Deploying Novell ZENworks for Desktops 4 in a Pure Microsoft Windows Environment
Articles and Tips: article
Software Engineer
Novell, Inc.
bwdayley@novell.com
Ron Tanner
ZENworks Product Manager
Novell, Inc.
rtanner@novell.com
Thanks to DaNae Dayley for her assistance in preparing this material.
01 Jun 2003
ZENworks for Desktops has traditionally been deployed in NetWare networking or mixed NetWare and Windows environments. This AppNote discusses how ZENworks for Desktops can be deployed in a pure Windows environment and walks through the installation steps to set up a trial configuration.
This AppNote is excerpted from the new book entitled Novell's ZENworks for Desktops 4 Administrator's Handbook (Novell Press, ISBN 0-7897-2985-7). To order this and other Novell Press books, visit http://www.novellpress.com.
Topics |
desktop management, network management |
Products |
ZENworks for Desktops 4 |
Audience |
network administrators |
Level |
beginning |
Prerequisite Skills |
familiarity with ZENworks for Desktops 4 |
Operating System |
Windows 2000 |
Tools |
none |
Sample Code |
no |
Introduction
ZENworks for Desktops 4 (ZfD4) can run on a Windows network without a NetWare server. It operates on Windows workstations regardless of the server environment in your network. ZENworks for Desktops 4 will function in any IP network running eDirectory, including Windows 2000/NT, NetWare 6 or NetWare 5.1 server based networks, and mixed environments.
ZENworks for Desktops has traditionally been deployed in NetWare networking or mixed NetWare and Windows environments. The initial versions of ZENworks for Desktops were dependent on many of the features and capabilities that existed only in a NetWare-based LAN. However, as the product has matured, features have evolved, allowing ZENworks for Desktops to provide significant functionality in a non-mixed, pure Windows environment. Everything that you require to run in a pure Windows environment, with the exception of eDirectory, is supplied in the ZENworks for Desktops 4 product.
As depicted in Figure 1, ZENworks can be deployed into an Active Directory Domain and provide all the services in the product through Windows 2000 servers and Internet Information Server (IIS). All administration of user accounts can continue through the domain, whereas administration of applications, desktops, and the like is done using eDirectory as the repository independent of Active Directory, for example.
Figure 1: ZENworks for Desktops operating in a pure Windows environment.
ZENworks ships with other Novell products so you can automatically synchronize your users and passwords between Active Directory (or NT Domains) and the eDirectory ZENworks repository. ZENworks is agent-based and requires no Novell client on the workstations or laptops. It will quietly authenticate in the background to eDirectory and retrieve applications and policies, delivering them to your desktop through a browser, Start menu, window, or desktop icons.
This AppNote discusses how ZENworks for Desktops can be deployed in a pure Windows environment and walks through the installation steps to set up a trial configuration.
ZENworks for Desktops Networking Setup and Requirements
Using Novell's eDirectory and DirXML products enables you to install ZENworks for Desktops into a pure Windows network with minimal requirements on the network side. In fact, the only requirements are that you have a Windows 2000 Server with IIS and SP2 installed in the domain.
In addition to having a Windows 2000 Server with IIS and SP2 installed in the domain, you need to set up the following:
An Active Directory domain
ZENworks for Desktops 4 Server installed on a Windows 2000 Server with eDirectory and DirXML 1.1a and Password Synchronization installed
This server must be in the same domain as the Active Directory Domain Controller, but it should not be the DC.
ZENworks for Desktops 4 Middle Tier installed on a Windows 2000 Server where Microsoft IIS is installed
This server must also be in the same domain as the Active Directory DC. This can also be the same server as the eDirectory and ZfD4 server; however, you should consider keeping the IIS server independent to minimize performance issues.
ZENworks for Desktops 4 Configuration Options
ZENworks for Desktops 4 can run in three modes on the workstation: Application Browser View Agent mode, Full Agent mode, and NetWare client mode. It is assumed that in a pure Windows environment the NetWare client will not be used; therefore, you need to determine which features you need in your network.
Application Browser View Agent Mode. In this mode, a single Application Browser View agent is delivered when the user connects to IIS and opens an application page, provided by ZENworks for Desktops 4. The Web agent is automatically installed on the workstation, provided the user has rights to install local applications.
The Application Browser View agent will only deliver applications to the workstation when the users connect to their personalized application Web page. Dynamic local user account creation, hardware and software inventory, automated imaging services, and remote management capabilities are not included in this agent.
Full Agent Mode. In this mode, the ZENworks for Desktop 4 agent is installed on the workstation. The installation can be done by an administrator, part of an image, or by the user. By installing the ZENworks for Desktop 4 agent, you provide your users with all the capabilities inherent in the product.
Should you need Dynamic Local User account creation on the workstation, you must configure ZENworks for Desktops 4 agent to prompt the user to log into eDirectory prior to the local windows login. When configured, the users are prompted for their eDirectory usernames and passwords (which should be the same as their Active Directory account because they are being synchronized by DirXML). ZENworks will then create a local account on the workstation if one is not present, and then log the user into Windows with the same username and password.
If you do not require Dynamic Local User account creation, ZENworks will silently retrieve the username and password from Windows when the user logs into his workstation. The agents will then connect to eDirectory using the given username and password in order to provide the applications administered to the user.
With the full agents installed on the workstation, you can still choose to only deliver applications through the browser view.
DirXML Engine and Drivers
The DirXML engine is an eDirectory module that enables you to synchronize eDirectory data with any outside data service. The DirXML engine is designed such that it can have several drivers running that describe how output and input is sent between data sources.
The DirXML Driver for Active Directory (included with ZENworks for Desktops 4) is specifically designed to synchronize data between Novell eDirectory and the Microsoft Active Directory directory service. The synchronization is bi-directional; you determine whether information should flow to and from both directories, or whether information should flow only from one directory to the other.
There are many other DirXML Drivers available for other data sources, including PeopleSoft, JDBC, any LDAP directory, Lotus Notes, SAP HR, and WebSphere MQ. Check out http://www.novell.com/dirxml for new drivers.
DirXML's architecture uses a publisher/subscriber model whereby the publisher's responsibility is to place information into eDirectory, whereas the subscriber's job is to reflect changes in eDirectory back into the external, synchronized data source. The behavior of the publisher and subscriber and the attribute mapping is determined by a set of rules that are housed in eDirectory as part of the DirXML driver. DirXML drivers can be customized through XML rules to deliver just about any data configuration desired. See http://www.novell.com/documentation for more details on how DirXML can be configured. Check out the DirXML Novell site (http://www.novell.com/dirxml) to determine how you can customize your installation.
Installing ZENworks for Desktops 4 in a Pure Windows Environment
The following sections walk you through a standard installation of ZENworks for Desktops 4 in a pure Windows environment with Active Directory.
Configuration
For the purposes of developing your own test environment, the configuration used in this AppNote is relatively small. Your systems can include, in fact, many servers for such needs as application execution, terminal services, and so on. This AppNote uses the following network layout:
Windows 2000 server, which is the Active Directory DC
Windows 2000 server, which is the ZENworks server and is where you'll install eDirectory and the ZENworks Middle Tier server
Windows XP Professional Workstation with the full ZENworks agents configured
Windows XP Professional Workstation with the Application Browser View agent
In a more traditional system, you might want to put your ZENworks Middle Tier server onto another Windows 2000 server to provide maximum performance. This is not done here to minimize hardware requirements. Should you decide to put the Middle Tier server on another server, the only requirement for this server is a Windows 2000 Server running IIS with all of the appropriate support packs.
Installing ZENworks for Desktops 4
Now that you understand the network configuration required to install ZENworks for Desktops 4, you can begin the install process. The following sections discuss the pre-installation requirements to check before you begin the ZENworks for Desktops 4 install and how to install ZENworks for Desktops 4 into your pure Windows environment.
Pre-Installation Requirements. Prior to installing ZENworks for Desktops 4, you need to make certain that the required network components are installed and running. The following is a list of components that must already have been installed and functioning:
DA-01-Windows 2000 Server with Active Directory (DA domain) and SP2 installed
DA-02-Windows 2000 Server with Support Pack 2 or greater, IIS, and a member of the DA domain
WKS-01-Windows XP Professional Workstation
WKS-02-Windows XP Professional Workstation
Once you have verified the network components are installed and running, download the following updates and documentation and save them for use during the installation process:
DirXML 1.1a for Windows NT/2000 from http://download.novell.com. Choose DirXML product.
DirXML Password Synchronization for Windows from http://download.novell.com. Choose DirXML Password Synchronization for Windows product. This will download version 1.0.
DirXML Password Synchronization update (PWDSNC1.EXE) from http://download.novell.com/. Enter "pwdsnc1.exe" in the Keyword field.
Print TID# 2962702 from http://support.novell.com to learn how to apply the password synchronization update.
eDirectory 8.7 or higher for Windows NT/2000 from http://download.novell.com. Choose the eDirectory product.
The update DirXML Active Directory driver and utilities found in TID #2964748 at http://support.novell.com (through the Knowledge Base).
ZENworks for Desktops 4 Installation. Perform the following steps to install the ZENworks for Desktops 4 system into the identified environment.
Step One-Getting eDirectory. Download eDirectory and get a license from Novell for it. This is done by performing the following steps:
If you have not already done so, go to http://download.novell.com and choose to download the eDirectory product for the Windows 2000 platform.
Choose eDirectory 8.7 on Windows NT/2000 from the list and download the full installation.
Go to http://www.novell.com/products/edirectory/customer_license.html.
Click the I Accept button on the license agreement.
Select the appropriate eDirectory version from the list of licenses available.
Fill in the contact information. Make sure you put in your correct e-mail address, as your licenses will be sent to that address. Click the Submit button.
A license will be sent to your e-mail address. When received, open the e-mail and save the two files to a floppy disk. (ZENworks for Desktops 4 provides a one-for-one license of eDirectory for Windows.)
Step Two-Getting Updated DirXML Active Directory Drivers. Take the new AD drivers and support tools you downloaded from TID #2964748 and put them on the server in some directory you create (not in ConsoleOne) or onto a floppy disk. These files should include AD-DRIVER.XML, AD-DRIVER_EN.XLF, AD-DRIVER-SCHEMA.LDI, and READDOMAINGUID.EXE.
Step Three-Installing eDirectory. Install eDirectory onto DA-02 by following these steps:
Log onto the DA-02 Windows 2000 server as the administrator and launch the eDirectory execution program, which you downloaded in the pre-installation procedures.
Choose to install both eDirectory and ConsoleOne onto the server. Click Install.
The first step that eDirectory installation performs is the installation of the Novell client. Perform the following steps to install the client:
Choose Yes on the license agreement.
Choose custom installation and click Next.
Verify that only the client is chosen on the modules list. Click Next.
Choose IP only and Remove IPX if present. Click Next.
Choose NDS to instruct the client to default to using NDS connections. Click Next.
Choose Finish.
The eDirectory License Installation will begin automatically. Press Next.
Read the license agreement and click I Accept.
Insert the license disk you made in the previous step.
Select Install License Diskette, A:License and click Next.
Click Close on the licensing installation success dialog box.
The system will now install the NICI cryptography system. Once that is installed, the system will prompt you to reboot.
Remove the floppy disk and click OK on the dialog box requesting to reboot. Once the system is rebooted, eDirectory will complete its installation.
When the system next comes up, you see the client login dialog box. Press <Ctrl>+<Alt>+<Delete>.
Choose "Workstation only" and log in to the system as the administrator. Click OK.
The installation of eDirectory will automatically continue.
On the welcome screen for the installation, click Next.
View the license and click I Accept.
Select the desired languages and click Next.
Accept the default installation path and click Next.
Click Yes on the dialog box to create the new directory that does not exist.
Choose to create a new eDirectory tree. Click Next.
Choose a tree name, context for the DA-02 server, and Admin User object along with the passwords. At the very minimum, you want the server and admin under a container, so append a <dot>containername (where <dot> is a period) after the server name. This AppNote uses "DA" for the container name. So, for example, the tree name would be "DA-TREE". The Server object would be "DA-02-NDS.servers.da", the Admin name would be "admin", and the context would be "da". Click Next.
Accept the HTTP Stack Ports as default, because there will be no conflicting Web ports on this server. Click Next.
Accept the defaults on the Certificate Server Objects wizard page and click Next.
Proceed and create a certificate authority for the tree, clicking OK on the warning dialog box.
Because eDirectory will need to not interfere with the Active Directory that is using the default 389/636 ports, you need to change them. Change the clear text port to 388 and the SSL port to 635, as shown in Figure 2. Uncheck the Require TLS for Simple Bind with Password option. This is necessary in order to allow password synchronization to function. Click Next.
Figure 2: LDAP Ports setting for eDirectory installation.
Accept the default NMAS Login Methods by clicking Next.
Complete the eDirectory installation by clicking Finish.
eDirectory will now perform its installation on the DA-02 server. When completed, click Close on the success dialog box.
Step Four-Creating DirXML Administrator Account in Active Directory. In order to isolate changes that occur with other administrator accounts, Novell recommends that you create a separate account for DirXML with Administrator privileges in Active Directory. To create this account, follow these steps:
Log onto the DA-01 server as administrator of the domain.
Launch the Active Directory Users and Computers MMC by launching Start, Programs, Administrative Tools, Active Directory Users and Computers.
From Active Directory Users and Computers, select the container where you want to add the DirXML administrator user, and then click Create a New User.
Enter the names for the user. For example, enter "Novell" as the first name, "Dirxml" as the last name, and "Novell Dirxml" as the full name. The user login name should be "novelldirxml@da.com". Click Next.
Set the password for the new user. Mark "Password Never Expires" so that a password won't disable the driver unexpectedly. Click Next.
Review the summary, and then click Finish.
In the Tree view, select Builtin, Administrator's properties, Members, Add.
Select the full name of the user you created (Novell Dirxml). Click Add, click OK, and then click OK again.
Close the Active Directory Users and Computers window.
In the Administrative Tools window, select Domain Controller Security Policy.
In the tree view, expand Security Settings, Local Policies, User Rights Assignment.
Set Log On As a Service, Security, Add, Browse.
Select the user you created (Novell Dirxml). Click Add, OK, OK, and then OK again.
Close the Domain Controller Security Policy.
Reboot the system.
Step Five-Installing ConsoleOne. The installation of ConsoleOne will now automatically start. Proceed through the wizard to install ConsoleOne onto the DA-02 server:
Click Next on the welcome screen.
Read the licensing agreement and click I Accept.
Select any additional languages you want to install. Click Next.
Accept the default installation path and click Next.
Accept the default set of components to install and click Next.
Accept the JInfoNet licensing agreement and click Next.
Click Finish on the summary page. ConsoleOne will now install on the server.
Click Close on the successful installation dialog box.
Step Six-Verifying that eDirectory Is Functioning. When ConsoleOne is completed, you need to verify that the tree is up and looks appropriate by performing the following steps:
Right-click the red N in the taskbar and select Login.
Enter user Admin and your password for eDirectory. Click Advanced and fill in the tree name, context of admin, and server, as shown in Figure 3.
Figure 3: Advanced options for the Novell client login window.
Click OK. This should log you into eDirectory.
Verify that you are logged into the tree as Admin by right-clicking the red N in the taskbar and selecting Connections. Verify that you have a resource for the tree and the server and the username of CN=Admin. The authentication state on the server should be Directory Services and the tree should be DA-TREE. Close the dialog box.
Now launch ConsoleOne and see whether the tree is visible and the Admin along with Server objects are present, as shown in Figure 4.
Figure 4: Tree view with Admin user in ConsoleOne.
Create a shortcut on your server for c:\novell\nds\ndscons.exe. NDSConsole enables you to view the state of the eDirectory tree and the services running.
Launch NDSConsole and verify that at least ds.dlm and nldap.dlm are running. You now have an eDirectory tree running on your Windows 2000 server.
Step Seven-Installing DirXML. Now that eDirectory is running, you need to install DirXML so that users can be synchronized between your Active Directory Domain and eDirectory. Install DirXML by performing the following steps:
Log onto the DA-02 Windows 2000 server as the Administrator and into eDirectory as the Admin.
Launch the DirXML 1.1a installation program, downloaded in the pre-installation procedures (nt\install.exe after extraction).
Click Next on the DirXML welcome screen.
Read the licensing agreement and click I Accept.
Choose to install DirXML Engine and Drivers and DirXML Management Utilities on the component installation page, shown in Figure 5. Click Next.
Figure 5: Component options of the DirXML installation.
On the following component page, choose DirXML Engine and the appropriate core driver (DirXML Driver 2.0a for Active Directory). Proceed with the installation by clicking Next.
Verify that the tree is appropriate and enter, or browse to, the Admin user and password. Your Admin username is CN=admin.O=da. Click Next.
Choose ConsoleOne Snapins for DirXML, and DirXML Preconfigured Drivers for additional installation. Click Next.
Deselect all of the preconfigured drivers except the appropriate Active Directory driver. Click Next.
Click Finish on the summary dialog box.
The installation of DirXML will continue. First it will shut down eDirectory and then the installation will proceed.
Click OK on the dialog box warning about the possible conflict with eDirectory and the LDAP system. (You fixed that when you installed eDirectory.)
When it is completed, eDirectory will be brought back up.
On the final dialog box, uncheck "Launch ConsoleOne DirXML Configuration Wizards" and click Close. You'll be launching the configuration wizards at a different time.
You have now installed DirXML. The drivers need to be configured before synchronization will occur, so that's the next step.
Step Eight-Configuring DirXML Drivers. Now that eDirectory and DirXML have been installed on your DA-02 server, you need to configure your DirXML drivers and begin synchronization between your Active Directory Domain and eDirectory. Configure your DirXML drivers by doing the following:
Log in to the DA-02 server as the Administrator and eDirectory as the Admin.
Open a DOS box and execute the readDomainGUID.exe program. Make sure you run the tool from the c:\novell\nds directory. Cut and paste the GUID returned by the tool into a text file for later use.
Launch ConsoleOne.
You need to extend the eDirectory schema to accommodate the new Active Directory driver. This is accomplished by doing the following:
Launch the schema import tool by selecting Wizards, NDS Import/Export from ConsoleOne.
Select Import LDIF file; click Next.
Browse to and select the AD-Driver-Schema.ldif file on your ZENworks floppy. Click Next.
Enter "127.0.0.1" into the Server DNS Name/IP Address field and "388" into the Port field.
Select Authenticated Login and enter your Admin User object and password in the fields. Remember to enter the LDAP version of the Admin username including the container (cn=admin,o=da). Click Next.
Click Finish on the summary screen.
You should get a scrolled output of the import. Verify that the total entries processed are three and that there were no errors.
Click Close.
Create an Organizational Unit (OU) container in the directory under your da organizational container. Call this new OU DirXML. You'll create all of the objects related to DirXML under this container.
If desired, create a user Organizational Unit container under DA.
Select the parent container (DA) of the new DirXML organizational unit, and then choose Wizards, Create a New Application Driver.
On the creation wizard, select "In a New Driver Set". Click Next.
Enter a driver set name, such as ADDriverSet. Browse to and select the DirXML container for the context and the DA-02 server for the server field, as shown in Figure 6. Click Next.
Figure 6: Application driver creation wizard for DirXML configuration.
The wizard will now create the objects for the driver set.
Select "Import Preconfigured Driver" and browse to and select AD-DRIVER.XML on your ZENworks floppy disk. Click Next.
Note: The installation of DirXML places an ADDRIVER.XML file in the system. This will also come up on the list. Make sure you choose the new AD-DRIVER.XML file.
Now you must configure the driver parameters. They are all on the presented wizard page and are visible by using the scroll bar. See Table 1 for a list of fields and their description.
Application Driver Parameters for Configuring DirXML.
FieldDescriptionDriver name
Leave the name of the driver as the default.
Active Directory Account
Enter the domain administrator account you created (novellcirxml@da.com) and the passwords.
Authentication Password
Enter the password for the domain administrator account.
Retype the Password
Re-enter the domain administrator account password.
DNS name of Domain Controller
Enter LDAP://<DNS name of DA-01> into the address of Active Directory Domain controller field. Do not enter an IP address. This would be "LDAP://da-01.da.com".
Domain GUID
Enter the GUID for the domain. You can cut and paste the GUID that you saved in a text file into this field.
Data Flow
Leave this at the default of Bi-Directional.
Active Directory Base Container
Enter the base container in Active Directory. This is the container where you want users to be synchronized with eDirectory (for example, CN=Users,DC=da,DC=com).
eDirectory Base Container
Enter the container where you want your users to be created and synchronized with Active Directory (for example, users.da). You can browse for this container by clicking the Browse button. If you are going to mirror the Active Directory containers, this would be the top container in eDirectory.
Publisher Placement
Choose if you want flat or mirror. If you choose flat, all user objects coming from Active Directory are placed in the same container. If you choose mirror, the User objects and the containers are re-created in eDirectory.
Subscriber Placement
Choose if you want flat or mirror. If you choose flat, all user objects coming from Active Directory are placed in the same container. If you choose mirror, the User objects and the containers are re-created in eDirectory.
Driver Polling Interval
Enter the polling interval you desire. In the lab it should probably be around 1 minute, whereas in production you probably will want it around 15 minutes.
Use Secure Authentication
Leave this at the default of Yes.
Enable PasswordSync
Leave this at the default of Yes.
Install Driver as Remote/Local
Set this to Local.
Remote Host Name and Port
Ignore and leave at the default setting.
Driver Password
Ignore and leave blank.
Retype the password
Ignore and leave blank.
Remote Password
Ignore and leave blank.
Retype the password
Ignore and leave blank.
Click OK.
Click Yes to set the security equivalences of the driver.
Click the Add button. Browse to the admin.da user and add it to the list. Click OK.
Click Yes on the "Novell Recommends You Identify All Objects that Represent Administrative Roles" dialog box.
Click the Add button and browse to and select all users who are administrators of eDirectory. This will prevent them from being created in the Active Directory domain and synchronized. Click OK.
Click Finish on the summary page to complete the wizard.
Before you can get the DirXML driver running, you need to install the Password Synchronization software, as described next.
Step Nine-Installing Password Synchronization. Once you have installed eDirectory and DirXML, you need to install Password Synchronization. This enables the User objects that you create in Active Directory, which are automatically created in DirXML, to have the same password as their corresponding user in Active Directory. This is necessary to allow for single-login to both Active Directory and eDirectory when your users log in to their workstations.
You should be aware that password synchronization requires that the platform- specific password policies not be in conflict with each other. Password policies that are in conflict will prevent successful password synchronization. For example, if eDirectory passwords are required to be at least eight characters, whereas Windows passwords have no length requirements, users could create shorter Windows passwords that wouldn't be accepted by eDirectory. In this case, the passwords will not be synchronized. Password synchronization does not override platform policies.
DirXML allows you to generate an initial password for an account based on the account's attributes or other information available through Java services. For instance, you can generate a password based on a user's surname plus a four-digit number. Generating an initial password requires driver customization, but is a great way to manage passwords when provisioning an account through your existing HR toolset.
ConsoleOne lets you set an initial password when creating a user account by marking the Assign NDS Password check box and then selecting the Prompt During Creation radio button. In this case, ConsoleOne sets the password before an account is associated in NT or Active Directory accounts, thus preventing the initial password from being synchronized. Passwords are synchronized only after the first password changes.
To avoid this delay, you can use one of the following methods:
Unmark "Assign NDS Password" during user creation and assign the password later. A brief delay will allow account associations to be completed.
Select "Prompt User on First Login" so that password setting is delayed until the account is actually used.
Microsoft Management Console lets you set an initial password on a user account simply by typing the password at account creation. The password is set before password synchronization can associate an eDirectory account with the Active Directory account, so the password synchronization service cannot update the eDirectory account immediately. However, the service will retry the password update and the account will be properly updated within several minutes.
Install password synchronization on your servers by performing the following steps:
Log in to DA-02 as the Administrator and in to eDirectory as the Admin. Ensure that ConsoleOne is closed.
Launch the installation of password sync that you downloaded from the Novell Web site.
Click Next on the welcome screen.
Read the license and click Yes to accept.
Select both the Password Synchronization Service and PasswordSync Snap-in for ConsoleOne on the component menu. Click Next.
Click Next on the review settings page. The installation will now copy the files to your DA-02 server.
On the Setup dialog box, select the DA domain and browse to the ADDriver object (ADDriver.ADDriverSet.DirXML.da) in eDirectory. Click OK.
Leave the object name as the default. For the Context, verify that it is the DirXML container that you have created. Click OK.
When asked to give the password sync object rights, select the container where your User objects, synchronized from Active Directory, are expected to reside. Make sure you give these rights for every container of users that you are synchronizing. Click OK.
When prompted to put filters on each Domain Controller, click Yes.
You will be given a list of Domain Controllers. Select DA-01 and click Add (as shown in Figure 7).
Figure 7: Password Synchronization Add Filters dialog box.
Note: Adding the DA-01 domain controller will cause DA-01 to be rebooted.
Wait until DA-01 has rebooted and the dialog box shows DA-01 status of Running.
Click Close.
Click Finish.
Follow the instructions in TID #2962702 that you downloaded. This will apply the update of password synchronization that you downloaded. Don't forget to reboot both DA-01 and DA-02 after applying the update.
Step Ten-Finalizing Configuration for DirXML Drivers. Now that you have installed and configured both the DirXML drivers and the PasswordSync driver, you need to finalize the configuration to make these drivers start automatically and function properly. This can be achieved by following these steps:
Log in to DA-02 as the Administrator and to eDirectory as the Admin.
Launch ConsoleOne.
Select the ADDriverSet object under the DirXML container in ConsoleOne and right-click to select Properties.
Select the DirXML, Drivers tab.
Select the ADDriver in the list and click the Start button. Verify that the driver has started by watching the status field change to Running.
Click the Properties button.
Select the Startup Option tab and change the startup to automatic.
Click Apply.
Click Close.
Open NDSCONS.EXE and verify that the dirxml.dlm is running.
Step Eleven-Verifying eDirectory, DirXML, and Password Synchronization. You now need to verify that your eDirectory, DirXML, and password synchroni- zation are working properly in your environment. One way to do this is to create a few users in Active Directory and see whether they are automatically created in eDirectory with the proper passwords.
Log in to DA-01 as the Administrator of the AD Domain.
Launch the Active Directory administration tool and create a test user in Active Directory (for example, TestUser1@da.com).
Log in to DA-02 as the Administrator of the domain and as Admin in eDirectory.
Open ConsoleOne and verify that TestUser1 has been created in the administered container. Remember that you might have to wait for a synchronization cycle to complete before the user will appear in eDirectory.
Log in to eDirectory as that user and verify that the password is the same as was given in Active Directory and that you successfully authenticated to eDirectory. Remember that it might take another synchronization cycle before the password is updated.
For completeness, you can now create a user in eDirectory, using ConsoleOne as Admin, and verify that the user is now in the domain. Log in to the domain as that user with the password you specified in eDirectory. Don't forget to log in to the directory as Admin.
Note: The default synchronization rules will not create an Active Directory user until the full name attribute field is populated in eDirectory. This can be done in the properties of the User object, under the General tab.
Now that eDirectory, DirXML, and password synchronization are working and users are being synchronized, you can proceed to activate your DirXML licenses and then install ZENworks.
Step Twelve-Getting a License for DirXML Drivers. Now that you have DirXML and password synchronization working, you need to receive an activator license to properly license DirXML and the drivers. This can be done with the following steps:
Log in to DA-02 as the Administrator of the domain and as Admin in eDirectory.
Launch ConsoleOne. Browse to and select the DirXML container.
Select Wizards, Create a DirXML Activation Request.
On the welcome screen, browse to and select the DirXML driver set (ADDriverSet.DirXML.da).
Click Next.
Enter your Novell customer ID. Click Next.
Insert your ZENworks floppy disk and store the activator request onto the floppy disk.
Click Next.
Click Finish to exit the activator wizard.
On a machine that has Internet access, launch your browser and go to the Novell activator Web site (http://www.novell.com/activator).
Log in to the Web site with your Novell profile username and password.
Click the Browse button on the Web page and browse to and select the REQUEST.REQ file on the ZENworks floppy disk.
Click Submit at the bottom of the page.
On the Novell Product Activator page, select DirXML Password Synchronization and click Submit. This will generate an activator license for your DirXML 1.1a engine, the Active Directory driver, and the Password Synchronization driver.
You will receive an e-mail with an attached Activation Credential file (<bunch of numbers>.act). Save this file onto your ZENworks floppy disk.
Go back to DA-02 and log in as Administrator of the domain and as Admin in eDirectory.
Launch ConsoleOne. Browse to and select the DirXML container.
Select Wizards, Install a DirXML_Activation.
On the welcome screen, browse to and select the DirXML driver set (ADDriverSet.DirXML.da).
Click Next.
Insert the ZENworks floppy disk into DA-02.
In the "Specify a File ..." field, browse to and select the .ACT file that you saved on your ZENworks floppy disk. Click Open.
Click Next.
On the conclusion page, click View to verify that the activation file installed is considered valid.
Click Cancel.
Click Finish.
You have now completed the installation and activation of eDirectory, DirXML, and password synchronization on your server. Now it is time to install ZENworks on the system.
Step Thirteen-Installing ZENworks for Desktops Server. You are now prepared to install ZENworks for Desktops into your pure Windows environment. This section describes how to install all components of ZENworks for Desktops, although only a small portion is needed based on your desires. ZENworks for Desktops can be broken into five main categories: Policy Management, Application Management, Imaging, Inventory, and Remote Control.
You can also choose for your environment to have Workstation objects in your eDirectory tree. This can impact whether certain features are available. See the ZENworks for Desktop documentation for more information regarding these features (http://www.novell.com/documentation).
Now, you will install the ZENworks for Desktops server onto DA-02, where eDirectory is located. Follow these steps:
Log in to DA-02 as Administrator of the domain and Admin for eDirectory.
Insert the ZENworks for Desktops program CD.
Choose English.
Choose New Installation.
Choose Install ZfD Server. The installation wizard starts.
Read the welcome page. Click Next.
Read the license agreement. Choose Accept and then click Next.
Click Next on the information page.
Browse and select your eDirectory tree you installed on DA-02 (DA-TREE). Make sure the Extend Schema option is checked. Click Next.
Select all of the components of ZENworks for Desktops that you desire. Click Next.
Click Add Server and add DA-02-NDS to the server list. Select all of the appropriate components to install on this server, as shown in Figure 8.
Figure 8: ZENworks for Desktops Server component installation options.
Click Next.
Click Next on the Database file installation path to accept the defaults.
Select Configure Standalone for Inventory. The container should be the same as where your server is located (servers.da). Click Next.
Click Next on the XML Proxy Configuration page to accept the defaults.
Click Next on the Remote Management File installation paths to accept the defaults.
Click Finish in the summary dialog box.
The schema will now be extended in eDirectory. Click OK on the Schema Extended Successfully dialog box.
A dialog box, similar to the one in Figure 9, pops up. It warns you about certain ZfD processes and services that cannot be running. Because this is the first time you have installed ZfD, none should be running. Make sure that you have closed ConsoleOne. Click OK.
Figure 9: The Stop Services warning dialog box lists the services that must be shut down prior to completing the installation.
The ZENworks for Desktop software and services will now begin to install on DA-02.
Click OK on the Please Reboot dialog box.
Click No on the View Log Files dialog box.
Reboot server DA-02 to complete the installation. When DA-02 comes back up, additional installation processes will be activated and completed.
Step Fourteen: Installing ZENworks for Desktops Middle Tier. Now you need to install the ZENworks for Desktop Middle Tier, if you delivered your ZENworks for Desktop features through the browser and over the Internet. You will install ZENworks for Desktops middle-tier server on DA-01, where Internet Information Server (IIS) is present. You need to be aware that the installation of the Middle Tier requires the Novell client already be installed on the server that runs the installation; therefore, you will install the Middle Tier onto DA-01 from DA-02 where the client is already running with eDirectory.
Install the ZENworks Middle Tier by performing the following steps:
Log in to DA-02 as Admin of eDirectory and Administrator of the domain.
Insert the ZENworks for Desktop Program CD.
Choose English.
Choose New Installation.
Choose Install ZfD Middle-Tier Server. The installation wizard launches.
On the welcome screen, click Next.
Read the licenses, and then choose to accept them. Click Next.
On the information screen, click Next.
On the Select Middle Tier Server screen, choose Add Server.
On the Add Server dialog box, choose DA-02. Then click OK.
Back on the Select Middle Tier Server screen, shown in Figure 10, enter the following into the sections devoted to ZfD Middle Tier Server on Windows 2000:
Administrator login name (administrator@da.com) in the Domain Username field.
The Administrator password in the Password and Confirm Password fields.
Entering the primary eDirectory tree information during the Middle Tier Server Installation process.
In the section on Primary eDirectory Tree Information, shown in Figure 10, enter the following:
DNS/IP-Enter the address or DNS name of DA-02
Users context-Enter the context of the eDirectory tree that contains the User objects that will use this Middle Tier
Admin username-Enter the administrator's User object (for example, admin.da) and password
Click Next.
Click Finish on the summary screen.
The ZENworks Middle Tier system will now install.
Click OK on the Please Reboot dialog box.
Click No to not view the log files of the installation.
Reboot DA-02 to complete the installation.
Step Fifteen: Installing ODBC Drivers. Now if you installed inventory onto the ZENworks for Desktops server, you need to be able to run reports and queries against this database. To do this, you must install the ODBC driver for the Sybase database. This can be accomplished by doing the following:
Log in to DA-02 as Admin of eDirectory and Administrator of the domain.
Insert the ZENworks for Desktop Companion CD.
Open the ODBC container on the CD.
Follow the instructions in the README.TXT file on the CD to set up the address of the Sybase and verify that you can make a connection.
Step Sixteen: Installing the ZENworks Management Agents. Now you have a ZENworks for Desktops system running in a Windows-only environment. The next step is to install the ZENworks management agents onto your workstations and begin to use the ZENworks features to manage those devices.
The full agents may be installed on a workstation by running the SETUP.EXE found in \\DA-02\novell\public\zenworks. The Application Viewer agent is automatically installed when the user first goes to the MYAPPS.HTML page on the ZENworks server (http://DA-02.da.com/myapps.html).
If you want to have the Web page install the full agents (approximately 8.5 MB), copy the SETUP.EXE file to the \\da-02\inetpub\wwwroot directory and replace this line in the MYAPPS.HTML:
document.write("codebase=\"http://da-02.da.com:80/ZfdWebSw.exe\"");
with the following line:
document.write("codebase=\"http://da-02.da.com:80/setup.exe\"");
Conclusion
Now that you have completed the installation of ZENworks for Desktops in a pure Windows environment, you can configure and use the features of ZENworks for Desktops in your system. You can also install other ZENworks family products onto this same ZENworks server and have them work in your Windows-only environment. For more information, review the administrator guide found at http://www.novell.com/documentation/lg/zdpr/index.html.
For updates and additional information, refer to the following Web sites:
* Originally published in Novell AppNotes
Disclaimer
The origin of this information may be internal or external to Novell. While Novell makes all reasonable efforts to verify this information, Novell does not make explicit or implied claims to its validity.