Here’s an excerpt:
In some respects it’s hard to believe that the release, of Novell ZENworks 10 Configuration Management was more than three years ago. With that release of ZENworks, Novell introduced an entirely new modular underlying architecture—one that was cross-platform, Web services based and directory agnostic.
Now we’re writing the next chapter of this product’s long history—Novell ZENworks Configuration Management 11. This release is packed with many new features and functions that broaden the platforms you manage and greatly extend how you can secure and manage those devices throughout their lifecycle.
Integrated Endpoint Security Management
In 2007, Novell acquired Senforce and gained endpoint security capabilities that differed greatly from the traditional device lifecycle management policies in ZENworks. Novell ZENworks Endpoint Security Management was made available as a standalone, non-integrated product. That has changed now with Novell ZENworks 11. Featuring fully integrated endpoint security management capabilities, ZENworks 11 represents the convergence of device lifecycle and endpoint security management from a single management console.
As with other ZENworks functions, communications to and from the ZENworks infrastructure happen via the Adaptive Agent on standard HTTP(s) protocols, and all features are managed via the ZENworks Control Center. Client self defense features prevent users from tampering with the security enforcement components of the ZENworks agent. Enforcement continues to be at the driver level for both network and storage security functions.
- Feature-specific policies—Granularly define security settings for the device, then combine them to implement a holistic policy.
- Policy groups—Combine security and configuration policies and make a single assignment for enforcement.
- User/device-assigned and global/location-specific policies—Merge policies to ensure the right set is applied for the combination of location, device and user. Merging is unique to endpoint security policies and does not apply to non-endpoint security policies.
- USB device management policies—Control what devices or types of devices users are allowed to access (if any). (See Figure 1.) and (See Figure 2.)
- Storage management features—Control access to storage devices and AutoPlay execution.
- Wi-Fi management—Limit access to protected networks and to specific wireless access points.
- Layer 2 firewall—Control all incoming and outgoing traffic on the managed device.
- VPN enforcement policies—Require the use of VPN in specified locations.
- Application control policies—Restrict application execution or Internet use by application.
- Data encryption policies—Configure the encryption of removable devices and folders or sub-folders on fixed disks.