environment. Thus, it’s helpful to have a solid understanding of the architectural differences between existing versions of ZENworks 10 Configuration Management and earlier versions of Novell ZENworks.
Novell ZENworks 7.x is the final release patterned after traditional ZENworks architecture. Traditional ZENworks architecture is two-tiered and relies on direct access to the object store (Novell eDirectory) for configuration information. Every workstation was required to have Novell Client32 installed or Middle tier configured in order to access ZENworks services—specifically object information, or logic, stored in the directory.
In traditional ZENworks, it is important to note that the bulk of the logic and processing is done on the client side in the form of policy searching, launcher refreshing, and so on. In other words, the client does most of the work. This setup has a dramatic effect on the scalability of the product. Instead of one server doing all of the work for 100 clients, the total workload is spread across all 100 clients.
Figure 2-1 ZENworks Desktop Management Architecture
Traditional ZENworks architecture is characterized as follows:
The ZENworks Management Agent is installed on every workstation
Client32 is required in a NetWare environment
The use of the middle-tier server is required when the Novell Client is not installed on the managed devices
eDirectory is the key requirement as the object store for all users’ workstations and ZENworks objects
Novell ConsoleOne is required to manage the ZENworks infrastructure
All access to the eDirectory environment is via the NetWare Core Protocol (NCP)
The product is cross-platform and supports services running on Linux, NetWare, and Windows
Novell ZENworks 10 Configuration Management features a three-tier architecture, commonly known as Services-Oriented Architecture (SOA). This architecture separates the components, making the product far more modular. Now the various tiers can be updated independently, making it easier to change business logic or add new modules.
With Novell ZENworks 10 Configuration Management, the server-side infrastructure consists of two tiers (see Figure 2-2). The first is the data model, and the second comprises the file system (to store actual files), the database (for storing ZENworks information), and the optional identity store, which allows user-based resource management. With the release of ZENworks 10 Configuration Management, Novell eDirectory and Microsoft Active Directory are supported natively as user sources for user identity information.
Figure 2-2 ZENworks 10 Three-Tier Architecture
In the new architecture, Novell ZENworks 10 Configuration Management has been decoupled from eDirectory, which is no longer a key requirement for the product to function. You no longer need to manage a directory in order to provide systems management services. This does not mean that you cannot benefit from integrating ZENworks 10 Configuration Management with your existing eDirectory environment. In fact, you can continue to use your existing directory infrastructure for user identity information, but you do not need to extend the schema or install the product on a server that runs eDirectory.
Another major architectural change is the way that the client and server communicate with each other (see Figure 2-3). You continue to run a Novell ZENworks agent (ZENworks Adaptive Agent) on the managed device, but the bulk of the work (logic and workload) happens on the server side. As seen in Figure 2-3, the client initiates communications with the server side (the Web server on the ZENworks 10 Configuration Management Primary Server), but the server can also communicate directly with the client. The client and server use industry-standard protocols, such as HTTP, HTTPS, SOAP, CIFS, and LDAP. The client communicates with the server over HTTP or HTTPS, and the server communicates with the Adaptive Agent via SOAP (Simple Object Access Protocol) over HTTPS.
Figure 2-3 ZENworks 10 Client-Server Architecture
From an architectural perspective, the managed device communicates with the server back-end Web service, and the Primary Server tells the client what to do and where to obtain content (see Figure 2-4). In effect, the server sends instructions to the client, and the client uses the required handler to perform the task, such as installing software, applying a policy, managing systems remotely, and so on.
From an identity perspective, the user of a managed device authenticates directly to the identity store where user's object is stored, either Novell eDirectory or Microsoft Active Directory. The only identity-related information stored in the Novell ZENworks object store is a reference object pointing back to the actual identity, which increases the efficiency of user-based resource management.
Figure 2-4 ZENworks 10 Architecture
The new Novell ZENworks 10 Configuration Management architecture includes the following important characteristics:
Installation of the ZENworks Adaptive Agent on every managed device
Three-tier SOA
Additional Primary Servers for computing tasks, which removes the workload from the managed device
No more specific requirement for Novell eDirectory
No more requirement for Novell Client32 to be installed on either the managed device or the server
A new Web-based administrative console (ZENworks Control Center) to manage all ZENworks objects, configurations, and functions
Native support for both Novell eDirectory and Microsoft Active Directory
Based on industry-standard protocols
Direct, one-time server installation, then managed devices are deployed from the server through ZENworks Control Center
Installation of Primary Server software on either Windows Server 2003, Windows Server 2008, or SUSE Linux Enterprise Server
The following sections provide further detail on the architectural differences:
ZENworks Control Center, a Web-based management console is used as a graphical management interface for Configuration Management and it replaces ConsoleOne that is used in tradional ZENworks:
Administrator Roles:
ZENworks Control Center provides robust administrator roles unique to its new architectural design. For more information, see Administrators
in the ZENworks 10 Configuration Management System Administration Reference.
Watch Lists:
ZENworks Control Center provides watch lists on a Home page where you can see the current status of selected devices and bundles, as well as overall Management Zone statistics. For more information, see Creating a Watch List
in the ZENworks 10 Configuration Management Administration Quick Start.
iManager:
If you already use Novell iManager to manage other Novell products, you can configure the ZENworks Control Center to be launched from iManager. For more information, see Accessing ZENworks Control Center through Novell iManager
in the ZENworks 10 Configuration Management System Administration Reference.
Every Primary Server in the Management Zone contains the same content, providing redundancy for all managed devices in the zone. For more information, see Content Repository
in the ZENworks 10 Configuration Management System Administration Reference.
In Configuration Management, content replication and closest server rules replace the traditional load balancing techniques for fault tolerance. For more information, see both Content Replication
and Closest Server Rules
in the ZENworks 10 Configuration Management System Administration Reference.
Novell eDirectory is no longer required for data storage. Instead, the ZENworks Configuration Management database is used. This is different from traditional ZENworks in several ways:
ZENworks Database: A new ZENworks database replaces the old ZENworks database and all eDirectory tree object information stores. Instead of eDirectory containers and contexts, Configuration Management uses database folders and the inheritance functionality relevant to folder/object hierarchy. The new database is the content repository for all Configuration Management data.
For more information on which databases can be used with Configuration Management, see Database Requirements
in the ZENworks 10 Configuration Management Installation Guide. For more information on maintaining your selected database, seeDatabase Management
in the ZENworks 10 Configuration Management System Administration Reference.
No Schema Extensions: Because Configuration Management stores all the data in the ZENworks database, it does not impact your Novell eDirectory schema. Any access to eDirectory is read-only for the purpose of referencing user information.
User Sources: You can use eDirectory and Active Directory as the source for users. To do this, you define a read-only LDAP link to a directory and specify the contexts where users reside. ZENworks creates references to the users in its own database that allow for ZENworks management activities to occur completely within the ZENworks database rather than in the directory. If you only plan to manage devices through device assignments rather than user assignments, user sources are not needed. For more information, see User Management.
Management Zone: Primary Servers and managed devices are organized into a Management Zone, replacing the organization provided by the eDirectory tree.
Configuration Management uses ZENworks Control Center objects instead of eDirectory objects. The following describes some of the differences:
Dynamic Groups: This is a new feature in Configuration Management. Both groups and dynamic groups are available. From the perspective of software and policy assignments, groups and dynamic groups have the same function. The only difference between the two types of groups is the way that devices are added to the group. With a group, you must manually add devices. With a dynamic group, you define criteria that a device must meet to be a member of the group, and then devices that meet the criteria are automatically added.
Several dynamic groups are predefined, but you can define your own.
For more information, see Groups
in the ZENworks 10 Configuration Management Administration Quick Start.
Inheritance: You can set configurations in several ways:
Globally for all ZENworks Control Center objects (devices or bundles) in the Management Zone
For all objects in a folder and its subfolders
For a group of objects (predefined, user-defined, and dynamic groups are available)
For an individual object
For more information, see Organizing Devices: Folders and Groups
in the ZENworks 10 Configuration Management Administration Quick Start.
Associations: In Configuration Management, ZENworks Control Center objects are assigned to each other (such as bundles to devices), instead of being associated with eDirectory objects. The differences between assignments and associations should be considered when migrating to Configuration Management. For more information, see Section 4.10, Migrating Associations.
Configuration Management references existing LDAP user sources, in either eDirectory or Active Directory. Users are not migrated to Configuration Management. This way, ZENworks knows immediately of any changes done natively to user objects. For more information, see User Sources
in the ZENworks 10 Configuration Management System Administration Reference.
The ZENworks Adaptive Agent replaces the ZENworks Desktop Management Agent. The differences include the following:
Deployment: You can use the ZENworks Control Center to deploy the Adaptive Agent to any workstation whose IP address or LDAP directory context you know (or have discovered using the network discovery of LDAP directory discovery technologies included in ZENworks).
Functionality: All functionality (software distribution, imaging, remote management, policies) is automatically included with the installation of the Adaptive Agent. The only functionality you can choose to remove from the agent installation is remote management.
No Network Client: The Adaptive Agent does not require network clients (Novell Client or Microsoft Client) to retrieve content (applications, etc.) from Primary Servers. The Adaptive Agent uses HTTP and Web services requests to retrieve the content.
NOTE:The latest version of the Novell client must be installed on the managed device before a Dynamic Local User policy or a Roaming Profile Policy that has Store User Profile in User’s Home Directory enabled is enforced on the device. To obtain the latest version of Novell Client, see the Novell Download Web site .
Integrated Interface: The separate client programs (Workstation Manager, Remote Control, etc.) have been replaced with a common interface called the ZENworks Icon. The ZENworks Icon is displayed in the notification area at the bottom of the desktop. The NAL Window and NAL Explorer views are still available.
Configuration Settings The Adaptive Agent behavior is now controlled through a combination of configuration settings and policy settings (ZENworks Explorer Configuration policy) rather than through the Launcher Configuration settings only. This allows for greater flexibility in determining which devices receive specific settings.
Inventory-Only Module:
If you have workstations that don’t meet the requirements for installing the Adaptive Agent (see Managed Device Requirements
in the ZENworks 10 Configuration Management Installation Guide), you can still receive inventory information from these workstations by installing the Inventory-only module. For more information, see Deploying the Inventory-Only Module
in the ZENworks 10 Configuration Management Discovery and Deployment Reference.
For more information, see ZENworks Adaptive Agent Deployment
in the ZENworks 10 Configuration Management Discovery and Deployment Reference.
The Middle Tier Server does not exist in Configuration Management. Instead, the ZENworks Adaptive Agent communicates directly with the Primary Server through Web services and HTTP requests.