Use these sections in the following order:
When installing Policy and Distribution Services for the first time, you installed one Distributor with a database file. If you planned to install more Distributors or databases (see Understanding Distributors and Section 10.2, Determining How Many Databases You Need), you should perform this installation now.
When installing Policy and Distribution Services for the first time, you might not have installed the Subscriber software to all of your servers. If you want to install the Subscriber software to more servers at this time, you should perform this installation now.
IMPORTANT:Any servers where you do not have the Subscriber software installed are not eligible to receive the Distributions you have planned to create and distribute at this time. However, when you install the Subscriber software to servers at a later date, you can subscribe them to existing Channels for receiving their Distributions.
To install additional Distributors, databases, and Subscriber software to more servers, do the following in order:
Make sure you have fulfilled all of the necessary requirements for your target Distributor and Subscriber servers.
For more information, see Server Requirements
in the Novell ZENworks 7 Server Management Installation Guide.
Select the workstation you will use to install the Distributors and Subscribers.
If you have not already done so, log in to the eDirectory tree where you want to create the Server Management objects (worksheet item 1).
This should be the same tree where you extended the schema for ZENworks 7 Server Management.
You are automatically authenticated to all of the NetWare target servers in this tree during installation. You can select those servers, as well as servers in other trees or domains, for installing the Policy and Distribution Services software. However, this is the tree where all of the Server Management objects are installed for each of the selected servers.
Continue with Starting the Installation Program.
On the installation workstation, insert the ZENworks 7 Server Management with Support Pack 1 Program CD.
The startup screen is displayed. If the startup screen is not automatically displayed after inserting the CD, you can start it by running winsetup.exe at the root of the CD.
IMPORTANT:Installation from a CD in a remote server is not supported unless there is a drive mapped on the workstation to that remote server. For example, if you place the CD in a Windows server CD drive, then run the installation from a workstation, you must have a drive mapped on the workstation to the CD drive of that Windows server.
Select , then select .
This begins the installation program.
If you agree with the Software License Agreement, click > .
On the Installation Type page, click , then click .
On the Installation Options page, make sure all three check boxes are selected.
On the eDirectory Tree for Creating Objects page, select the tree (worksheet item 1).
This is the tree where you initially created Server Management objects.
Continue with Selecting and Configuring the Distributor and Subscriber Servers.
On the Server Selection page, click .
Browse for and select the Distributor (worksheet item 2) and Subscriber (worksheet item 3) servers and click .
Configure each server listed on this page, then click to continue with the File Locations and Options page:
HINT:To quickly configure a specific role or set of roles for one or more servers, select the servers, right-click the selection, then select the role for the server. The options that apply to that role are automatically selected. Repeat for additional roles.
ZENworks Policy-Enabled Management Services
The following three options are all selected by default. If you want to install the Inventory Agent, you must also select to install the Policy and Distribution Server.
Policy and Distribution Services Server: For each server that you want to be a Subscriber, select this check box.
For Tiered Electronic Distribution purposes, you can deselect the following:
Additional Options
The installation program detects whether these options are already installed on a target server and dims the option label. You can still select the check box to reinstall the component.
Distributor: The Subscriber service is installed automatically to all target servers. Select this check box if you planned to make a Distributor server.
Server Management database: This is the Policy and Distribution Services database that the Distributor logs to server (worksheet item 4). You should install it on the same server as the Distributor in order to minimize network traffic for database logging.
IMPORTANT:You can install the database to multiple servers per run of the installation program; however, you can only install one database per server. On the Database Settings page, you will be able to individually configure each database that is being installed. On the Database Logging page, you will identify which of the databases being installed is to be the one database for initial logging.
For Tiered Electronic Distribution purposes, you can deselect the following:
HINT:You can configure a group of selected servers with the same options by selecting the group and right-clicking the group. This displays the Custom Selection dialog box.
On the File Locations and Options page, do the following:
For each Distributor server, edit the installation path if you do not want to use the default (worksheet item 5).
If you want all Distributor servers to have the same installation path, select all of the servers, then edit the path.
For each Subscriber server, edit the installation path if you do not want to use the default (worksheet item 6).
If you want all Subscriber servers to have the same installation path, select all of the servers, then edit the path.
To launch Policy and Distribution Services components on server startup, select the check box.
To start services when the installation is finished, select the check box, then click Next.
On the Distributor Object Properties page, edit the properties as necessary (worksheet item 7), then click Next.
On the Subscriber Object Properties page, edit the properties as necessary (worksheet item 8), then click Next.
On the Database Settings page, do the following:
Edit the database file’s path if you do not want to use the default (worksheet item 9).
Because the database file can become very large, we recommend that you change the default NetWare volume from sys: to another volume on that server.
Edit the Database object’s name, if desired (worksheet item 10).
Change the Database object’s container, if desired (worksheet item 11).
If you chose to install the Policy and Distribution Services database, the Log to a Server Management Database That Will Be Installed option is selected; click Next to display the Summary page.
Continue with Completing the Installation.
To save the current installation configuration for future use in installing Distributors, on the Summary page select the check box.
Provide a path and filename for the template file.
If you attempt to quit the installation program without clicking Finish, you are prompted to save your current installation configuration to an installation template file.
You can reuse this template to speed up filling in installation pages in subsequent installations of Distributors or Subscribers.
Click to begin the installation process.
After the installation program has finished, review the installation log file to determine whether any components failed to install.
The log file is located at:
%TEMP%\_resnumber.txt
where number is a three-digit number that is increased incrementally each time a new installation log is created.
If necessary, rerun the installation program.
Select only the components that failed to install.
Rerun the installation program once for each additional database that needs to be installed (worksheet item 4).
On the Server Selection page add only one of the Distributors where you planned to have a database installed, but have not installed it yet. Then, click only the Database column for that database’s Distributor server and fill in the applicable information on the remaining installation pages.
To set up additional distribution security, continue with Section 1.2.2, Setting Up Additional Distribution Security; otherwise, continue with Section 1.2.3, Configuring the Distribution Flow.
To ensure that you have the proper security for your Distributions, do the following tasks that are applicable:
If you need Distribution encryption support for certain NetWare, Windows, Linux, or Solaris Subscriber servers, NICI 2.6.4 is supported in ZENworks 7 Server Management. If not, skip to Configuring the Distribution Flow.
If you previously updated your servers to NICI 2.6.4 using ZENworks for Servers 3 SP2, skip to Configuring the Distribution Flow.
IMPORTANT:All servers that are sending or receiving encrypted Distributions must be running the same version of NICI. Otherwise, encrypted Distributions to any of those servers will fail.
You must install NICI 2.6.4 to all Subscribers subscribed to the Channel that you select for the software package used to distribute NICI. NICI 2.6.4 must also be running on any Distributor server that creates encrypted Distributions.
However, if you already have NICI 2.4.6 installed, it is optional whether you upgrade to NICI 2.6.4, because these versions are compatible with each other.
A NICI update is contained on the ZENworks 7 with Support Pack 1 Companion 2 CD, which is installed to Windows servers using the Novell International Cryptographic Infrastructure (NICI) menu option.
A software package update for NICI 2.6.4 is also provided on the ZENworks 7 with Support Pack 1 Companion 2 CD.
When you install NICI 2.6.4, the installation program does not check to see if NICI is already installed.
Select the appropriate installation method:
To install NICI 2.6.4 on Windows servers:
On a Windows workstation, insert the ZENworks 7 with Support Pack 1 Companion 2 CD.
Select the option, then click to access the Companion 2 CD menu.
Select the menu option.
Follow the installation instructions.
Continue with Section 1.2.3, Configuring the Distribution Flow.
To install NICI 2.6.4 on any supported server:
On a Windows workstation, insert the ZENworks 7 with Support Pack 1 Companion 2 CD.
Copy the nici265.exe file from the \NICI directory on the CD to a location on your workstation, then extract the file.
Copy the nici264.cpk file that was extracted to a location on the Distributor server where you create the Software Package Distribution for installing NICI 2.6.4.
Create and send the Distribution to each Subscriber server where encrypted Distributions are received.
For information on creating and sending Software Package Distributions, see Section 3.4.4, Creating a Distribution.
Continue with Section 1.2.3, Configuring the Distribution Flow.
If you are distributing to servers outside your secured network (worksheet item 13), see Section 7.3, Security for Inter-Server Communication Across Non‑Secured Connections for detailed instructions on setting up security for inter-server communications.
You need to configure your distribution system to ensure the most efficient use of your network in sending Distributions by setting up the Distributors’ routing hierarchies. This was not done for any Distributor when you installed Policy and Distribution Services.
To configure your distribution system:
In ConsoleOne, right-click a Distributor object (worksheet item 2), then click .
Select the tab and do the following:
Click and browse for your first tier Subscriber servers (worksheet item 15), then click > .
This sets up your first tier of Subscriber servers. These receive Distributions directly from the Distributor.
Select one of the Subscriber servers in the first tier of the routing tree, click and browse for your next tier of Subscriber servers to go under that fist tier Subscriber (worksheet item 15), then click > .
This sets up a second tier of Subscriber servers for the one Subscriber that you selected. These second-tier Subscribers receive Distributions indirectly from the Distributor via the Subscriber server above them in the hierarchy.
Repeat Step 2.b for each of the first-tier Subscribers until you have selected all of the second-tier Subscribers for this part of the hierarchy.
Select one of the Subscriber servers in the second tier of the routing tree, click and browse for your next tier of Subscriber servers to go under that Subscriber (worksheet item 15), then click > .
Repeat Step 2.d for each of the second tier Subscribers until you have selected all of the third-tier Subscribers for this part of the hierarchy.
Repeat this process, tier by tier, until you have completed your planned routing hierarchy for the current Distributor.
When you have finished building the routing hierarchy, click .
Continue with Configuring Parent Subscribers.
All Subscribers should not receive their Distributions directly from a Distributor. The Distributor’s routing hierarchy provides a way to minimize the Distributor’s workload in sending Distributions.
For Subscriber servers to receive their Distributions using the routing hierarchy, you need to identify a parent Subscriber that is in the routing hierarchy for each end-node Subscriber (the Subscriber to receive the Distribution). This allows an end-node Subscriber to receive its Distributions through the routing hierarchy, rather than directly from a Distributor.
A Subscriber that is in the Distributor’s routing hierarchy does not need to have a parent Subscriber in order to receive a Distribution from that Distributor. Distributors check their routing hierarchies first, then check for parent Subscribers second.
To associate Subscribers with parent Subscribers:
In ConsoleOne, select a group of Subscriber objects for servers that you planned to have serviced by a particular parent Subscriber (worksheet item 16), right-click the selected group, click , in the field browse for the parent Subscriber object, then click > .
Because you can do multiple editing of eDirectory objects, you can select all of the Subscribers that are serviced by one parent Subscriber and edit the Parent Subscriber field once for all of them.
Repeat this process for all end-node Subscribers.
Continue with Configuring Subscriber Groups.
To create and populate a Subscriber Group:
In ConsoleOne, select the container to hold the Subscriber Group object, click > > , then select .
In the New TED Subscriber Group dialog box, specify a name (worksheet item 17), click , then click .
Click > and provide a description.
To populate the group with Subscribers, select the tab, then do the following:
Click , browse for and select the Subscriber objects (worksheet item 18), then click .
To remove any Subscribers from the list, select the Subscribers and click .
To view the properties of any Subscriber, select the Subscriber and click .
Click when you have finished configuring the Subscriber Group object.
Continue with Section 1.2.4, Creating the Distributions and Related Channels.
The following are generic instructions for creating a Distribution. For more detailed instructions for most Distribution types, see Section 3.0, Tiered Electronic Distribution. For steps on using the Distribution Wizard to create a File or FTP Distribution, see Section 3.4.12, Using the Distribution Wizard.
You first need to create the Distribution, then create the Channel (if you don’t use an existing Channel):
In ConsoleOne, locate the containers where the Tiered Electronic Distribution objects were installed.
Right-click the container for Distributions, click > , then select .
Specify a Distribution name (worksheet item 19).
Name the Distribution so you can identify what it contains.
Browse to and select the Distributor object to own this Distribution (worksheet item 19).
Each Distribution is associated with a single Distributor. That Distributor is responsible for building and sending the Distribution.
Select the check box.
Click to create the object.
The properties for the Distribution are now displayed.
Select the tab; in the Select Type drop-down box, select a Distribution type (worksheet item 19).
Configure the Distribution.
For information on configuring the different Distribution types, see Section 3.4, Distributions.
Use the up-arrow and down-arrow buttons to change the distribution order.
Select the tab.
The Distribution’s schedule determines how often the Distributor attempts to build a new version of the Distribution. A new version is built only if there have been changes since the last version was built.
Select from the drop-down list.
This causes the Distributor to build the Distribution as soon as it reads eDirectory for the Distribution information.
Click at the bottom of the Distribution Properties dialog box to save all changes.
If you have not previously resolved certificates, for NetWare and Windows servers, select when prompted to copy security certificates.
For Linux and Solaris servers, certificates must be resolved manually if you do not have a drive mapped to them. For more information, see Section 7.1.6, Resolving Certificates.
The Distributor needs to have been run at least once so that its certificates can be minted (created).
A Distributor needs to resolve its certificates only once per Subscriber.
The Subscriber software does not need to be running on the server for security certificates to be resolved. The server only needs to be up.
ConsoleOne sends security certificates to each Subscriber server that subscribes to the Channel that was selected in the Channel Tab. Each Subscriber must have a security certificate from the Distributor before it can receive Distributions from that Distributor.
It can take several minutes to copy a security certificate to each Subscriber.
IMPORTANT:Certificate copying only needs to be done once for each Distributor/Subscriber relationship.
If you receive an error when the Distributor tries to copy to a Windows Subscriber, enter the following for the path:
\\IP_Address\zen$\pds\ted\security
where IP_Address is the IP address of that Windows Subscriber.
If you receive an error when the Distributor tries to copy to a Linux or Solaris Subscriber, or you cannot browse for the Server to select it for resolving certificates, you must map a drive to the server (such as through using Samba), and then repeat resolving certificates.
Repeat these steps for any other Distributions you want to create at this time (worksheet item 19).
Continue with Creating and Configuring the Channel.
Channel objects are used to associate Subscribers with Distributions. When Subscribers subscribe to a Channel, they receive all of the Distributions associated with that Channel. Each Channel has a schedule that determines when the Distributions associated with it are to be sent to the Subscribers.
In ConsoleOne, locate the container where the Channel objects reside (worksheet item 20).
This container should already exist.
We suggest for ease of management that you use the same OU for all Channels.
Right-click the Channel object’s container, click > , select , then click .
Specify a name for the Channel (worksheet item 21) and click .
You could name your Channels according to the Distributions you intend for them. For example, Channel - Antivirus Update.
Right-click the new Channel object and click .
Select the tab, click , browse for and select the Distributions for the Channel (worksheet item 22), then click .
This associates the Distributions with the Channel. The Subscribers that are subscribed to this Channel receive all of the Distributions currently listed there.
To set the Channel’s Send schedule, select the tab, select , specify the interval as every hour, then click .
Repeat Step 1 through Step 5 for each Channel you have planned (worksheet item 21).
Continue with Section 1.2.5, Subscribing to the Distributions.
Before a Subscriber can use a Distribution that is sent to it via Tiered Electronic Distribution, it must extract the Distribution. Therefore, the Subscriber’s extraction schedule must be set before sending the Distributions.
In ConsoleOne, right-click the Subscriber object (worksheet item 23) for a server where you want to set the extraction schedule, then click .
Select the tab, click the arrow for the drop-down box, select , then click .
This causes the selected Subscriber to extract its Distributions as soon as they are received.
Repeat Step 1 and Step 2 as necessary until all Subscriber schedules have been set.
Continue with Subscribing to the Channels.
Subscribers must subscribe to a Channel in order to receive the Distributions associated with that Channel. In the following steps, you will associate all of your Subscribers to the Channels created previously.
In ConsoleOne, right-click a Channel object (worksheet item 21) and click .
Select the tab, click , browse for each of the Subscriber or Subscriber Group (worksheet item 24) objects to be subscribed to this Channel, click , then click .
Select the tab and make sure the check box is selected.
Click to close the Channel object’s properties and save the changes.
Select when prompted to copy security certificates.
Repeat Step 1 through Step 5 for each Channel (worksheet item 21).
Continue with Section 1.2.6, Sending the Distributions.
Now that you have installed, created, and configured your Distributors, Subscribers, Channels, and Distributions, you can begin the Distribution process.
Do the following in order:
In ConsoleOne, right-click the Distributor object (worksheet item 2) and click .
On the Distribution object’s tab, click , then click to close the properties.
The Distribution is sent as soon as it is built, regardless of the Channel’s Send schedule.
Right-click the Distributor object and click .
This causes the Distributor to read eDirectory and obtain all of the changes that were made in eDirectory. The manual refresh of the Distributor is the recommended method. For more information, see Determining the Distributor’s Refresh Schedule.
Continue with Verifying That the Distribution Process Was Successful.
Building the Distribution begins immediately (according to the Build schedule you set previously). The Distribution is sent within five minutes (according to the Send schedule you set previously).
As soon as the Subscribers receive the entire Distribution, they extract the contents to the Subscriber’s working directory that you specified in the Subscriber object’s properties.
There are a number of ways you can verify that your Distribution process has worked:
iManager: The Tiered Distribution View and Subscriber Distribution View are the easiest methods for determining this information. For help on using those views, access the iManager Help on those pages.
Reporting: Run a report on the Distribution to see its status. For information on Tiered Electronic Distribution reporting, see Section 11.0, Reporting.
Log files: Depending on the logging levels you are using, you can review the log files for distribution statuses. The log files (.log) can be found in the Distributors’ and Subscribers’ working directories.
Distribution files: Compare the Distribution file on the Distributor’s file system (under \zenworks\pds\ted\dist) with the Subscriber’s file system (under \zenworks\pds\ted\sub\individual_Distribution’s_path) to see if it was received. The Distribution file uses the same name on both servers.