3.8 External Subscribers

The following sections provide concepts and instructions for the External Subscriber object:

3.8.1 Understanding External Subscribers

An External Subscriber is an eDirectory object (TED External Subscriber) that represents a Subscriber object in another tree.

Functional Relationship with Other Tiered Electronic Distribution Objects

Figure 3-31 illustrates an External Subscriber’s relationship with the Channel:

Figure 3-31 External Subscriber’s Relationship with a Channel

The External Subscriber subscribes to the Channels.

External Subscriber Description

A Distributor cannot send its Distributions to a Subscriber server whose Subscriber object is in a different tree than the Distributor’s object, or to a server that does not have a Subscriber object. An External Subscriber object is needed for out-of-tree distributions.

For information on the External Subscriber object, see the following:

The External Subscriber’s Purpose

If you installed all of your Tiered Electronic Distribution objects in one tree, an External Subscriber object is not necessary, because you can send your Distributions using the Distributor and Subscriber objects that are in the same tree.

However, the External Subscriber object is useful for sending out-of-tree Distributions when one of the following conditions exists:

  • The target server has no Subscriber object in any tree: The target server, such as a Windows server in a Microsoft domain, has only the Subscriber software installed on it.

  • The target server has a Subscriber object in a different tree: The target server has the Subscriber software installed on it, but its Subscriber object is in a different tree than the Distributor object that is sending the Distribution.

Because the External Subscriber is only an object in an eDirectory tree, it does not actually handle the Distribution files; it simply identifies which server is to receive them.

Distribution Information Not Maintained

When sending any Distribution through External Subscribers, trusted tree rights cannot be maintained.

When sending Desktop Application Distributions through External Subscribers, application object associations cannot be maintained. However, it can send the group association, because it creates that.

Duplicate Distribution Management

You can use an External Subscriber object to circumvent the need to duplicate Distribution work in another tree.

For example, a few Subscribers on a tree at a remote site could receive all of their Distributions via the External Subscriber in the Distributor’s tree. That would prevent the need to have a Distributor server at the remote site, including duplicating the Distribution configuration and management effort there.

External Subscriber Characteristics

An External Subscriber is associated with a server running the Subscriber software that has no Subscriber object in any tree, or no Subscriber object in the same eDirectory tree as the Distributor from which it receives the Distribution.

External Subscriber objects are associated with a Subscriber server through an IP address or DNS name of that server.

You can send Distributions outside of eDirectory, such as to a Windows server in a Microsoft domain. For more information on this type of Distribution, see Subscriber Software Configuration and Trusted Trees and The Tednode.properties File Requirement.

External Subscriber objects cannot be parent Subscribers. If an External Subscriber has a parent Subscriber, both the External Subscriber’s and parent Subscriber’s objects must reside in the same tree.

External Subscriber Requirements

If a target server’s Subscriber object is in a different tree from the Distributor object of the server that sends it a Distribution, that target server must be represented by an External Subscriber object in the Distributor’s tree.

Because Tiered Electronic Distribution uses IP addresses or DNS names to locate servers, Subscriber objects can be in a different tree than those servers’ NCP objects.

An External Subscriber must be subscribed to the Channel that lists the Distributions needed by its associated Subscriber.

The server receiving a Distribution via an External Subscriber must have the Subscriber software installed on it so it can receive and extract the Distribution. It is not required to have a Subscriber object in any tree, such as if it is a Windows server in a domain (see Subscriber Software Configuration and Trusted Trees and The Tednode.properties File Requirement).

The External Subscriber Object’s Properties

The External Subscriber object properties contain only the following:

  • IP address or DNS name of the Subscriber server in a different tree or a domain (required)

    This is the ID of the Subscriber server in one tree that is to receive a Distribution from a Distributor in another tree (the tree where the External Subscriber object resides).

  • The Channels it is subscribed to (required)

    This is for identifying which Distributions need to be sent to the Subscriber server in the other tree.

  • Membership in a Subscriber Group (optional)

    You can use this for subscribing the External Subscriber to the Channels subscribed to by the group.

  • Context of a parent Subscriber in the External Subscriber’s own tree (optional)

    A parent Subscriber is usually in the Distributor’s distribution hierarchy.

    If used, the parent Subscriber does the physical work in sending the Distribution file to the server in the other tree. Otherwise, the Distributor server sends the Distribution directly to the Subscriber server in the other tree.

Subscriber Software Configuration and Trusted Trees

Subscribers can be configured by a Distributor, but External Subscribers cannot. External Subscribers are just objects identifying a server. However, a Subscriber server identified by an External Subscriber object must have a Tiered Electronic Distribution configuration in order to receive the Distributions via the External Subscriber object.

Using the External Subscriber object brings up the need to understand trusted trees:

The Reason for Trusted Trees

The following applies to any NetWare or Windows server, whether it has an NCP server object in an eDirectory tree or a server object in a Microsoft domain:

  • During installation, the server can have both a Subscriber object created for it and the Subscriber software installed to it

  • During installation, the server can have only the Subscriber software installed to it (no Subscriber object is created)

  • During installation, you should identify the trusted tree of any server that does not have a Subscriber object created for it

Identifying a trusted tree has two purposes:

  • To locate a Distributor that can update the Subscriber’s Tiered Electronic Distribution configuration information

  • To indicate which tree to accept policies from

A Subscriber server’s Tiered Electronic Distribution configuration information is stored in eDirectory in its Subscriber object (which the Distributor reads), and in a ted.cfg file in the Subscriber server’s file system (which the Subscriber reads). A Distributor server sending the configuration information must have its Distributor object in the same tree as the Subscriber object that it is configuring.

A Subscriber server can receive its Subscriber software configuration only from a Distributor in its trusted tree. The trusted tree is where the server’s Subscriber object and that Distributor object both reside. This is not the tree where an associated External Subscriber object resides, and it doesn’t matter whether it’s the same tree where the server’s NCP object resides.

A Subscriber server that does not have a Subscriber object in any tree (such as a Windows server in a Microsoft domain), must use its tednode.properties file for its Tiered Electronic Distribution configuration information. This file is created on the server when you installed the Subscriber software. Then it can receive and extract Distributions from a Distributor in another tree (via an External Subscriber object). The extraction process is the time when the trusted tree requirement must be met. For more information, see The Tednode.properties File Requirement.

Determining the Trusted Tree

There are two situations that deal with whether to install Subscriber objects for Subscriber servers:

  • eDirectory server: When you install the Subscriber software to a server whose NCP server object is in another tree, you have one of the following options:

    • You can create the Subscriber object in the Distributor’s tree, which might not be the tree where the Subscriber’s NCP server object resides (the server’s Subscriber and NCP objects do not need to be in the same tree). In this case, you do not need an External Subscriber object for sending Distributions to that Subscriber, because its object is not out-of-tree.

      The Subscriber server’s trusted tree is the same tree where the Distributor object resides. Therefore, it receives its Tiered Electronic Distribution configuration updates from the Distributor in its trusted tree.

    • You can elect to not create a Subscriber object for the server. In this case, you need to use the tednode.properties file to configure that Subscriber server. You also need to use an External Subscriber object to send Distributions to that server.

      In order for this Subscriber to have policies enforced on it, you need to identify its trusted tree, which would be the tree it receives Policy Package Distributions from.

  • Non-eDirectory server: When you install the Subscriber software to a server that is in a Microsoft domain, and therefore does not have an NCP server object in any eDirectory tree, you can create a Subscriber object for this server, but it is not required. If you do not have a Subscriber object, you need to use the tednode.properties file to configure that Subscriber server. You also need to use an External Subscriber object to send Distributions to this server.

    In order for this Subscriber to have policies enforced on it, you need to identify its trusted tree, which would be the tree it receives Policy Package Distributions from.

The File Installation Paths and Options page in the installation program contains the Trusted Tree field. However, this field is only be displayed if you deselect the Create eDirectory Objects check box on the Installation Options page. This causes the installation program to install only software for the selected servers.

You must select a trusted tree for each server where you have selected to install the Subscriber software, or your Policy Package Distributions might not extract on that Subscriber server, because policies point to objects in a tree.

For installation instructions concerning the Trusted Tree field, see the steps in the applicable sections under Installation on NetWare and Windows Servers in the Novell ZENworks 7 Server Management Installation Guide.

The Tednode.properties File Requirement

A tednode.properties file must be used to provide configuration information for the following Subscriber servers:

  • A Subscriber server that has a Subscriber object and has not yet received its first Distribution. After it does, it then uses the ted.cfg file given to it by the Distributor in its trusted tree that is sending that first Distribution, and it no longer uses the tednode.properties file.

    A Subscriber can only be configured by a Distributor server whose object is in the same tree as the Subscriber’s object.

  • A Subscriber server that does not have a Subscriber object in any tree.

    This could be a Windows server in a Microsoft domain where you only installed the Subscriber software without creating the object.

    If you installed the Subscriber software (using the ZENworks 7 Server Management installation program) without creating the Subscriber object, the tednode.properties file was automatically created and configured.

    For more information, see Section 3.13, Editing the Tednode.properties File.

Preventing Trusted Tree Errors for Policy Package Distributions

In order to prevent trusted tree errors when sending a Policy Package Distribution to a Subscriber using an External Subscriber object, you must edit the agentinfo.properties file:

  1. On the server using the External Subscriber object to receive a Policy Package Distribution, locate the agentinfo.properties file, which is in the \zenworks\pds\ted directory.

  2. Open the agentinfo.properties file in a text editor.

  3. Add the following lines in the file:

    TRUSTED_TREE=source_tree_name TRUSTED_TDN=External_Subscriber_DN

    where source_tree_name is the tree where the Distributor object resides that is sending the Policy Package Distribution, and External_Subscriber_DN is the fully-distinguished name of the External Subscriber object receiving the Distribution.

  4. Save the agentinfo.properties file and exit the text editor.

  5. When ready, send the Policy Package Distribution to the External Subscriber.

Scheduling

The External Subscriber object is not scheduled.

3.8.2 Using External Subscribers for Out-of-Tree Distributions

Review the following sections to understand how to use External Subscribers for out-of-tree distributions:

External Subscriber, One Distributor, and One Tree

After you install Policy and Distribution Services software to your servers, you can send Distributions to a server that does not have a Subscriber object in any tree using the External Subscriber object.

The Tiered Electronic Distribution configuration illustrated in Figure 3-32 might exist for the Distributor’s routing of its Distributions through External Subscribers:

Figure 3-32 Distribution Flow in One Tree

In this example, Server_2 does not have a Subscriber object in any tree. It has only the Subscriber software installed on it so that it can receive and extract Distributions. It can be a NetWare server with an NCP server object in any tree, or a Windows server in a Microsoft domain.

To send a Distribution from Distributor_A to Server_2, create an External Subscriber object in Tree_A and list Server_2’s IP address or DNS name in the External Subscriber object’s properties.

The eDirectory Distribution View

From an eDirectory perspective, the Distribution is sent from the Distributor object to the External Subscriber object, which in turn sends it to Server_2. You can use a parent Subscriber in Tree_A (not shown) where you do not want the Distributor to be directly sending its Distributions to Server_2.

The Actual Distribution Process

From a topology perspective, the Distribution file is sent from Server_1 to Server_2, using the IP address or DNS name of Server_2 that is located in the External Subscriber object’s properties.

Configuring the Subscriber Server

Server_2 receives its Tiered Electronic Distribution configuration information from the tednode.properties file installed on its server when the Subscriber software was installed there. Because there is no Subscriber object to configure, you need to edit Server_2’s tednode.properties file in order to make configuration changes. For information on editing the tednode.properties file, see Section 3.13, Editing the Tednode.properties File.

The Subscriber Server’s Trusted Tree

In order for Server_2 to have policies enforced on it, Tree_A needs to be established as its trusted tree during installation of the Subscriber software to the server. For the installation steps, see Installation on NetWare and Windows Servers in the Novell ZENworks 7 Server Management Installation Guide.

External Subscriber, Multiple Distributors, and Multiple Trees

After you install Policy and Distribution Services software to your servers in multiple trees, you can send Distributions between trees using the External Subscriber object.

The Tiered Electronic Distribution configuration illustrated in Figure 3-33 might exist for the Distributor’s routing of its Distributions through External Subscribers:

Figure 3-33 Distrbution Flow in Two Trees

In this example, Server_3 has a Subscriber object in Tree_B.

To send a Distribution from Distributor_A to Server_3, you create an External Subscriber object in Tree_A and list Server_3’s IP address or DNS name in the External Subscriber object’s properties.

The eDirectory Distribution View

From an eDirectory perspective, the Distribution is sent from Distributor_A to the External Subscriber object, which in turn sends it to Server_3. You can use a parent Subscriber in Tree_A (not shown) where you do not want Distributor_A to be directly sending its Distributions to Server_3.

The Actual Distribution Process

From a topology perspective, the Distribution file is sent from Server_1 to Server_3, using the IP address or DNS name of Server_3 that is located in the External Subscriber object’s properties.

Subscriber Server_3’s Trusted Tree and Its Tiered Electronic Distribution Configuration

Each tree has a Distributor that provides configuration information for the Subscriber servers in its own tree.

Server_3 receives its Tiered Electronic Distribution configuration information from Distributor_B, because Tree_B was set as Server_3’s trusted tree when it was made a Subscriber using the installation program. However, Server_3 cannot extract a Distribution from Distributor_A until it has been configured by Distributor_B, which is done the first time the Subscriber receives a Distribution from Distributor_B.

3.8.3 Creating and Configuring External Subscribers

You can create External Subscriber objects for sending Distributions to Subscriber servers with Subscriber objects residing on other trees or to Subscriber servers that do not have a Subscriber object in any tree.

The following sections provide steps to create and configure an External Subscriber:

Creating an External Subscriber Object

  1. In ConsoleOne, select the container to hold the External Subscriber object, click File > New > Object, then select TED External Subscriber.

  2. Provide a name for the External Subscriber object.

    Make the name unique to help identify the server from the other tree.

  3. Provide the server’s TCP/IP address or DNS name, then click OK.

    This must be a valid TCP/IP address or fully distinguished DNS name.

  4. Continue with Configuring the External Subscriber Object.

Configuring the External Subscriber Object

  1. In ConsoleOne, right-click an External Subscriber object, then click Properties.

  2. Click General > Settings and fill in the Setting fields:

    Use policy: Select this check box if you want to use the values set in the Tiered Electronic Distribution policy that is being enforced on the External Subscriber’s server.

    If you select this option, the Parent Subscriber field is dimmed and the policy settings are used instead.

    Parent Subscriber: Specifies a parent Subscriber from which all Distributions are received.

    Because the routing hierarchy in a Distributor object’s properties only accounts for parent Subscribers, this field is where you can connect an end-node Subscriber to the routing hierarchy. These end-node Subscribers (which in this case are External Subscribers) cannot be used to pass Distributions to other Subscribers.

  3. Select the Network Address tab and verify the IP address of the External Subscriber’s server.

    IP address: You provided this IP address when you created the object. Verify that it is correct.

  4. Select the Channels tab and fill in the fields:

    • Channels this Subscriber is subscribed to  

      Lists the Channels the External Subscriber is subscribed to.

      Active: To activate a Channel for this External Subscriber so it can receive the Channel’s Distributions, select a Channel, then select the check box to enable it. To deactivate a Channel so that the External Subscriber does not receive the Channel’s Distributions, deselect the check box to disable it.

      Channel: Click Add to create a Channel. Click Details to edit a Channel.

    • Channels subscribed to through Subscriber Group memberships  

      Lists the Subscriber Groups that the External Subscriber is a member of, paired with which Channels the External Subscriber is subscribed to by virtue of membership in a Subscriber Group.

      These columns are for display only. The Details, Add, and Delete buttons do not apply.

      Active: Indicates whether the Channel subscribed to is active.

      Channel: Displays the Channel subscribed to through membership in a group.

      Subscriber Groups: Displays the groups the External Subscriber is a member of. You can sort the listing by clicking the column heading.

  5. To include this External Subscriber in a group, click Group Membership, click Add, browse for a Subscriber Group object, click Select, then click OK.

  6. When you are finished configuring the External Subscriber object, click OK to exit the object’s properties.