5.1 Installing the Policy Distribution Service

You can install the Policy Distribution Service to a server that is inside of or outside of your firewall. In general, if you have users outside the firewall who require access to policy updates, you should install the service outside the firewall; otherwise, users need to use a VPN connection to access the service inside the firewall.

To install the Policy Distribution Service:

  1. Make sure the server meets the system requirements (see Section 2.2.1, Server Requirements).

  2. Make sure that you have completed all installation preparation tasks (see Section 3.0, Preparing for Installation).

  3. At the server, insert the ZENworks® Endpoint Security Management disk to run the Master Installer.

    The Master Installer is a set of browser-based screens that helps you launch the setup programs for the various ZENworks Endpoint Security Management components.

    If the Master Installer does not auto-run, double-click default.htm at the root of the disk.

  4. Click the language you want to use for the text displayed on the Master Installer pages.

  5. Click Distributed Setup.

  6. Click ZENworks Policy Distribution Service to launch the installation program.

    The installation program verifies that all required software is installed on the server. If any software is absent, it is installed automatically before the installation continues. During this process, you might need to accept the license agreements for the additional software.

    If Microsoft Data Access Components (MDAC) 2.8 is installed, the server must reboot. You will need to restart the installation program after the reboot.

  7. Select the language you want to use for the installation program, then click OK.

  8. The installation program attempts to detect a local SQL Server. If the installation program does not detect a local SQL Server, the following dialog box is displayed:

    Take one of the following actions:

    • If MS SQL Server 2000 is installed locally on the server, make sure that the SQL Server is running, then click No.

    • If you are using remote MS SQL Server 2000, click Yes.

    • If you are using MS SQL Server 2005 or 2008, either locally or remotely, click Yes.

  9. Complete the installation, using information from the following table. Each row of the table corresponds to one of the installation program screens that requires input.

    Installation Prompt

    Explanation

    Setup type

    Select Typical only for the following installation scenario: 1) MS SQL Server 2000 is installed locally on the server, and 2) you intend to use Novell self-signed certificates (no Microsoft or third-party CA certificates).

    For all other installation scenarios, select Custom.

    SSL certificate

    This option is available only with a Custom installation. A Typical installation automatically uses Novell self-signed certificates.

    An SSL certificate is required for secure communication between the Policy Distribution Service and the Management Service

    If you already have a certificate authority, select Use the existing certificate IIS is configured for. Throughout the rest of the installation instructions, this certificate is referred to as the enterprise certificate.

    If you need a certificate, click Allow Novell to create, install, and use its own self-signed root certificate. The installing program creates the certificate and the signing authority. Throughout the rest of the installation instructions, this certificate is referred to as the Novell self-signed certificate.

    SQL Server hosting the Policy Distribution Service database

    The installation program attempts to detect and list any physical servers on the network that have SQL Servers installed. Only the physical server name is listed. However, you need to provide both the physical server name and the SQL Server name (default instance or named instance). For example, if the physical server name is SERVER1 and the named instance of the SQL Server is SQL2008, you would enter:

    SERVER1\SQL2008

    If the SQL Server is using the default instance, you would enter:

    SERVER1\MSSQLSERVER

    In addition, you need to provide the username and password for a database account that has SysAdmin rights. The default is the sa account. The installation program uses the account to create the database and a user account for the Policy Distribution Service.

    After you enter the information and click OK, you might receive a message stating that the administrator password cannot be verified because OSQL is not installed. Click OK to dismiss the message. The password is verified later after the installation program installs OSQL.

    Policy Distribution Service database name

    If you do not want to use the default name (STDSDB) assigned to the Policy Distribution database, specify a new name that contains only letters and numbers and conforms to your SQL Server database naming conventions.

    Policy Distribution Service account username and password

    The installation program creates an SQL user account (DS_STDSDB_USER) that the Policy Distribution Service uses to access the database. You cannot change the account name.

    Specify a password for the account. Make sure that the password meets the password requirements for your SQL Server (for example, if you require strong passwords, make sure to specify a strong password).

    We recommend that you do not use special characters in the password. However, if you do, the special characters are changed in the configuration files. For example, an @ is changed to an A. The communication between the service and the database works as expected. However, when you troubleshoot with OSQL, you must use the configuration file password, not the one you specified with special characters.

    Server name

    Specify either the local name or fully qualified domain name of the physical server. The name you enter must match the name used in the server’s SSL certificate.

    Data File Group Folder

    The Policy Distribution database has a set of data files associated with it. By default, the data files are installed to the SQL Server’s DATA directory. If you have another location where you keep your data files, select that location instead.

    Index File Group Folder

    The Policy Distribution database has a set of index files associated with it. By default, the index files are installed to the SQL Server’s DATA directory. If you have another location where you keep your index files, select that location instead.

    Log File Group Folder

    The Policy Distribution database has a set of log files associated with it. By default, the log files are installed to the SQL Server’s DATA directory. If you have another location where you keep your log files, select that location instead.

    ESM Setup Files Folder

    The installation program creates a Setup.ID file required by the Management Service installation program. If you are using a Novell self-signed certificate, it also creates the ESM-DS.cer file.

    By default, these files are saved to an ESM Setup Files folder on the server desktop. If desired, you can specify a different folder.

    Before installing the Management Service, you need to manually copy the ESM Setup Files folder to its server. If you used an enterprise certificate (rather than a Novell self-signed certificate), you need to place a copy of that certificate in the folder.

  10. When the installation is complete, the Policy Distribution Service starts. Continue with the next section, Installing the Management Service.