2.1 Architecture

Like traditional versions of ZENworks Desktop Management, ZENworks 11 Configuration Management SP3 provides comprehensive management of Windows servers and workstations. However, its underlying architecture has changed extensively.

The following sections explain the architectural differences:

For additional information about the new architecture, see System Architecture in the ZENworks 11 SP3 Overview. This information is also contained in both the Standard and Advanced editions of the Getting Started Guide.

2.1.1 Traditional ZENworks Architecture

Your existing Novell ZENworks solution is powerful because:

  • It is flexible: The logic is in the object store, making it simple to move content and services around without having to perform major architectural overhauls.

  • It is simple: Services fit together very easily, and the architecture is very easy for administrators to understand, deploy, and manage.

  • It is scalable: No other systems management product on the market scales to the level of ZENworks (in fact, there are no known limits to how many users a single ZENworks system can manage).

You will want your new infrastructure to be as flexible, simple, and scalable as your existing environment. Thus, it’s helpful to have a solid understanding of the architectural differences between existing versions of ZENworks 11 Configuration Management SP3 and earlier versions of Novell ZENworks.

Novell ZENworks 7.x is the final release patterned after traditional ZENworks architecture. Traditional ZENworks architecture is two-tiered and relies on direct access to the object store (Novell eDirectory) for configuration information. Every workstation was required to have Novell Client32 installed or Middle tier configured in order to access ZENworks services—specifically object information, or logic, stored in the directory.

In traditional ZENworks, it is important to note that the bulk of the logic and processing is done on the client side in the form of policy searching, launcher refreshing, and so on. In other words, the client does most of the work. This setup has a dramatic effect on the scalability of the product. Instead of one server doing all of the work for 100 clients, the total workload is spread across all 100 clients.

Figure 2-1 illustrates the traditional architecture for Novell ZENworks Desktop Management:

Figure 2-1 ZENworks Desktop Management Architecture

ZENworks Desktop Management Architecture

Traditional ZENworks architecture is characterized as follows:

  • The ZENworks Management Agent is installed on every workstation

    • Client32 is required in a NetWare environment

    • The use of the middle-tier server is required when the Novell Client is not installed on the managed devices

  • eDirectory is the key requirement as the object store for all users’ workstations and ZENworks objects

  • Novell ConsoleOne is required to manage the ZENworks infrastructure

  • All access to the eDirectory environment is via the NetWare Core Protocol (NCP)

  • The product is cross-platform and supports services running on Linux, NetWare, and Windows

2.1.2 The Next Generation ZENworks Architecture

Novell ZENworks 11 Configuration Management SP3 features a three-tier architecture, commonly known as Services-Oriented Architecture (SOA). This architecture separates the components, making the product far more modular. Now the various tiers can be updated independently, making it easier to change business logic or add new modules.

With Novell ZENworks 11 Configuration Management SP3, the server-side infrastructure consists of two tiers (see Figure 2-2). The first is the data model, and the second comprises the file system (to store actual files), the database (for storing ZENworks information), and the optional identity store, which allows user-based resource management. With the release of ZENworks 11 Configuration Management, Novell eDirectory and Microsoft Active Directory are supported natively as user sources for user identity information.

Figure 2-2 ZENworks 11 Three-Tier Architecture

ZENworks 11 Three-Tier Architecture

In the new architecture, Novell ZENworks 11 Configuration Management SP3 has been decoupled from eDirectory, which is no longer a key requirement for the product to function. You no longer need to manage a directory in order to provide systems management services. This does not mean that you cannot benefit from integrating ZENworks 11 Configuration Management SP3 with your existing eDirectory environment. In fact, you can continue to use your existing directory infrastructure for user identity information, but you do not need to extend the schema or install the product on a server that runs eDirectory.

Another major architectural change is the way that the client and server communicate with each other (see Figure 2-3). You continue to run a Novell ZENworks agent (ZENworks Adaptive Agent) on the managed device, but the bulk of the work (logic and workload) happens on the server side. As seen in Figure 2-3, the client initiates communications with the server side (the Web server on the ZENworks 11 Configuration Management SP3 Primary Server), but the server can also communicate directly with the client. The client and server use industry-standard protocols, such as HTTP, HTTPS, SOAP, CIFS, and LDAP. The client communicates with the server over HTTP or HTTPS, and the server communicates with the Adaptive Agent via SOAP (Simple Object Access Protocol) over HTTPS.

Figure 2-3 ZENworks 11 SP3 Client-Server Architecture

ZENworks 11 Client-Server Architecture

From an architectural perspective, the managed device communicates with the server back-end Web service, and the Primary Server tells the client what to do and where to obtain content (see Figure 2-4). In effect, the server sends instructions to the client, and the client uses the required handler to perform the task, such as installing software, applying a policy, managing systems remotely, and so on.

From an identity perspective, the user of a managed device authenticates directly to the identity store where user's object is stored, either Novell eDirectory or Microsoft Active Directory. The only identity-related information stored in the Novell ZENworks object store is a reference object pointing back to the actual identity, which increases the efficiency of user-based resource management.

Figure 2-4 ZENworks 11 SP3 Architecture

ZENworks 11 Architecture

The new Novell ZENworks 11 Configuration Management SP3 architecture includes the following important characteristics:

  • Installation of the ZENworks Adaptive Agent on every managed device

  • Three-tier SOA

  • Additional Primary Servers for computing tasks, which removes the workload from the managed device

  • No more specific requirement for Novell eDirectory

  • No more requirement for Novell Client32 to be installed on either the managed device or the server

  • A new Web-based administrative console (ZENworks Control Center) to manage all ZENworks objects, configurations, and functions

  • Native support for both Novell eDirectory and Microsoft Active Directory

  • Based on industry-standard protocols

  • Direct, one-time server installation, then managed devices are deployed from the server through ZENworks Control Center

  • Installation of Primary Server software on either Windows Server 2003, Windows Server 2008, or SUSE Linux Enterprise Server

2.1.3 More Detail on the Architectural Changes

The following sections provide further detail on the architectural differences:

Management Console

ZENworks Control Center, a Web-based management console is used as a graphical management interface for Configuration Management and it replaces ConsoleOne that is used in tradional ZENworks:

Software Repository

Every Primary Server in the Management Zone contains the same content, providing redundancy for all managed devices in the zone. For more information, see Content Repository in the ZENworks 11 SP3 Primary Server and Satellite Reference.

In Configuration Management, content replication and closest server rules replace the traditional load balancing techniques for fault tolerance. For more information, seeContent Replication in the ZENworks 11 SP3 Primary Server and Satellite Reference and Configuring the Closest Server Default Rule in the ZENworks 11 SP3 Location Awareness Reference.

Novell eDirectory

Novell eDirectory is no longer required for data storage. Instead, the ZENworks Configuration Management database is used. This is different from traditional ZENworks in several ways:

  • ZENworks Database: A new ZENworks database replaces the old ZENworks database and all eDirectory tree object information stores. Instead of eDirectory containers and contexts, Configuration Management uses database folders and the inheritance functionality relevant to folder/object hierarchy. The new database is the content repository for all Configuration Management data.

    For more information on which databases can be used with Configuration Management, see Database Requirements in the ZENworks 11 SP3 System Requirements. For more information on maintaining your selected database, see the ZENworks 11 SP3 Database Management Reference.

  • No Schema Extensions: Because Configuration Management stores all the data in the ZENworks database, it does not impact your Novell eDirectory schema. Any access to eDirectory is read-only for the purpose of referencing user information.

  • User Sources: You can use eDirectory and Active Directory as the source for users. To do this, you define a read-only LDAP link to a directory and specify the contexts where users reside. ZENworks creates references to the users in its own database that allow for ZENworks management activities to occur completely within the ZENworks database rather than in the directory. If you only plan to manage devices through device assignments rather than user assignments, user sources are not needed. For more information, see User Management.

  • Management Zone: Primary Servers and managed devices are organized into a Management Zone, replacing the organization provided by the eDirectory tree.

Object Management

Configuration Management uses ZENworks Control Center objects instead of eDirectory objects. The following describes some of the differences:

  • Dynamic Groups: This is a new feature in Configuration Management. Both groups and dynamic groups are available. From the perspective of software and policy assignments, groups and dynamic groups have the same function. The only difference between the two types of groups is the way that devices are added to the group. With a group, you must manually add devices. With a dynamic group, you define criteria that a device must meet to be a member of the group, and then devices that meet the criteria are automatically added.

    Several dynamic groups are predefined, but you can define your own.

    For more information, see Groups in the ZENworks 11 SP3 Administration Quick Start.

  • Inheritance: You can set configurations in several ways:

    • Globally for all ZENworks Control Center objects (devices or bundles) in the Management Zone

    • For all objects in a folder and its subfolders

    • For a group of objects (predefined, user-defined, and dynamic groups are available)

    • For an individual object

    For more information, see Organizing Devices: Folders and Groups in the ZENworks 11 SP3 Administration Quick Start.

  • Associations: In Configuration Management, ZENworks Control Center objects are assigned to each other (such as bundles to devices), instead of being associated with eDirectory objects. The differences between assignments and associations should be considered when migrating to Configuration Management. For more information, see Section 5.10, Migrating Associations.

User Management

Configuration Management references existing LDAP user sources, in either eDirectory or Active Directory. Users are not migrated to Configuration Management. This way, ZENworks knows immediately of any changes done natively to user objects. For more information, see the ZENworks 11 SP3 User Source and Authentication Reference.

Client Agents

The ZENworks Adaptive Agent replaces the ZENworks Desktop Management Agent. The differences include the following:

  • Deployment: You can use the ZENworks Control Center to deploy the Adaptive Agent to any workstation whose IP address or LDAP directory context you know (or have discovered using the network discovery of LDAP directory discovery technologies included in ZENworks).

  • Functionality: All functionality (software distribution, imaging, remote management, policies) is automatically included with the installation of the Adaptive Agent. The only functionality you can choose to remove from the agent installation is remote management.

  • No Network Client: The Adaptive Agent does not require network clients (Novell Client or Microsoft Client) to retrieve content (applications, etc.) from Primary Servers. The Adaptive Agent uses HTTP and Web services requests to retrieve the content.

    NOTE:The latest version of the Novell client must be installed on the managed device before a Dynamic Local User policy or a Roaming Profile Policy that has Store User Profile in User’s Home Directory enabled is enforced on the device. To obtain the latest version of Novell Client, see the Novell Download web site .

  • Integrated Interface: The separate client programs (Workstation Manager, Remote Control, etc.) have been replaced with a common interface called the ZENworks Icon. The ZENworks Icon is displayed in the notification area at the bottom of the desktop. The NAL Window and NAL Explorer views are still available.

  • Configuration Settings The Adaptive Agent behavior is now controlled through a combination of configuration settings and policy settings (ZENworks Explorer Configuration policy) rather than through the Launcher Configuration settings only. This allows for greater flexibility in determining which devices receive specific settings.

  • Inventory-Only Module: If you have workstations that don’t meet the requirements for installing the Adaptive Agent (see Managed Device Requirements in the ZENworks 11 SP3 System Requirements), you can still receive inventory information from these workstations by installing the Inventory-only module. For more information, see Deploying the Inventory-Only Module in the ZENworks 11 SP3 Discovery, Deployment, and Retirement Reference.

For more information, see ZENworks Adaptive Agent Deployment in the ZENworks 11 SP3 Discovery, Deployment, and Retirement Reference.

Middle Tier Server

The Middle Tier Server does not exist in Configuration Management. Instead, the ZENworks Adaptive Agent communicates directly with the Primary Server through Web services and HTTP requests.