What is the ZENworks Join Proxy?
The Join Proxy is a new role that is always assigned to Primary Servers, and can be assigned to Satellites. The Join Proxy’s job, as the name implies, is the join two connections together. In this case the first connection is the one that the managed device is maintaining to the proxy server, and the second is the connection coming from the administrator’s viewer machine. The diagram below shows a typical Join Proxy deployment:
In this diagram you can see the following key elements:
- The managed device. When a Join Proxy is used, the ZENworks Adaptive Agent connects at boot-up, or when it determines its location necessitates the use of a join proxy. It initiates a TCP connection to the Join Proxy Server and then periodically checks in to keep the connection alive. This is similar to how protocols such as ActiveSync direct push, Apple Push Notification, and most of the Internet friendly remote management and conferencing products work.
- The Join Proxy. In this case the Join Proxy has been deployed to a Satellite in the DMZ. As long as this server is reachable by both the ZENworks administrator and the managed device the administrator will be able to remotely manage the device.
- Network Address Translation. Notice that in this diagram the device is in a hotel room behind a NAT. Because of this it is impossible for the administrator to contact the machine directly. However, since the device was determined to be in a location requiring a Join Proxy, the managed device connected and now the administrator can reach the join proxy and initiate the session.
Configuring the Join Proxy
In order to configure the proxy you must do the following:
- Choose a device that you want to act as the proxy. ZENworks 11SP3 allows the use of either a Primary Server or a Satellite as the Join Proxy. If you elect to use a Primary server, no further configuration of the server is required. If you choose to use a Primary you need to assign the Join Proxy role to the satellite server as shown below:
- Make sure that if the Join Proxy is running a firewall or if it is behind a network firewall that you open the port that you have elected to use for the proxy.
- Modify the closest server list for the location or locations where you need the user to use a Join Proxy. Typically at least the Unknown location is configured to utilize a Join Proxy as shown below:
- Refresh the device. Once you have properly configured the Join Proxy all you should need to do is refresh the device so that it reads the new closest servers list. If the device is in a location with a Join Proxy configured you should be able to see the Join Proxy server(s) listed in the ZENworks Agent status page as shown below:
Remote Managing Devices through the Join Proxy
Once you’ve enabled the Join Proxy and configured the agent to use it in specific locations you are ready to begin remotely managing devices through it. In most cases this is the exact same process used to remotely manage devices that are directly accessible by the administrator’s machine. To manage devices do the following:
- Login to ZENworks Control Center.
- Select the device you want to remote control.
- Select Actions > Remote Control. The following dialog is displayed, if you click the More Options link you can see the Join Proxy field, shown below:
- If the managed device has an active connection to the Join Proxy then this field will be automatically filled in. If you select to enter an IP address/DNS name instead of selecting a device you may need to manually enter the Join Proxy’s address and port.
- Initiate the session. This should cause remote control to be started. You will notice that the initial connection is made with the Join proxy during connection negotiation.
By deploying the new Join Proxy satellite server to a satellite or primary server in the DMZ you can now remotely manage devices, regardless of whether they are behind one or more NATs. This means you can help your users at home, their hotel room, the nearest Internet café…just about anywhere.