To upgrade your traditional ZENworks to Configuration Management, you simply need to determine which eDirectory objects and associations to migrate from your traditional ZENworks system. You do not need to migrate all of them, or organize them the same way as they are organized in eDirectory.
Consider the following as you plan your migration:
When you introduce Configuration Management into your environment, the following takes place:
Installation: Configuration Management is installed to a Primary Server in a Configuration Management Zone. This server cannot be running traditional ZENworks software.
Installation sets up a Management Zone and a ZENworks database. The first Primary Server installed hosts the database if you are not using an external database on another server.
Migration: eDirectory data is migrated to the ZENworks database on the Primary Server by using read-only access.
Migration to Configuration Management consists of reading eDirectory data to create similar objects, attributes, and assignments in the ZENworks database. Users are not migrated to Configuration Management. Configuration Management simply uses eDirectory for a user source, if you have user associations to be migrated.
You must create the user source in ZENworks Control Center before migrating user associations.
Managed Devices: The ZENworks Adaptive Agent is installed on each device to be managed by Configuration Management, such as workstations and Primary Servers in the Management Zone.
Installing the Adaptive Agent also deletes the traditional ZENworks Agent software from the managed device, so there are no managed device conflicts.
Certain considerations affect coexistence:
The Configuration Management software cannot be running on the same server as your traditional ZENworks software.
Configuration Management uses its own database, not eDirectory.
The Adaptive Agent replaces the traditional ZENworks Agent on managed devices.
Because of these things, the Configuration Management and traditional ZENworks systems can run concurrently in your environment without conflicts. The Configuration Management and traditional ZENworks systems do coexist but are not interoperable. They remain as separate management software for the devices where their respective agents are running.
The ZENworks Migration Utility authenticates to both the source eDirectory tree by using LDAP and the destination ZENworks Management Zone by using Web services, and both rely on SSL for security over TCP/IP. LDAP must be enabled, which is the default for eDirectory trees.
For eDirectory login, you must provide a fully distinguished user name that has sufficient rights to read eDirectory. Writing to eDirectory is not required because the migration process only reads eDirectory. If you are migrating images, the migration user must also have rights to read .zmg imaging files.
For reading information from eDirectory, the default port for LDAP SSL is 636. The default non-LDAP SSL port is 389.
Although you can migrate without Novell Client32 running on the device where you are running the migration utility, Client32 might be necessary to access files on NetWare volumes.
Authentication to the ZENworks Management Zone is done using the administrator login name and password that you established when installing Configuration Management. If you added other administrator logins in ZENworks Control Center after installation, these are also valid, provided they have the necessary Read rights to eDirectory and Write rights to the ZENworks Configuration Management database.
For writing to the zone’s database, the default port for SSL is 443.
If you have both Configuration Management and ZENworks Linux Management systems running concurrently, the following information might apply:
PXE Devices: When a PXE device boots, it makes a broadcast request on the network for PXE services. The ZENworks Proxy DHCP server (the novell-proxydhcp daemon) responds to this request with information that includes the IP address of an imaging server where the device can send requests for assigned preboot work.
Because PXE devices can exist in an environment with both newer and traditional ZENworks systems running concurrently, the device can fail to determine its assigned preboot work if it cannot find the imaging server for its own ZENworks version.
In ZENworks Configuration Management, devices can exist in multiple Management Zones. It is essential that the PXE device contact PXE services associated with its home zone so that it can correctly determine if there is any preboot work assigned to it. When there is only a single Management Zone, this is easy to do because all Proxy DHCP servers provide addresses to services that belong to the same zone. Any device can request preboot work from any imaging server in the same zone and get the same response.
The PXE device’s initial request for PXE services is sent as a broadcast to the network, and all Proxy DHCP servers respond with information pertaining to their respective zones (in ZENworks Configuration Management and ZENworks Linux Management) or Proxy DHCP servers in their trees (in traditional ZENworks versions using Windows or NetWare imaging servers). Because it is impossible to determine which Proxy DHCP server responds first (if multiple Proxy DHCP servers respond), or which server’s response is used by the device, it is impossible to ensure that each PXE device contacts servers in its home zone or tree.
Server Referral Lists: For a ZENworks environment that has PXE services, the Server Referral List configuration section provides a method for getting PXE devices to connect with their proper imaging servers. Server referral lists are only used by PXE devices, and in ZENworks Configuration Management only one Management Zone needs to have an active Proxy DHCP server and server referral list. Because you can only have one referral list active in a network segment, if you have ZENworks Linux Management running with a referral list configured, you need to disable the Proxy DHCP service for Linux Management. This allows the Configuration Management referral list to be used by all PXE devices.
A server referral list allows you to ensure that all devices contact their home zone or tree for preboot work assignments. The list should contain the IP address of an imaging server in each known Management Zone or traditional ZENworks system’s tree. When a device requests preboot work from a server, the server first determines if the device belongs to the same zone or tree as the server. If it does not, that server refers the request to each server in its server referral list until it finds the device’s home zone or tree. The device is then instructed to send all future requests to the correct novell-proxydhcp daemon.
If two server referral lists are active, do the following:
Install ZENworks Configuration Management.
For instructions, see the ZENworks 11 SP2 Server Installation Guide.
Configure a server referral list in your Configuration Management system.
Disable the Proxy DHCP service in your Linux Management system.
The migration screen’s design provides granularity that allows you to migrate one item or thousands of items at a time. Therefore, you can migrate any number of items in a session and you can use as many sessions as you need.
Because traditional ZENworks and Configuration Management can run concurrently, but are not interoperable, you can migrate eDirectory objects incrementally, such as by department or geographical region.
When migrating, the ZENworks Migration Utility preserves GUIDs and version numbers, but cache is not used. Therefore, we recommend when you migrate Workstation objects that you migrate all eDirectory associations related to those workstations before you register the workstations in Configuration Management.
The following list represents what can be migrated and shows the suggested migration order. However, you can migrate in any order, including any subsets of these migration types:
Applications
Images
Policies
Zone Settings
Workstations
Associations
This order is recommended because of possible dependencies, such as associations that require their applications and associated objects to already exist in order to re-create those associations in Configuration Management.
You can migrate the following eDirectory information for Novell Application Launcher configuration settings and for the Imaging policies; they become Management Zone settings in ZENworks Configuration Management:
Table 4-1 ZENworks Management Zone Settings for Migration from eDirectory
ZENworks Management Zone Setting |
eDirectory Source |
---|---|
Default Gateway |
Imaging policies |
Device Imaging Assignment Rules |
Imaging policies |
DNS Suffix |
Imaging policies |
Full Refresh Frequency |
Launcher configuration setting for workstations For users, these are migrated to the ZENworks Explorer Configuration policy in Configuration Management. |
Name Servers |
Imaging policies |
PXE Menu Settings |
Imaging policies |
Random Refresh Max Time to Wait |
Launcher configuration setting for workstations |
Refresh Manually |
Launcher configuration setting for workstations |
Subnet Mask |
Imaging policies |
Unassigned Days to Uninstall |
Launcher configuration setting for workstations |
IP Configuration |
Imaging policies |
Workgroup |
Imaging policies |
Computer Name Prefix |
Imaging policies |
Only the launcher configuration settings for workstations that are listed above are migrated as zone settings, and launcher configuration settings for users are migrated as ZENworks Explorer Configuration policy in ZENworks Configuration Management. For more information, see Section A.4, Management Zone Settings.
Only the Imaging policies information listed above is migrated to ZENworks Configuration Management.
There are two different ways you can set up your workstations as managed devices in the ZENworks Management Zone:
Use the Migration Utility to migrate them, then use ZENworks Control Center to deploy the Adaptive Agent to them.
This maintains any eDirectory associations that you have between the workstations and other eDirectory objects.
This also maintains GUIDs that are established in the eDirectory objects for your workstations.
Use ZENworks Control Center to discover them and deploy the Adaptive Agent to them.
Established eDirectory associations and GUIDs are not maintained, so you must use ZENworks Control Center to make new assignments to the workstations.
Determine whether you want to maintain associations to Workstation objects and whether you have GUIDs that you want to maintain for the workstations. If so, migrate your workstations by using the Migration Utility and use ZENworks Control Center to deploy the Adaptive Agent to them. If not, use ZENworks Control Center to discover them and deploy the Adaptive Agent to them, thus skipping the workstation step in the Migration Utility.
Users are not migrated to Configuration Management; their eDirectory objects are simply pointed to from Configuration Management. Then, any changes that you make to user objects in eDirectory are immediately known in Configuration Management.
You should first configure your user source in ZCC, then migrate the object types in the recommended order. Dependencies on users are more easily resolved during migration if the user sources are known by Configuration Management.
IMPORTANT:The user source and the associated objects that you are migrating must be in the same tree.
Active Directory users are utilized in Configuration Management in the same manner as eDirectory users. However, traditional ZENworks systems do not have directory objects in Active Directory to migrate. If Active Directory is configured in ZENworks Control Center and eDirectory and Active Directory are synchronized by using Novell Identity Manager or any similar utility, then the eDirectory user associations can be migrated to the Active Directory users.
In a way that is similar to using contexts to organize your objects in eDirectory, Configuration Management uses folders. You should plan how to organize your migrated data in Configuration Management by defining a folder structure.
Keep in mind the following when creating folders in Configuration Management:
Configuration Management does not have an accessible root directory where you can place folders, such as the eDirectory tree name context. Instead, Configuration Management provides certain basic root-level folders for the different Configuration Management components, which provide default starting paths for where you can migrate the objects. For example, all migrated policies are placed under a Policies folder. Then in ZCC, your migrated policies are displayed on the Policies page.
You can migrate eDirectory contexts to Configuration Management. They are converted to folders for the ZENworks database. Everything downstream in the context applicable to the current type you are migrating is also queued for migration.
For example, if you are migrating applications, all application objects under the container are added to the queue, including any application objects found in all of its subcontainers. Before migrating, you can delete unwanted objects in any queued folder.
You can use the migration screen to create new folders in Configuration Management. These folders can be nested in any fashion. You can then drag eDirectory objects into these folders no matter where they resided in eDirectory.
You don’t need to maintain the same organization in Configuration Management that you have in eDirectory. However, because of possible associations to containers, we recommend that when you have eDirectory objects grouped in containers, that you migrate those contexts instead of the individual objects contained in them.
Before you drag and drop eDirectory objects into new Configuration Management folders, you can migrate the empty folders to create the directory structure that you want in Configuration Management. For migration purposes, this might be faster to do from the ZENworks Migration Utility than in ZCC because of navigational differences.
When migrating image objects, the imaging information contained in the objects is migrated as the imaging bundle information in the ZENworks Configuration Management database. However, the actual image files (.zmg) are copied to an imaging directory on the imaging server. You do not have control over this placement.
The migration screen is designed so that you can model your migration, then perform the migration after you have refined your model. The modeling data is automatically saved on your workstation so that you can revise it over time. Therefore, you can use the modeling capability of this utility to help you in visually planning your migration.
To use the migration screen to model, just select the objects, contexts, and associations from your eDirectory tree view and drag them into the Configuration Management Zone’s view to queue them for migration. These items (objects, contexts, and associations) are represented in the destination panel’s listing as Configuration Management objects, folders, and associations. Their icons and texts are dimmed to distinguish them from items in Configuration Management that have already been migrated (teal-colored text). Items in black text were originally created in Configuration Management or migrated from a different workstation, because migration history files are kept on the workstation where you run the utility.
The teal color is persistent so that you can always know what has previously been migrated from the workstation. The listings of both your eDirectory tree and the ZENworks database content maintain the teal color for migrated items. This can be helpful for knowing what has been migrated from the eDirectory perspective.
To migrate, you simply use the migration screen to queue what you want migrated, resolving any issues that the utility might identify as you queue them, then click a button to migrate your eDirectory data to the ZENworks database. Therefore, in addition to planning your migration on paper, you can use this modeling capability of the migration screen to visualize your migration before actually performing it.
The migration screen works by migration task. The tasks described in Section 4.4.5, Migration Order are each a migration session. A selected task is migrated when you click the button. Therefore, at a minimum, you must plan to migrate your eDirectory data in several separate clicks of the button. However, you can model an incremental migration consisting of many sessions per migration task.
In addition to planning your migration on paper, you can use the migration screen to model your migration. To get started with using the migration screen, continue with Section 5.0, Migrating to ZENworks Configuration Management.