Join Proxy is a Primary Server or a Satellite with the Join Proxy role that acts as a proxy by accepting and maintaining connections from Windows managed devices that are in a private network.
NOTE:For an agent initiated connection, remote management through Join Proxy is not supported.
Figure 1-2 Remote Management Join Proxy - Satellite Server with Join Proxy role
Join Proxy satellite server allows multiple Windows devices that are in a private network on the other side of a firewall or router that is behind NAT (Network Address Translation) to connect to it for remote management operations. For details, see Join Proxy Role
in ZENworks Primary Server and Satellite Reference.
Join Proxy when used for remote management operations joins two connections together. The first connection being the one that the managed device maintains with the proxy server while the second one is the connection that comes from the viewer machine of the administrator.
It is recommended to expose the LDAP source in a demilitarized zone (DMZ) to access identity information. If you do not want to expose the LDAP source, you can use the SKIP_RM_RIGHTS_CHECK system variable.
Add the SKIP_RM_RIGHTS_CHECK (with value as true) and initiate the remote management connection from ZCC, the application skips verifying rights on the device and the current logged in user on the device when using rights-based authentication. For more information, see Adding System Variables in ZENworks Control Center Reference.
It is safe and secure to use the SKIP_RM_RIGHTS_CHECK system variable as rights validation happens when the remote management connection is initiated from ZCC and only the subsequent validation is skipped when rights ticket is verified by managed device.
Functionality Limitations
When using the SKIP_RM_RIGHTS_CHECK system variable, the remote control of a device might fail for non-super administrators as the SKIP_RM_RIGHTS_CHECK system variable has the following functionality limitations:
When a super administrator user is remote controlling a device, a non-super administrator user will not be able to connect to the remote management session.
When a non-super administrator user tries to perform remote operations such as, remote execute or file transfer, the ongoing remote session will be disconnected as the user does not have the rights to perform these operations.