Configuring the First Primary Server - ZENworks Appliance Deployment and Administration Reference

Launch the URL on a supported web browser.

The URL (https://<FQDN>:9443 or https://<ipaddress>:9443) is displayed on the appliance console.

Log into the ZENworks Appliance with the root or zenadmin credentials that were specified in Step 2, in the Section 3.2, Configuring the Appliance Settings.

In the Appliance console, click ZENworks Configuration to initiate ZENworks appliance configuration.

You will be redirected to a new browser tab.

NOTE:Ensure that you have enabled or allowed the pop-up in your browser.

In the new tab, the ZENworks License Agreement page is displayed. Accept the terms of the license and click Next.

In the Configure ZENworks Primary Server screen, select Create a New ZENworks Management Zone, and then click Next.

In the background, a system requirement check is performed automatically. The system runs the prerequisite validation for Hardware, Software, Network, and File system components.

If there are any failure in prerequisite validation, the system displays the warning or error details for the component. Rectify the issue, and then click Re-run System Check to perform the prerequisite validation again.

After the validation is complete, click Next.

On the Zone Configuration screen, specify the following:

Zone name: A unique Management Zone name. The zone name can have a minimum of 6 characters and a maximum of 20 characters. It must not contain spaces and special characters such as (@ $ [ ] / : * ? | > < " & % { } ; ^ + ( ) ! ~ ` ). The zone name is displayed in ZENworks Control Center.
Password: The administrator password is used for logging into the ZENworks Control Center. The password should have a minimum of 6 characters. By default, the login username is administrator. After completing the installation, you can add other administrator names in ZCC that can be used to login to the Management Zone.

The password should have a minimum of 6 characters. It should contain an uppercase and a lowercase letter, a numeric character, and a special character (!, @, #, $, ^, *).
Confirm Password: Use this field to confirm the password. If there is a mismatch, an error message is displayed after you click Next. You must re-enter the correct passwords.

By default, ZENworks creates an administrator account with the administrator as the login name. This password can be used to log into the ZENworks Control Center as the default administrator.

In the ZENworks Database Type section, Select the ZENworks database type.

Depending on the number of devices you plan to manage in this ZENworks Management Zone, you can select any of the following databases:

If you have 5,000 or fewer devices, you can use the Embedded PostgreSQL or Remote PostgreSQL database.
If you have up to 40,000 devices, you can use Microsoft SQL Server or Oracle.
If you have up to 100,000 devices, you need to use the Oracle Enterprise Edition (with partitioning).

Ensure that the server where you want to install the external database meets the Database Requirements.

The following are the supported databases:

Embedded PostgreSQL: ZENworks automatically installs the embedded database on the current server.

For configuration information, see Embedded PostgreSQL Database Configuration.
External PostgreSQL: This database must already exist on a server in your network. It is recommended that you use a different server rather than the current server.

For configuration information, see External PostgreSQL Database Configuration.
Microsoft SQL Server: You can create a database or use an existing database on the Microsoft SQL Server.

For configuration information, see Microsoft SQL Server Database Configuration.
Oracle: You can create a database or use an existing database on the Oracle database Server.

NOTE:If required, you can select Let ZENworks partition the database for improved performance.

For configuration information, see Oracle Server Database Configuration.

NOTE:If you are using an external database, then you need to create two databases, one to save ZENworks data and another to save Audit data. The Audit database is used to record changes made to ZENworks configurations, policies, and other settings. This data helps administrators to adhere to security compliance, troubleshoot issues, and monitor user activities.

Click Next.

On the ZENworks Port screen, open all the Ports and click Next.

On the Configure Certificate Authority screen, choose the type of Certificate Authority (CA) for the Management Zone, and then click Next.

NOTE:The certificate validity should be between 1 and 10 years. If you plan to use the server as an MDM server, then to ensure communication with iOS and Mac devices, the certificate validity should not exceed 2 years.

Internal CA: The certificate is automatically generated. The validity of the certificate is between 2 to 10 years. If you are using the internal CA, then you can skip to Step 11.
External CA: If you are using an external CA, then you can select Secure certificate (.p12, or .pfx), Root certificate and Server certificate with Private key, or Root certificate and Server certificate as Certificate Type.

You can convert your certificate or key to ZENworks acceptable formats using the openssl command line tool (available as part of most Linux distributions or as part of the cygwin tool set).

For example, convert your PEM encoded private key to DER encoded thusly:

openssl pkcs8 -topk8 -nocrypt -in key.pem -inform PEM -out key.der -outform DER

PEM encoded certificate to DER encoded thusly:

openssl x509 -in cert.pem -inform PEM -out cert.der -outform DER
1. If you want ZENworks to generate a CSR, click Generate CSR.
  
  If you generate the CSR from this page, the Private Key will be stored on the server.
  
  While configuring ZENworks, you need to have a signed server certificate, private key, and a CA certificate. To get the signed server certificate, you need to generate a CSR and validate by the CA.
  
  Specify the following information.
  - Common Name (CN): The Fully Qualified Domain Name of the ZENworks Primary Server. This name should match the server name in the URL, in order for browsers to accept the certificate for SSL communication. For example, mail.novell.com.
  - Organization (O): Organization name.
  - Organizational Unit (OU): Organizational unit name, such as a department or division.
  - City or Locality (L)
  - State or Province (ST)
  - Country or Region: Two-letter country code or region. For example, US.
  - Key strength: The required key strength can be 1024 or 2048.
  After specifying all the details, click Download CSR to download the CSR.
2. Based on the required certificate type, specify the following details:
  - Secure certificate (.p12 or .pfx)
    
    Secure certificate: This certificate stores the server certificate, any intermediate certificate chains, and the private key in a encrypted file, which is password-protected. It supports the .p12 or .pfx file format.
    
    Password: Password for the secured certificate file.
  - Root certificate and Server certificate
    
    To use Root certificate and Server certificate, you must have generated a CSR by using the Generate CSR link.
    
    Root certificate: The top-level certificate in the certificate tree issued by the CA that signed the Server certificate and any intermediate certificate chains. It supports the .pem, .crt, .cer, .der, .p7b, or.p7c file format.
    
    Server certificate: It is a signed certificate that is used for the ZENworks server. It supports the.pem, .crt, .cer, .der, .p7b, or .p7c file format.
    
    NOTE:
    
    When the server certificate is not directly signed by a root CA, a certificate chain containing the server certificate and the intermediate certificate that signed the server certificate needs to be provided in the Server Certificate field. The Root Certificate can be a single, self-signed certificate.
    
    The server certificate should contain the complete chain of the certificate. The top-level should consist of a root certificate, which is signed by the Root CA, followed by the intermediate certificates, and then the server certificate. The server certificate should be the leaf level certificate.
    
    The private key format can either be in Binary or Base64.
  - Root certificate and Server certificate with Private Key
    
    Root certificate: The top-level certificate in the certificate tree issued by the CA that signed the Server certificate and any intermediate certificate chains. It supports the .pem, .crt, .cer, .der, .p7b, or.p7c file format.
    
    Server certificate: It is a signed certificate that is used for the ZENworks server. It supports the .pem, .crt, .cer, .der, .p7b, or .p7c file format.
    
    Private key: The private key file that is associated with the signed server certificate. It supports the .der file format.
  For subsequent deployments of Primary Servers to the Management Zone, the same CA must be used to create the Secured Certificate with the Private Key that is established by the first Primary Server’s deployment.
  
  For more information, see the ZENworks SSL Management Reference.

The Summary screen displays the information that you provided to add a new Primary Server to an existing ZENworks Management Zone.

Click Install to initiate the ZENworks configuration.

ZENworks configuration starts and it might take several minutes. The configuration process will continue in the background even if you close the browser or the browser times out.

After successfully completing the installation, the status will be displayed as shown in the following images:

After ZENworks is configured, from the Home page you can use the ZENworks console to access the ZENworks Configuration Management capabilities.

4.1 Configuring the First Primary Server