4.1 Configuring the First Primary Server

This is applicable for a fresh installation of ZENworks. After deploying the ZENworks Appliance to a virtual machine, perform the following steps to configure ZENworks Appliance for the first Primary Server:

  1. Launch the URL on a supported web browser.

    The URL (https://<FQDN>:9443 or https://<ipaddress>:9443) is displayed on the appliance console.

  2. Choose the required language. If the web browser supports the selected language, then it displays in that language, else it displays in English.

    For information, see Supported Languages in Section 2.0, System Requirements.

  3. Log in to ZENworks Appliance with the root or zenadmin credentials that were specified in Step 2, in the Section 3.2, Configuring the Appliance Settings.

    When you log in for the first time, you are prompted to configure ZENworks Appliance.

  4. Verify the prerequisites on the Configure ZENworks Management Zone page.

    Based on how you want to use ZENworks, you should be prepared with the required information to complete the configuration.

    Requirements for the first Primary Server:

    • A unique name for the new ZENworks Management Zone. It helps you to identify easily if multiple zones are configured in the zone.

    • A supported database depending on the number of devices that you want to manage.

    • Certificate Authority configuration

      The ZENworks server requires a certificate to communicate securely. ZENworks supports internal and external certificates. If you want to use an internal certificate, it will be automatically generated by ZENworks. If you want to use an external certificate, you can generate a Certificate Signed Request (CSR) using ZENworks or by using your organization-specific methods, and then get the signed certificates.

      A CSR is encrypted text, provided by a user to the Certificate Authority (CA), through a Secure Sockets Layer (SSL) digital certificate application. The CSR is validated by the CA and a signed certificate is issued.

  5. If you want ZENworks to generate a CSR, click Generate CSR.

    If you generate the CSR from this page, the Private Key will be stored on the server.

    While configuring ZENworks, you need to have a signed server certificate, private key, and a CA certificate. To get the signed server certificate, you need to generate a CSR and validate by the CA.

    1. Specify the following information.

      • Common Name (CN): The Fully Qualified Domain Name of the ZENworks Primary Server. This name should match the server name in the URL, in order for browsers to accept the certificate for SSL communication. For example, mail.novell.com.

      • Organization (O): Organization name.

      • Organizational Unit (OU): Organizational unit name, such as a department or division.

      • City or Locality (L)

      • State or Province (ST)

      • Country or Region: Two-letter country code or region. For example, US.

    2. Click Generate and download the CSR.

  6. Choose If this is the first Primary Server as the type of Management Zone, then click Configure first Primary Server.

  7. Specify the following:

    • Zone name: A unique Management Zone name. The zone name can have a minimum of 6 characters and a maximum of 20 characters. It must not contain spaces and special characters such as (@ $ [ ] / : * ? | > < " & % { } ; ^ + ( ) ! ~ ` ). The zone name is displayed in ZENworks Control Center.

    • Password: The administrator password is used for logging in to ZENworks Control Center. The password must contain a minimum of 6 characters.

    • Confirm Password: Use this field to confirm the password. If there is a mismatch, an error message is displayed after you click Next. You must re-enter the correct passwords.

    • Select the required database type. Two database instances of the same database type is required to store the ZENworks data and the Audit data.

      Based on the number of devices in the Management Zone, follow these database guidelines and select the most suitable database:

      • If you have 5,000 or fewer devices, you can use the Embedded PostgreSQL or Remote PostgreSQL database.

      • If you have up to 40,000 devices, you can use Microsoft SQL Server or Oracle.

      • If you have up to 100,000 devices, you need to use the Oracle Enterprise Edition (with partitioning).

      Ensure that the server where you want to install the external database meets the Database Requirements. Also ensure that you have followed Prerequisites for External Databases steps in the ZENworks Server Installation.

      The following are the supported databases:

      • Embedded PostgreSQL: ZENworks automatically installs the embedded database on the current server.

        For configuration information, see Embedded PostgreSQL Database Configuration.

      • Remote PostgreSQL: This database must already exist on a server in your network. It is recommended that you use a different server rather than the current server.

        For configuration information, see Remote PostgreSQL Database Configuration.

      • Microsoft SQL Server: You can create a database or use an existing database on the Microsoft SQL Server.

        For configuration information, see Microsoft SQL Server Database Configuration.

      • Oracle: If you select the Oracle database, the partition confirmation option is enabled. Only Oracle Enterprise edition supports this partitioning feature. For Oracle Standard edition, the partitioning feature is not supported. We recommend to use partitioning since it improves application performance and manageability.

        • Choose Yes, let ZENworks use partitioning with the Oracle database. Otherwise, choose No, do not use partitioning with Oracle database.

        For configuration information, see Oracle Server Database Configuration.

  8. Click Next.

  9. Choose the type of Certificate Authority (CA) for the Management Zone.

    NOTE:The certificate validity should be between 1 and 10 years. If you plan to use the server as an MDM server, then to ensure communication with iOS and Mac devices, the certificate validity should not exceed 2 years.

    • Internal CA: The certificate is automatically generated.

    • External CA: Choose Secure certificate (.p12, or .pfx), Root certificate and Server certificate with Private key, or Root certificate and Server certificate.

    You can convert your certificate or key to ZENworks acceptable formats using the openssl command line tool (available as part of most Linux distributions or as part of the cygwin tool set).

    For example, convert your PEM encoded private key to DER encoded thusly:

    openssl pkcs8 -topk8 -nocrypt -in key.pem -inform PEM -out key.der -outform DER

    PEM encoded certificate to DER encoded thusly:

    openssl x509 -in cert.pem -inform PEM -out cert.der -outform DER

    1. Based on the required certificate, specify the details:

      • Secure certificate (.p12 or .pfx)

        • Secure certificate: This certificate stores the server certificate, any intermediate certificate chains, and the private key in a encrypted file, which is password-protected. It supports the .p12 or .pfx file format.

        • Password: Password for the secured certificate file.

      • Root certificate and Server certificate with Private Key

        • Root certificate: The top-level certificate in the certificate tree issued by the CA that signed the Server certificate and any intermediate certificate chains. It supports the .pem, .crt, .cer, .der, .p7b, or.p7c file format.

        • Server certificate: It is a signed certificate that is used for the ZENworks server. It supports the .pem, .crt, .cer, .der, .p7b, or .p7c file format.

        • Private key: The private key file that is associated with the signed server certificate. It supports the .der file format.

      • Root certificate and Server certificate

        To use Root certificate and Server certificate, you must have generated a CSR by using the Generate CSR link.

        • Root certificate: The top-level certificate in the certificate tree issued by the CA that signed the Server certificate and any intermediate certificate chains. It supports the .pem, .crt, .cer, .der, .p7b, or.p7c file format.

        • Server certificate: It is a signed certificate that is used for the ZENworks server. It supports the.pem, .crt, .cer, .der, .p7b, or .p7c file format.

    2. Click Finish.

      ZENworks configuration starts and it might take several minutes. The configuration process will continue in the background even if you close the browser or the browser times out.

    For subsequent deployments of Primary Servers to the Management Zone, the same CA must be used to create the Secured Certificate with the Private Key that is established by the first Primary Server’s deployment.

After ZENworks is configured, from the Home page you can use the ZENworks console to access the ZENworks Configuration Management capabilities.

4.1.1 Embedded PostgreSQL Database Configuration

Choose the Embedded PostgreSQL to store the ZENworks and Audit data. If you select the embedded database option, no further database configuration is required for ZENworks and Audit.

If you select Remote PostgreSQL for Audit, see Remote PostgreSQL Database Configuration.

4.1.2 Remote PostgreSQL Database Configuration

The PostgreSQL database must exist on a different server in your network. It is recommended that you use a different server rather than the current server.

For information, see Installing and Configuring an External ZENworks Database, in the ZENworks Server Installation.

  1. Specify the following information for the server that is hosting an existing ZENworks database:

    • Server address: A valid IP address or a Fully Qualified Domain Name (FQDN) of the Remote PostgreSQL database server.

    • Port: The port used by the PostgreSQL database server. The default port for PostgreSQL in ZENworks is 54327.

    • Database name: The name of the existing database.

    • Username: The user name that has read and write permissions to access the database.

    • Password: A valid password for user name to access the database.

    • Server name: The name of the Remote PostgreSQL database server.

  2. Click Next and continue with Audit database.

  3. Specify the server information that is hosting an existing Audit database. These fields are the same as those for the ZENworks database (Step 1). The default port for the Audit database is 2639.

  4. Click Next and continue with the Configure Certificate Authority. For information, see Step 9, in the Configuring the First Primary Server.

4.1.3 Microsoft SQL Server Database Configuration

Database can be created while configuring ZENworks using the Create Database option or it can be created separately by using ZENworks database installation method, and then select the Existing Database option. For information, see Installing and Configuring an External ZENworks Database, in the ZENworks Server Installation.

You can create a database or use an existing database on the Microsoft SQL Server.

Creating a Database

  1. Specify the following information for ZENworks to connect to the server:

    • Server address: A valid IP address or a Fully Qualified Domain Name (FQDN) for the Microsoft SQL server.

    • Port: The port used by the Microsoft SQL server. The default port is 1433.

    • Named instance: The name of the Microsoft SQL server instance that is hosting the ZENworks database.

    IMPORTANT:It is important to know whether you installed the Microsoft SQL Server by using Windows authentication or Mixed mode authentication. Ensure that you select the option that coincides with your Microsoft SQL server options; otherwise, authentication fails.

  2. Select Create Database.

  3. Select the authentication mode. Based on the type of authentication (Windows or SQL Server), the following information is displayed:

    • Username: Specify the user who has system administrator permissions.

      For Windows authentication, specify the administrator user name on the Microsoft SQL server or in the domain (Microsoft Active Directory or Novell eDirectory).

      For SQL authentication, specify the system administrator user name.

    • Password: Specify a valid password to access the database.

    • Domain: This field is enabled if you select Windows Authentication. Specify the Fully Qualified Domain Name (FQDN) or hostname.

  4. Click Next.

  5. Specify the following information:

    • Database location: The path of the folder that exists on the Microsoft SQL server that is used to store database files. For example, C:\Database.

    • Database name: A unique name for the ZENworks database.

  6. Select the authentication mode. Based on the type of authentication (Windows or SQL Server), the following information is displayed:

    • Username: Specify a user for the ZENworks database.

      For Windows authentication, specify a user name that exist in the device or in the domain (Microsoft Active Directory) that is hosting the Microsoft SQL Server.

      For SQL authentication, specify a username that does not exists in the Microsoft SQL Server.

    • Password: This field is enabled if you select Windows Authentication. Specify a valid password to access the database.

    • Domain: This field is enabled if you select Windows Authentication on Microsoft SQL Server Configuration for ZENworks page and the Windows Authentication option on this page. Specify the Fully Qualified Domain Name (FQDN) or hostname and ensure that FQDN is reachable.

  7. Click Next and continue with Audit database. These fields are the same as those for the ZENworks database.

  8. Click Next and continue with Configure Certificate Authority. For information, see Step 9, in the Configuring the First Primary Server.

Existing Database

Database can be created by using the ZENworks database installation method.

  1. Specify the following information for ZENworks to connect to the server:

    • Server address: A valid IP address or a Fully Qualified Domain Name (FQDN) for the Microsoft SQL server.

    • Port: The port used by the Microsoft SQL server. The default port is 1433.

    • Named instance: The name of the Microsoft SQL server instance that is hosting the ZENworks database.

  2. Select Existing Database.

  3. Click Next.

  4. Specify the following information for the existing ZENworks database:

    • Database name: The database name that is created by using the ZENworks database creation (setup.exe -c or setup.sh -c).

  5. Select the authentication mode. Based on the type of authentication (Windows or SQL Server), the following information is displayed:

    • Username: Specify the same user name that is created at the time of the database through the ZENworks database creation.

    • Password: Specify a valid password to access the database.

    • Domain: This field is enabled if you select Windows Authentication. Specify the Fully Qualified Domain Name (FQDN) or hostname.

  6. Click Next and continue with Audit database. These fields are the same as those for the ZENworks database.

  7. Click Next and continue with Configure Certificate Authority. For information, see Step 9, in the Configuring the First Primary Server.

4.1.4 Oracle Server Database Configuration

User Schema can be created while configuring ZENworks using the Create User Schema option or it can be created separately by using ZENworks database installation method, and then select the Existing User Schema option. For information, see Installing and Configuring an External ZENworks Database, in the ZENworks Server Installation.

Creating a User Schema

For ZENworks to connect to the Oracle server with New user schema:

  1. Specify the following information in order for ZENworks to connect to the Oracle server:

    • Server address: A valid IP address or a Fully Qualified Domain Name (FQDN) of the Oracle server.

    • Port: The port used by the ZENworks database server. The default port is 1521.

    • Service name: For Oracle server connectivity, specify a valid service name.

    Oracle User Schema: User schema options are used to set up an external Oracle database schema to configure ZENworks. You can create a new user schema or use an existing schema that exists on the Oracle database server.

  2. Choose New User Schema.

  3. Specify the user credentials for an administrator who has rights to create the user schema, if you are creating a user schema.

    • Username: The user name that has read and write permissions to access the database.

    • Password: A valid password of user name to access the database.

  4. Click Next.

  5. Specify the following information:

    • Username: Specify a new user name for the ZENworks database. The user name can have a maximum of 30 characters. It must not contain spaces or special characters such as (@ [ ] / : * ? | > < " & % { } ; , ^ + - = ( ) ! ~ ` . ). The user name must not be a database reserve word and it must not start with a number.

    • Password: Specify a valid password to access the ZENworks database. The password can have a maximum of 30 characters. It must not contain special characters such as (; : " / @ % ? { } ). The password must not be a database reserve word and it must not start with a number.

    • Confirm password: Use this field to confirm a correct password. If there is a mismatch, an error message is displayed after you click Next. You must re-enter the correct password.

  6. Choose Let ZENworks create the tablespaces or Let Oracle DBA create the tablespace for the tablespaces required by the ZENworks database.

    Select Let ZENworks create the tablespaces if you want the ZENworks database to create the tablespace. Specify the following information:

    • Tablespace name for tables: Specify the tablespace name for tables. It must be a unique and must start with [a-z] | [A-Z]. The Oracle tablespace naming conventions must be followed.

    • Tablespace name for indexes: Specify the tablespace name for indexes. It must be a unique and must start with [a-z] | [A-Z]. The Oracle tablespace naming conventions must be followed.

    • DBF file location for tables: Specify the dbf fully qualified file path, it must be unique. The specified physical path of the folder must be an existing path.

    • DBF file location for indexes: Specify the dbf fully qualified file path, it must be unique. The specified physical path of the folder must be an existing path.

    or

    Select Let Oracle DBA create the tablespace if you want your database administrator to create the tablespace. Specify the following information:

    • Tablespace name for tables: The tablespace name for tables that exist on the Oracle server.

    • Tablespace name for indexes: The tablespace name for indexes that exist on the Oracle server.

    IMPORTANT:If you are using Automatic Storage Management (ASM) or some other disk storage, select Let Oracle DBA create the tablespace.

  7. Click Next and continue with Audit database configuration. These fields are the same as those for the ZENworks database.

  8. Click Next and continue with the Configure Certificate Authority. For information, see Step 9, in the Configuring the First Primary Server.

Existing User Schema

User schema can be created by using the ZENworks database installation method. For information, see Installing and Configuring an External ZENworks Database, in the ZENworks Server Installation.

For ZENworks to connect to the Oracle server with an Existing user schema:

  1. Specify the following information in order for ZENworks to connect to the Oracle server:

    • Server address: A valid IP address or a Fully Qualified Domain Name (FQDN) of the Oracle server.

    • Port: The port used by the ZENworks database server. The default port is 1521.

    • Service name: For Oracle server connectivity, specify a valid service name.

    Oracle User Schema: User schema options are used to set up an external Oracle database schema to configure ZENworks. You can create a new user schema or use an existing schema that exists on the Oracle database server.

  2. Choose Existing User Schema.

  3. Click Next.

  4. Specify the following information:

    • Username: The user name for an existing ZENworks database user who has permissions to create tables, views, procedures, sequences, and triggers.

    • Password: A valid password to access the database.

  5. Specify the tablespace names for ZENworks:

    • Tablespace name for tables: The tablespace name for tables. This name should be associated with an existing user name that is specified in the Username field

    • Tablespace name for Indexes: The tablespace name for indexes. This name should be associated with an existing user name that is specified in the Username field.

  6. Click Next with Audit database configuration. These fields are the same as those for the ZENworks database.

  7. Click Next and continue with Configure Certificate Authority. For information, see Step 9, in the Configuring the First Primary Server.

NOTE:After configuring ZENworks Appliance on the first Primary Server in the zone, the ZooKeeper service is by default enabled on this server. Ensure that the ZooKeeper service is up and running at all times to enable proper functioning of various ZENworks components. To verify the status of the ZooKeeper service, see the Diagnostics page in ZCC. For more information on the ZooKeeper component, see the ZENworks Primary Server and Satellite Reference.

You also need to ensure that the firewall allows client connections from other Primary Servers to the ZooKeeper services on port 6789. If the Primary Servers in your zone are unable to access the ZooKeeper service, then to open the ports, you can run the following Configure action on the server in which ZooKeeper is enabled.

microfocus-zenworks-configure -c ClusterFirewallConfigureAction -Doperation=add -Dservice=zookeeper

However, if the Primary Server that is within the DMZ is unable to access the ZooKeeper service within the corporate network, then you need to manually open the port 6789 in the corporate firewall.

For more information on the ZooKeeper ports, see ZENworks 2020 TCP and UDP Ports.