Section 2.2.1, Configuring the Remote Management Settings on a Linux Device
Section 2.2.2, Configuring the Remote Management Agent Password on a Linux Managed Device
Section 2.2.3, Starting Remote Management Operations on a Linux Device
Section 2.2.4, Preparing a Linux Device for a Remote Login Session
The Remote Management settings are rules that determine the behavior or the execution of the Remote Management service on the managed device. The settings include configuration for the ports, session settings, and performance settings during the remote session. These settings can be applied at zone, folder, and device levels.
The following sections provide information on configuring the Remote Management settings at the different levels:
By default, the Remote Management settings configured at the zone level apply to all the managed devices.
In ZENworks Control Center, click
.In the Management Zone Settings panel, click
, then click .Click the
tab.Select
and specify the port to enable the Remote Management service to run on that port.By default, the Remote Management service listens on port number 5950.
Select one of the following options:
Allow Full Control: Enables the administrator to remotely control and also remotely view the managed device.
Allow View Only: Enables the user to remotely view the managed device.
Select the
option to request the permission from the user on the managed device before starting a Remote Control or Remote View session on the device.Select the option to enable the Remote Login service. By default, the Remote Login service listens on port number 5951. You can choose to specify a different port number.
To configure the password policy for handling the remote sessions on the device, select one of the following:
Use the Same Password Across Sessions: This is the default option of the password policy and enables the administrator to use the same password across all the remote sessions on the device. For information on setting the password on the managed device, see Setting Up the Remote Management Agent Password on the Managed Device.
Clear the password After Every Session: If this option is selected, the user must set the password for every session and communicate the password to the remote operator through out-of-band means such as telephone. The password is cleared after every successful or unsuccessful attempt for a Remote Management operation. For information on setting the password on the managed device, see Setting Up the Remote Management Agent Password on the Managed Device
No Password: If this option is selected, then Remote Control, Remote Login, and Remote View sessions are launched without asking for a password.This option is not recommended because it allows access to the managed device without any password.
(Optional) Configure a remote management proxy to perform remote operations on the managed device.
If the managed device is on a private network or is on the other side of a firewall or router that is using NAT (Network Address Translation), the remote management operation of the device can be routed through a remote management proxy. You must install the proxy separately. For information on installing the remote management proxy, see Section 2.4.1, Installing a Remote Management Proxy.
Task |
Details |
---|---|
Add a remote management proxy |
|
Delete a remote management proxy |
|
Click
, then click .These changes are effective on the device, when the device is refreshed.
By default, the Remote Management settings configured at the zone level are applied to all the managed devices. However, you can modify these settings for the devices within a folder:
In ZENworks Control Center, click
.Click the folder (details) for which you want to configure the Remote Management settings.
Click
, then click .Click
.Edit the Remote Management settings as required.
To apply the changes, click
or
To revert to the system settings configured at the zone level, click
.Click
.These changes are effective on the device, when the device is refreshed.
By default, the Remote Management settings configured at the zone level are applied to all the managed devices. However, you can modify these settings for the managed device:
In ZENworks Control Center, click
.Click
or to display the list of managed devices.Click the device for which you want to configure the Remote Management settings.
Click
, then click .Click
.Edit the Remote Management settings as required.
To apply the changes, click
or
To revert to the previously configured system settings on the device, click
.If the Remote Management settings on the device were configured at the folder level, the settings revert to the configured folder level settings; otherwise, they revert to the default zone level settings.
Click
.These changes are effective on the device, when the device is refreshed.
If the password policy for performing remote session on a Linux managed is configured to use a password to remotely connect to the device, the user on the managed device must set a Remote Management Agent password and communicate the password to the remote operator. For more information on setting the password policy for Remote Management sessions, see Configuring the Remote Management Settings at the Zone Level of a Linux Device.
The user on the managed device must create a Remote Management Agent password on the device and communicate the password to a remote operator in order to enable the remote operator to remotely manage the device.
To set the Agent password on the managed device, enter the following command at the shell prompt:
# /opt/novell/zenworks/sbin/zrmservice --passwd
The password is case-sensitive and should be between three to eight characters in length.
NOTE:You need not set the password on the device if the Password Policy is configured to
.To clear the Agent password on the managed device, enter the following command at the shell prompt:
# /opt/novell/zenworks/sbin/zrmservice --clrpasswd
The remote session is initiated by the administrator on the management console. The management console is typically placed within an enterprise network and the managed device can be either within or outside the enterprise network. The following illustration depicts a remote session initiated on the managed device from the management console.
Figure 2-3 Console-Initiated Session on a Linux Device
The Remote Management Agent starts automatically when the managed device boots up. A default Remote Management policy is created on the managed device when the device is deployed. You can remotely manage the device using this default policy in rights-based authentication mode only. If you create a new Remote Management policy, the new policy overrides the default policy.
If the ZENworks Management Zone setup is spread across two or more NAT-enabled private networks that are interconnected by a public network, you must deploy DNS_ALG on the gateways of these private networks. DNS_ALG ensures that the DNS lookup queries initiated by the ZENworks components return the correct private address mapped hostname and enables the communication between the management console and the managed devices. For more information on DNS_ALG, refer to DNS ALG RFC - 2694 (http://www.ietf.org/rfc/rfc2694).
If you want to remotely manage a device by using its DNS name, ensure that Dynamic DNS service is deployed in the network.
To initiate a Remote Management session on a Linux device
In ZENworks Control Center, click the
tab.Click
or and select the device you want to remotely manage. Click , then select the Remote Management operation you want to perform.or
In
in the left pane, select .In the Remote Management dialog box, select
, , or .Fill in the options in the dialog box that displays. The following table contains information on the various options available:
Field |
Details |
---|---|
Device |
Specify the host name or the IP address of the device you want to remotely manage. |
Operation |
Select the type of the remote operation you want to perform on the managed device. |
Authentication |
The Password-Based Authentication is the only mode of authentication. |
Port |
Specify the port number on which the Remote Management service is listening. By default, the port number is 5950 |
Enable Logging |
Logs session and debug information in the novell-zenworks-vncviewer.txt file. The file is saved by default on the desktop if you launch ZENworks Control Center (ZCC) through Internet Explorer and in the mozilla installed directory if you launch ZCC through Mozilla FireFox. |
Route Through Proxy |
Enables the remote management operation of the managed device to be routed through a remote management proxy. If the managed device is on a private network or is on the other side of a firewall or router that is using NAT (Network Address Translation), the remote management operation of the device can be routed through a remote management proxy. NOTE:The Route Through Proxy option is not yet supported on Linux. Fill in the following fields: Proxy: Specify the DNS name or the IP address of the remote management proxy. By default, the proxy configured in the Proxy Settings panel to perform the remote operation on the device is populated in this field. You can specify a different proxy. Proxy Port: Specify the port number on which the remote management proxy is listening. By default, the port is 5750. NOTE:The Remote Management Audit displays the IP Address of the device that is running the remote management proxy and not the IP address of the management console. |
Click
to launch the selected remote operation.If you choose to remotely login to a Linux device, a grey screen might appear if some settings are not configured on the device. To enable a Remote Login session to be successfully launched on a Linux managed device, you must enable the XDMCP configuration on the device and disable the firewall For more information on preparing a Linux device for a Remote Login session, review the following sections:
Run the following command to enable the Gnome Display Manager (GDM):
sh /opt/novell/zenworks/sbin/novell-rm-fixrl.sh -dm gdm -cf /etc/opt/gnome/gdm/gdm.conf enable
Run the following command to restart the Display Manager.
/etc/init.d/xdm restart
Edit the /etc/X11/xdm/Xaccess file to uncomment the following line:
* # only local host can get a login window
Edit the /opt/kde3/share/config/kdm/kdmrc file to enable XDMCP to true.
Run the following command to restart the Display Manager.
/etc/init.d/xdm restart
Run the following command to enable the Gnome Display Manager (GDM)
sh /opt/novell/zenworks/sbin/novell-rm-fixrl.sh -dm gdm -cf /etc/X11/gdm/gdm.conf enable
Run the following command to restart the Display Manager.
gdm-restart
Enable the Remote X GUI Login on the device by using XDMCP and KDM configuration. For more information on how to enable the Remote X Login, see Red Hat documentation.
Run the following commands as root to restart the X Server:
init 3
init 5
Run the following command to create a fonts directory:
mkdir -p /usr/X11R6/lib/
Run the following command to link the /usr/share/X11 directory to the newly created fonts directory:
ln -s /usr/share/X11/ /usr/X11R6/lib/X11
Run the following command to display the GDM Setup Window:
gdmsetup
Click Remote.
Select the style as
.Click
.Select the
option.Click
.Run the following command to restart the Display Manager:
init 3
init 5
Run the following command to create a fonts directory:
mkdir -p /usr/X11R6/lib/
Run the following command to link the /usr/share/X11 directory to the newly created fonts directory:
ln -s /usr/share/X11/ /usr/X11R6/lib/X11
Enable the Remote X GUI Login on the device by using XDMCP and KDM configuration. For more information on how to enable the Remote X Login, see Red Hat documentation.
Run the following commands as root to restart the X Server:
init 3
init 5
Run the following command to display a fonts directory:
mkdir -p /usr/X11R6/lib/
Run the following command to link the /usr/share/X11 directory to the newly created fonts directory:
ln -s /usr/share/X11/ / usr/X11R6/lib/X11
Edit the file /etc/gdm/custom.conf and add the following entry:
[xdmcp]
Enable=true
Run the following command to restart the Display Manager:
init 3
init 5
Run the following command to create a fonts directory:
mkdir -p /usr/X11R6/lib/
Run the following command to link the /usr/share/X11 directory to the newly created fonts directory:
ln -s /usr/share/X11/ /usr/X11R6/lib/X11
Enable the Remote X GUI Login on the device by using XDMCP and KDM configuration. For more information on how to enable the Remote X Login, see Red Hat documentation.
Run the following commands as root to restart the X Server:
init 3
init 5
Run the following command to enable the Gnome Display Manager (GDM):
sh /opt/novell/zenworks/sbin/novell-rm-fixrl.sh -dm gdm -cf /etc/dbus-1/system.d/gdm.conf enable
Run the following command to restart the Display Manager.
/etc/init.d/xdm restart
NOTE:You must use only a Gnome Display Manager to remotely login a SLES 11 or a SLED 11 device.