The Remote Management settings are rules that determine the behavior or the execution of the Remote Management service on the managed device. The settings include configuration for the ports, session settings, and performance settings during the remote session. These settings can be applied at zone, folder, and device levels.
The following sections provide information on configuring the Remote Management settings at the different levels:
By default, the Remote Management settings configured at the zone level apply to all the managed devices.
In ZENworks Control Center, click
.In the Management Zone Settings panel, click
, then click .Select
and specify the port to enable the Remote Management service to run on that port.By default, the Remote Management service listens on port number 5950.
Select the Session Settings options:
Field |
Details |
---|---|
|
Enables the Remote Management service to look up for the DNS name of the management console at the start of the remote session. The name is saved in the audit logs and is displayed as a part of the session information during the remote sessions. If this option is not selected or the Remote Management service is unable to find the console name, then the console name is displayed as .If your network does not have reverse DNS lookup enabled, then we recommend that you disable this setting to prevent a significant delay in starting the remote session. |
|
Enables a remote operator to remotely manage a device when the policy allows the remote operation but no user has logged in to the device. This option is selected by default. |
Select from the following options for improving the performance of a remote session:
Field |
Details |
---|---|
|
Suppresses the wallpaper on the managed device during a remote session. This prevents the bitmap data of wallpaper from being repeatedly sent to the Remote Management console and thereby enhances the performance of the remote session. |
|
Enables the optimization driver, which is installed by default on every managed device. If you select this option, only the changed portion of the screen on the managed device is captured and updated on the Remote Management console during the remote session, thereby enhancing the performance of the remote session. |
(Optional) Configure a remote management proxy to perform remote operations on the managed device.
If the managed device is on a private network or is on the other side of a firewall or router that is using NAT (Network Address Translation), the remote management operation of the device can be routed through a remote management proxy. You must install the proxy separately. For information on installing the remote management proxy, see Section 2.5.1, Installing a Remote Management Proxy.
Task |
Details |
---|---|
Add a remote management proxy |
|
Delete a remote management proxy |
|
(Optional) Configure an application to be launched on the managed device during the Remote Diagnostics session by adding it to the
list. By default, the list includes the following applications:System Information
Computer Management
Services
Registry Editor
The following table lists the tasks that you can perform to customize the
list:
Task |
Details |
---|---|
Add an application |
|
Delete an application |
|
Revert to default applications |
|
Click
, then click .These changes are effective on the device, when the device is refreshed.
By default, the Remote Management settings configured at the zone level are applied to all the managed devices. However, you can modify these settings for the devices within a folder:
In ZENworks Control Center, click
.Click the folder (details) for which you want to configure the Remote Management settings.
Click
, then click .Click
.Edit the Remote Management settings as required.
To apply the changes, click
or
To revert to the system settings configured at the zone level, click
.Click
.These changes are effective on the device, when the device is refreshed.
By default, the Remote Management settings configured at the zone level are applied to all the managed devices. However, you can modify these settings for the managed device:
In ZENworks Control Center, click
.Click
or to display the list of managed devices.Click the device for which you want to configure the Remote Management settings.
Click
, then click .Click
.Edit the Remote Management settings as required.
To apply the changes, click
or
To revert to the previously configured system settings on the device, click
.If the Remote Management settings on the device were configured at the folder level, the settings revert to the configured folder level settings; otherwise, they revert to the default zone level settings.
Click
.These changes are effective on the device, when the device is refreshed.
The Remote Management policy lets you configure the behavior or execution of a Remote Management session on the managed device. The policy includes settings for Remote Management operations such as Remote Control, Remote View, Remote Execute, Remote Diagnostics, and File Transfer, and also allows you to control settings for security.
By default, a secure Remote Management policy is created on the managed device when the ZENworks Adaptive Agent is deployed with the Remote Management component on the device. You can use the default policy to remotely manage a device. To override the default policy, you can explicitly create a Remote Management policy for the device.
In ZENworks Control Center, click the
tab.In the
list, click , then click to display the Select Policy Type page.Select
, click to display the Define Details page, then fill in the fields:Policy Name: Provide a unique name for the policy. The policy name must be different than the name of any other item (group, folder, and so forth) that resides in the same folder.
Folder: Type the name or browse to the ZENworks Control Center folder where you want the policy to reside. The default is /policies, but you can create additional folders to organize your policies.
Description: Provide a short description of the policy’s content. This description displays in the summary page of the policy in ZENworks Control Center.
Click
to display the Remote Management General Settings page. To accept the default settings, proceed to the next step, or use the information specified in the following table to change the default settings.
Field |
Details |
---|---|
|
Enables the user on the managed device to request a remote operator to perform a remote session. The remote operator must ensure that the Remote Management Listener is running. |
|
Terminates an ongoing remote session when permission is required from a new user who has logged into a remotely managed device. |
|
Allows the user on the managed device to view the audit information for remote sessions from the ZENworks icon. |
|
Allows the user on the managed device to view the properties associated with the Remote Management policy in the ZENworks icon. |
|
To edit the message displayed to the user on the managed device before starting a remote session:
|
|
To restore the default message:
|
|
To add a Remote Listener:
|
|
To delete a Remote Listener:
|
Click
to display the Remote Control Settings page. To accept the default settings, proceed to the next step, or use the information specified in the following table to change the default settings.
Field |
Details |
---|---|
|
Allows Remote Control sessions on the managed device. Selecting this option enables the subsequent options on the page. Deselecting the option disables the Remote Control operation on the device. |
|
Allows you to request permission from the user on the managed device before starting a Remote Control session. |
|
Displays a visible signal in the top right corner of the managed device desktop during the Remote Control session. The visible signal lets the user on the managed device know that a Remote Control session is in progress. |
|
Generates a beep on the managed device during a Remote Control session. The beep is generated periodically after the specified number of seconds. |
|
Enables blanking of the screen of the managed device during a Remote Control session. Selecting this option also locks the keyboard and the mouse controls of the managed device. |
|
Enables locking of the managed device mouse and keyboard during a Remote Control session. |
|
Enables the unlocking of a password-protected screen saver from the Remote Control Viewer before the start of a Remote Control session on the managed device. |
|
Terminates a Remote Control session on the managed device if it has been inactive for the specified duration. |
Click
to display the Remote View Settings page. To accept the default settings, proceed to the next step, or use the information specified in the following table to change the default settings.
Field |
Details |
---|---|
|
Allows Remote View sessions on the managed device. Selecting this option enables the subsequent options on the page. Deselecting the option disables the Remote View operation on the device. |
|
Allows you to request permission from the user on the managed device before starting a Remote View session. |
|
Displays a visible signal in the top right corner of the managed device desktop during the Remote View session.The visible signal lets the user on the managed device know that a Remote View session is in progress. |
|
Generates a beep on the managed device during the Remote View session. The beep is generated periodically after the specified number of seconds. |
Click
to display the Remote Diagnostics Settings page. To accept the default settings, proceed to the next step, or use the information specified in the following table to change the default settings.
Field |
Details |
---|---|
|
Allows Remote Diagnostics sessions on the managed device. Selecting this option enables the subsequent options on the page. Deselecting the option disables the Remote Diagnostics operation on the device. |
|
Ensures that the remote operator requests permission from the user on the managed device before starting a Remote Diagnostics session. |
|
Displays a visible signal in the top right corner of the managed device desktop during the Remote Diagnostics session.The visible signal lets the user on the managed device know that a Remote Diagnostics session is in progress. |
|
Generate a beep on the managed device during the Remote Diagnostics session. The beep is generated periodically after the specified number of seconds. |
|
Enables blanking of the screen of the managed device during a Remote Diagnostics session. The managed device keyboard and mouse are always locked during a Remote Diagnostics session. Selecting this option also disables the visible signal on the managed device. |
|
Displays a warning message on the managed device at the start of the Remote Diagnostics session, reminding the user to save all existing applications. This warning message is displayed for the specified duration to prevent the user from losing any unsaved data, because the remote operator might initiate a system reboot during the Remote Diagnostics session. |
|
Terminates the Remote Diagnostics session if it is inactive for the specified duration. |
Click
to display the Remote Execute Settings page. To accept the default settings, proceed to the next step, or use the information specified in the following table to change the default settings.
Field |
Details |
---|---|
|
Allows programs to be executed remotely on the managed device. Selecting this option enables the subsequent options on the page. Deselecting the option disables the Remote Execute operation on the device. |
|
Ensures that the remote operator requests permission from the user on the managed device before starting a Remote Execute session. |
|
Displays a visible signal in the top right corner of the managed device desktop during the Remote Execute session. The visible signal lets the user on the managed device know that a Remote Execute session is in progress. |
|
Terminates the Remote Execute session if it is inactive for the specified duration. |
Click
to display the File Transfer Settings page. To accept the default settings, proceed to the next step, or use the information specified in the following table to change the default security settings.
Field |
Details |
---|---|
|
Enables transfer of files between the management console and the managed device. Selecting this option enables the subsequent options on the page. Deselecting the option disables the File Transfer operation on the device |
|
Ensures that the remote operator requests permission from the user on the managed device before starting a File Transfer session. |
|
Displays a visible signal in the top right corner of the managed device desktop during the File Transfer session. The visible signal lets the user on the managed device know that a File Transfer session is in progress. |
|
Allows a remote operator to open files on the managed device and transfer them to the management console. If this option is not selected, the remote operator can only transfer files from the management console to the managed device. |
|
Specify the managed device directory to be seen by the remote operator during a File Transfer session. The remote operator can only transfer files to and from this directory and its subdirectories. The default directory is My Computer, which means that the remote operator can see and transfer files in the entire file system of the managed device. |
Click
to display the Security Settings page. To accept the default settings, proceed to the next step, or use the information specified in the following table to change the default security settings.
Field |
Details |
---|---|
|
Allows the remote operator to use a password to authenticate to the managed device. Select this option to configure the password type settings. |
|
Allows you to specify the minimum length for the password. By default, it is 6 characters. |
|
Select this option to prompt the user on the managed device to set a password before the start of a new remote session. This option is recommended because the password is not stored on the managed device and is valid only for the current session. |
|
Select this option to set the ZENworks and VNC passwords. Setting the ZENworks Password is recommended because it is safer and more secure than the VNC Password. This password can be set by the administrator through the Remote Management policy or by the managed device user from the ZENworks icon. Selecting this option enables the subsequent options. To enable the user to set the password through the ZENworks icon, select the option. |
|
To clear the ZENworks password:
To set the ZENworks password:
|
|
To clear the VNC password:
To set the VNC password:
|
Field |
Details |
---|---|
|
Select this option to enable the detection of invalid or unauthorized attempts to launch a remote session on the managed device. Selecting this option enables the subsequent options in the Intruder Detection section. |
|
Specify the maximum number of consecutive invalid attempts a remote operator can make before the Remote Management service on the managed device is blocked. By default, it is five attempts. |
|
Specify the time in minutes after which the Remote Management Agent automatically accepts a connection to the managed device. To manually unblock the Remote Management service, double-click the ZENworks Adaptive Agent icon, click , then click By default, it is 10 minutes. |
Field |
Details |
---|---|
|
Enables session encryption using SSL encryption (TLSv1 protocol). Selecting this option enables the subsequent options in the Session Security section. |
|
When a remote session is launched from the ZENworks Control Center, a certificate is automatically generated for a remote operator. This certificate is used during authentication. Select this option to allow connections from a Remote Management console launched outside ZENworks Control Center that might not have an SSL certificate. |
|
The Novell rights-based and password-based authentication schemes are played over an SSL encrypted channel. The establishment of this channel requires the viewer to present a certificate. This certificate can be signed by an intermediate or a root certificate authority, thereby creating a certificate chain. This property defines the maximum number of levels that are allowed in the viewer's certificate chain. When the ZENworks internal certificate authority is employed (it is installed by default), a two-level viewer certificate chain is automatically created while launching a remote session from ZENworks Control Center. |
Field |
Details |
---|---|
|
Locks the managed device when the remote session is terminated abnormally. |
|
Logs off the user on the managed device when the remote session is terminated abnormally. |
Click
to display the Summary page.Click
to create the policy now, or select to specify additional information, such as policy assignment, enforcement, status, and which group the policy is a member of.You can assign rights to a Remote Operator to perform remote sessions on the managed device. The Remote Operator can have device-specific rights as well as user-specific rights.
In ZENworks Control Center, click
In the Administrators panel, click the name of the administrator to whom you want to assign the Remote Management rights.
In the Assigned Rights panel, click
, then click to display the Remote Management Rights dialog box.Select the device or the user to assign the rights.
The following table contains information on the Remote Management rights:
Remote Management Rights |
Details |
---|---|
Remote Control |
Assign the remote operator the rights to remotely control devices |
Remote View |
Assign the remote operator the rights to remotely view devices |
Remote Diagnostics |
Assign the remote operator the rights to remotely diagnose devices. |
Remote Execute |
Assign the remote operator the rights to remotely execute applications on devices. |
Transfer Files |
Assign the remote operator the rights to transfer files to or from devices. |
Unblock Remote Management Service |
Assign the remote operator the rights to unblock the Remote Management Service that has been locked due to intruder detection. |
NOTE:The Remote Management rights are applicable only for Rights based authentication. However, the remote operator can perform the Remote Management operation using Password based authentication if the Remote Management policy allows.
Click
The following sections provide information on configuring the Remote Management password for the Remote Management service on the managed device:
The Administrator can set a Remote Management password in the Security Settings page while creating a Remote Management policy or after creating the policy.
If you want to set the password while creating the Remote Management policy, see Section 2.1.2, Creating the Remote Management Policy
.
To edit the password set in the Remote Management policy:
In ZENworks Control Center, click
.Click the Remote Management policy, then click the
tab.In the Security Settings panel, select the password and replace it with the new password.
Click
Increment the version of this policy in the Summary page or in the Common Tasks to update the changes in the passwords on the managed device.
If you want to set the password after creating the Remote Management policy:
In ZENworks Control Center, click
.Click the Remote Management policy, then click the
tab.In the Security Settings panel, select
then select .Click
and specify the password. If you have already set the password while creating the Remote Management policy, then you can edit the password. To edit the password, select the password and replace it with the new password.Click
Increment the version of this policy in the Summary page or in the Common Tasks to update the changes in the passwords on the managed device.
The user at the managed device can set a password for the Remote Management service if the
option is enabled in the Remote Management policy effective on the managed device. This password has precedence over the password set in the Remote Management policy.To set a password on the managed device:
Double-click the
icon to display the ZENworks Adaptive Agent window.In the left pane, navigate to
, then click .In the right pane, click
to set the following passwords:ZENworks password (Recommended): Used in ZENworks authentication. It can be up to 255 characters long.
VNC password: Used in VNC authentication for interoperability with open source VNC viewers. It can be up to 8 characters long.
Click
To clear the Remote Management password set using the policy:
In ZENworks Control Center, click
.Click the Remote Management policy, then click the
tab.In the Security Settings panel, select
then click .Increment the version of this policy in the Summary page or in the Common Tasks to update the changes in the policy on the managed device.
To clear the Remote Management password set by the managed device user:
In ZENworks Control Center, click
.Click the Remote Management policy, then click the
tab.In the Security Settings panel, deselect the
option, then click .Increment the version of this policy in the Summary page or in the Common Tasks to update the changes in the policy on the managed device.
The user at the managed device can reset the Remote Management password set earlier by him or her.
Double-click the
icon to display the ZENworks Adaptive Agent window.In the left pane, navigate to
, then click .In the right pane, click
to clear the passwords.Click
The password configured in the policy will be effective as there is no password set by the user.
The remote operation can be initiated in the following ways:
In this scenario, the remote session is initiated by the administrator on the management console. The management console is typically placed within an enterprise network and the managed device can be either within or outside the enterprise network. The following illustration depicts a remote session initiated on the managed device from the management console.
Figure 2-1 Console-Initiated Session on a Windows Device
The Remote Management Agent starts automatically when the managed device boots up. A default Remote Management policy is created on the managed device when the device is deployed. You can remotely manage the device using this default policy in rights-based authentication mode only. If you create a new Remote Management policy, the new policy overrides the default policy.
If the ZENworks Management Zone setup is spread across two or more NAT-enabled private networks that are interconnected by a public network, you must deploy DNS_ALG on the gateways of these private networks. DNS_ALG ensures that the DNS lookup queries initiated by the ZENworks components return the correct private address mapped hostname and enables the communication between the management console and the managed devices. For more information on DNS_ALG, refer to DNS ALG RFC - 2694 (http://www.ietf.org/rfc/rfc2694).
If you want to remotely manage a device by using its DNS name, ensure that Dynamic DNS service is deployed in the network.
The remote operator can initiate a session in any of the following ways:
You can initiate the various Remote Management operations from the device context or the user context:
To initiate a Remote Management session on a device
In ZENworks Control Center, click the
tab.Click
or and select the device you want to remotely manage. Click , then select the Remote Management operation you want to perform.or
In
in the left pane, select the Remote Management operation you want to perform.The available remote operations are:
Remote Control: Displays the Remote Management dialog box, which lets you perform the Remote Control, Remote View, or Remote Execute operations on the managed device.
Remote Diagnostics: Displays the Remote Diagnostics dialog box, which lets you perform a Remote Diagnostics operation on the managed device.
Transfer Files: Displays the File Transfer dialog box, which lets you perform a file transfer operation on the managed device.
Fill in the options in the dialog box that displays. The following table contains information on the various options available:
Field |
Details |
---|---|
Device |
Specify the host name or the IP address of the device you want to remotely manage. |
Operation |
Select the type of the remote operation you want to perform on the managed device. This option is available only in the Remote Management dialog box. |
Application |
Select the application you want to launch on the device to remotely diagnose. This option is available only in the Remote Diagnostics dialog box. |
Authentication |
Select the mode you want to use to authenticate to the managed device. The authentication modes are:
|
Port |
Specify the port number on which the Remote Management service is listening. By default, the port number is 5950 |
Session Mode |
Select one of the following modes for the session:
This option is available only in the Remote Management dialog box. |
Session Encryption |
Ensures that the remote session is secured by using SSL encryption (TLSv1 protocol). |
Enable Caching |
Enables caching of the remote management session data to enhance performance. This option is available for Remote Control, Remote View, and Remote Diagnostics operations. This option is currently supported only on Windows. |
Enable Dynamic Bandwidth Optimization |
Enables detection of the available network bandwidth and accordingly adjusts the session settings to enhance performance. This option is available for Remote Control, Remote View, and Remote Diagnostics operations. |
Enable Logging |
Logs session and debug information in the novell-zenworks-vncviewer.txt file. The system saves the file in the install location of the RM viewer if you launch ZENworks Control Center (ZCC) either through Internet Explorer or through Mozilla FireFox. |
Route Through Proxy |
Enables the remote management operation of the managed device to be routed through a remote management proxy. If the managed device is on a private network or is on the other side of a firewall or router that is using NAT (Network Address Translation), the remote management operation of the device can be routed through a remote management proxy. NOTE:The Route Through Proxy option is not yet supported on Linux. Fill in the following fields: Proxy: Specify the DNS name or the IP address of the remote management proxy. By default, the proxy configured in the Proxy Settings panel to perform the remote operation on the device is populated in this field. You can specify a different proxy. Proxy Port: Specify the port number on which the remote management proxy is listening. By default, the port is 5750. NOTE:The Remote Management Audit displays the IP Address of the device that is running the remote management proxy and not the IP address of the management console. |
Route Through Join Proxy |
Enables the remote management operation of the managed device to be routed through a Join Proxy server. If the managed device is on a private network or is on the other side of a firewall or router that is using NAT (Network Address Translation), the remote management operation of the device can be routed through a Join Proxy server. If the managed device you are trying to remotely control is already connected to the Join Proxy, then the Route Through Join Proxy option is selected by default and the values for the Join Proxy and Join Proxy Port options are populated. Join Proxy: If the managed device you are trying to remote control is already connected to the Join Proxy, the DNS name or the IP address of that Join Proxy server is displayed Join Proxy Port: If the managed device you are trying to remote control is already connected to the Join Proxy, the port number on which the Join Proxy server is listening is displayed. When you try to remote control a managed device using Join Proxy, sometimes the configured server might not be available for Join Proxy to update the connection details in the database. In such a context, Join Proxy does not reject the connection of the managed device, but logs a message and allows you to remote control the managed device by manually entering the Join Proxy details in ZENworks Control Center. NOTE:If the Join Proxy IP and Port details are not available in the database for a private network device that is connected to a Join Proxy, you can manually check the option and specify the and values. On the other hand if you are trying to launch remote operation without selecting a device and have manually entered an IP address /DNS name, then you need to enter the address and port of the Join Proxy. |
Use the Following Key Pair for Identification |
If an internal certificate authority (CA) is deployed, the following options are not displayed. If an external CA is deployed, fill in the following fields: Private Key: Click to browse to and select the private key of the remote operator.Certificate: Click to browse to and select the certificate corresponding to the private key. This certificate must be chained to the certificate authority configured for the zone.If the certificate contains section, then the section must contain Client Authentication (1.3.6.1.5.5.7.3.2)NOTE:Microsoft Certificate Services provides a number of certificate templates for issuing a certificate. Some of the certificate templates, such as Web Server, might not have the OID specified by default. If such a certificate is provided during the launch of a remote session, the SSL handshake fails. Consequently, the remote session also fails. So, if you are using Microsoft Certificate Services for issuing a certificate, ensure that the certificate template specifies Client Authentication (1.3.6.1.5.5.7.3.2) in the section.The supported formats for the key and the certificate are DER, PEM, and PFX. If the PFX format is used, both the key and the certificate must be available in the same file. You should provide this file as an input for both the key and the certificate. Enable Cache Path: Enables the primary key and the certificate paths to be cached on the management console. This option is currently supported only on Windows. |
Click
to launch the selected remote operation.If you want to assist a user by performing a remote session on the managed device where he or she has logged in:
In ZENworks Control Center, click the
tab.Click the
.Select the user to remotely manage the device where he or she is logged in.
Click
, then select the Remote Management operation you want to perform.The available operations are:
Remote Control: Displays the Remote Management dialog box, which lets you perform the Remote Control, Remote View, or Remote Execute operations on the managed device.
Remote Diagnostics: Displays the Remote Diagnostics dialog box, which lets you perform a Remote Diagnostics operation on the managed device.
Transfer Files: Displays the File Transfer dialog box, which lets you perform a file transfer operation on the managed device.
Fill in the options in the dialog box that displays. The following table contains information on the various options available:
Field |
Details |
---|---|
Device |
Specify the host name or the IP address of the device you want to remotely manage. |
Operation |
Select the type of the remote operation you want to perform on the managed device. This option is available only in the Remote Management dialog box. |
Application |
Select the application you want to launch on the device to remotely diagnose. This option is available only in the Remote Diagnostics dialog box. |
Authentication |
Select the mode you want to use to authenticate to the managed device. The authentication modes are:
|
Port |
Specify the port number on which the Remote Management service is listening. By default, the port number is 5950 |
Session Mode |
Select one of the following modes for the session:
This option is available only in the Remote Management dialog box. |
Session Encryption |
Ensures that the remote session is secured by using SSL encryption (TLSv1 protocol). |
Enable Caching |
Enables caching of the remote management session data to enhance performance. This option is available for Remote Control, Remote View, and Remote Diagnostics operations. This option is currently supported only on Windows. |
Enable Dynamic Bandwidth Optimization |
Enables detection of the available network bandwidth and accordingly adjusts the session settings to enhance performance. This option is available for Remote Control, Remote View, and Remote Diagnostics operations. |
Enable Logging |
Logs session and debug information in the novell-zenworks-vncviewer.txt file. The system saves the file in the install location of the RM viewer if you launch ZENworks Control Center (ZCC) either through Internet Explorer or through Mozilla FireFox. |
Route Through Proxy |
Enables the remote management operation of the managed device to be routed through a remote management proxy. If the managed device is on a private network or is on the other side of a firewall or router that is using NAT (Network Address Translation), the remote management operation of the device can be routed through a remote management proxy. NOTE:The Route Through Proxy option is not yet supported on Linux. Fill in the following fields: Proxy: Specify the DNS name or the IP address of the remote management proxy. By default, the proxy configured in the Proxy Settings panel to perform the remote operation on the device is populated in this field. You can specify a different proxy. Proxy Port: Specify the port number on which the remote management proxy is listening. By default, the port is 5750. NOTE:The Remote Management Audit displays the IP Address of the device that is running the remote management proxy and not the IP address of the management console. |
Use the Following Key Pair for Identification |
If an internal certificate authority (CA) is deployed, the following options are not displayed. If an external CA is deployed, fill in the following fields: Private Key: Click to browse to and select the private key of the remote operator.Certificate: Click to browse to and select the certificate corresponding to the private key. This certificate must be chained to the certificate authority configured for the zone.If the certificate contains section, then the section must contain Client Authentication (1.3.6.1.5.5.7.3.2)NOTE:Microsoft Certificate Services provides a number of certificate templates for issuing a certificate. Some of the certificate templates, such as Web Server, might not have the OID specified by default. If such a certificate is provided during the launch of a remote session, the SSL handshake fails. Consequently, the remote session also fails. So, if you are using Microsoft Certificate Services for issuing a certificate, ensure that the certificate template specifies Client Authentication (1.3.6.1.5.5.7.3.2) in the section.The supported formats for the key and the certificate are DER, PEM, and PFX. If the PFX format is used, both the key and the certificate must be available in the same file. You should provide this file as an input for both the key and the certificate. Enable Cache Path: Enables the primary key and the certificate paths to be cached on the management console. This option is currently supported only on Windows. |
Click
to launch the selected remote operation.Before starting the remote management operation in standalone mode, install the Remote Management viewer. For information on installing the viewer, see Section 2.4.1, Installing the Remote Management Viewer.
To start the Remote Management Operation in standalone mode:
Double-click the nzrViewer.exe file to launch the ZENworks Remote Management Client.
In the ZENworks Remote Management Connection window that displays, specify the DNS name or the IP address of the managed device and the port number in the format IP address~~Port. For example 10.0.0.0~~1000.
Specify the DNS name or the IP address of the remote management proxy and the port number in one of the following formats:
IP address~~Port. For example 10.0.0.0~~5750.
IP address~Port. For example 10.0.0.0~50.
Click
On successful authentication, the remote session starts. By default, a Remote Control session is launched.
Before you launch a Remote Management operation from the command line, install the Remote Management viewer. For information on installing the viewer, see Section 2.4.1, Installing the Remote Management Viewer.
To start the Remote Management operation by using the command line options:
At the command prompt, change to the directory where the viewer is installed. The viewer is by default installed to the <User_Application_Data_Folder>\Novell\ZENworks\Remote Management\bin directory.
Execute the following command:
nzrViewer [/options <parameters if any>][IP address of the managed device] [~~port]
The default port for the managed device is 5950.
For information on the available command line options, see Command Line Options for Launching a Remote Operation.
Click
On successful authentication, the remote session starts. If you have not specified the type of remote operation in the command line, a Remote Control session is launched by default.
However, starting a Remote Management operation by using the command line options has the following limitations:
If you do not want to specify the key, cert, and CAcert command line options in the nzrViewer command for SSL authentication, ensure that the option in the security settings of the Remote Management policy is enabled. However, this is not recommended because the security of the device is reduced.
If the managed device is a part of the Management Zone, ensure that the certificate presented by the viewer is valid, signed, and chained to the CA, or the SSL authentication fails.
NOTE:When you launch a remote session from ZENworks Control Center (ZCC), the certificate is automatically generated by ZCC and passed to the viewer to launch the session. The certificate is valid for only four days.
The managed device uses the certificate provided by the viewer to identify the remote operator. If the viewer does not provide a certificate, the user is not identified and is recorded as
in the permission message, visible signal, and audit logs.You cannot use a standalone nzrViewer.exe with rights-based authentication to remotely control the managed device. To use the standalone nzrViewer.exe for remote management operations, apply a Remote Management policy with password authentication enabled on the managed device.
In this scenario, the remote session is initiated by the user on the managed device. This is useful if the management console cannot connect to the managed device. The following illustration depicts a remote session initiated by the user at the managed device.
Figure 2-2 Agent-Initiated Session
The user at the managed device can request a remote operator to perform a remote session on the device if:
The remote operator has launched the Remote Management listener to listen to the remote session requests from the user.
The
option is enabled in the Remote Management policy.The port at which the Remote Management listener listens for the remote connections must be opened in the management console firewall. The default port is 5550.
To request a session:
Double-click the ZENworks icon in the notification area.
In the left pane, navigate to
, then click .Click
to display the Request Session dialog box.The ability to request a Remote Management session is controlled by your administrator, which means the option might be disabled, particularly if your company or department does not have dedicated help desk personnel to serve as on-call remote operators. If the
option is not displayed as linked text, the option is disabled.In the
list, select the remote operator you want to open the remote session with.or
If the remote operator is not listed, provide the operator’s connection information in the
fields.In the
field, select the type of operation (Remote Control, Remote View, Remote Diagnostics, File Transfer, or Remote Execute) you want to open.For information about each operation, see Section 1.2, Understanding Remote Management Operations.
Click
to launch the session.If you want to allow connections to be made from a public network into a private network, deploy the DNS Application Level Gateway (DNS_ALG). For more information on DNS_ALG, refer to RFC 2694.
To enable a Remote Management Listener to listen for connections from a managed device:
In ZENworks Control Center, click
.In
in the left pane, click .In the Remote Management Listener dialog box, specify the port to listen for the remote connections. By default, the port number is 5550.
Click
.The ZENworks Remote Management Listener icon appears in the notification area.