Managing Handheld Devices Using Novell ZENworks for Handhelds 5
Articles and Tips: article
01 Jul 2003
Excerpted from the ZfH 5 Evaluation guideand other online documents available at http://www.novell.com/products/zenworks
ZENworks for Handhelds (ZfH) 5 is a directory-enabled systems management package that puts you in control of your mobile workforce and helps you reduce the cost and burden of managing Palm OS and Windows CE handheld devices. This AppNote introduces ZfH 5, describes its features, and provides an architectural overview of the product.
handheld device management, ZENworks for Handhelds, network management
ZENworks for Handhelds 5
familiarity with handheld devices
In a world where accessing information instantaneously is paramount, handheld devices have become the perfect way to stay informed. Yet, the increasing number of these handheld devices leaves network administrators grappling with the problem of managing and securing the handheld user base, with no effective way to do so-until now.
Novell recently acquired Callisto Software, a company specializing in mobile and wireless device management. By integrating Callisto Orbiter with the award-winning family of ZENworks products, Novell has brought ZENworks management capability to handheld devices. The result of this integration is ZENworks for Handhelds (ZfH) 5, which enables Novell to extend the proven value and reliability of its desktop and server management products and offer policy-based management to your growing number of enterprise handheld devices.
ZENworks for Handhelds 5 is a directory-enabled systems management package that puts you in control of your mobile workforce and helps you reduce the cost and burden of managing Palm OS and Windows CE handheld devices. By leveraging Novell eDirectory and ConsoleOne, ZfH 5 helps you to automate and streamline software distribution, collect software and hardware inventory, and provide policy-based management of your enterprise handheld devices.
The Need for Handheld Device Management
Unfortunately, many organizations take a hands-off approach to handheld device management and require handheld users to support themselves. As the base of handheld users grows and as the quantity of mission-critical data on these devices increases, this hands-off approach is no longer viable. Leading analysts predict that by 2004, 60 percent of office workers will be using at least three mobile computing devices: a laptop, a personal digital assistant (PDA), and a smart phone. As more employees depend on handheld devices and the data these devices contain in order to work effectively with customers, partners, and suppliers, organizations must provide the same level of service for these devices and data as they do for other computing platforms.
Your window of opportunity to manage handheld devices is often short because users generally do not leave their devices connected to the network. Therefore, handheld management software must take advantage of the brief times the device is connected to the network. Additionally, the physical characteristics of handheld devices cause management difficulties, including multiple CPU types, small memory footprints, and limited battery life.
The challenge of maintaining handheld devices rivals the difficulty of managing desktops. According to Gartner (http://www.gartner.com), the total cost of ownership (TCO) of a mobile device is more than 50 percent higher than that of a desktop computer. In fact, Gartner estimates that the cost to maintain a handheld device exceeds U.S. $2,600 a year. That is roughly ten times the cost of the device itself. These costs exist because of the difficulty organizations face performing the same support tasks for handheld devices that they perform for desktops, including:
Deploying new handheld devices with standard configurations and applications
Enforcing security and backup policies
Installing and upgrading applications on a routine basis
Restoring applications, data, and user information to a replacement device when a handheld is stolen, lost, or damaged
Providing technical assistance for users
Another challenge organizations must not overlook is the security of corporate data stored on handheld devices. Users often synchronize all types of mission-critical data to their handheld devices, walk out the door without a password configured to protect the device, and don't realize that they are leaving your company at high risk. The security of mission-critical data is exposed when devices are left behind at airports, hotels, and customer sites.
ZENworks for Handhelds Features
ZENworks for Handhelds is the solution to your handheld management challenges. Integrated with the ZENworks family of products through a shared console and Novell eDiredctory, ZfH provides centralized administration for Palm OS and Windows CE devices (including Pocket PCs). With ZfH, you can manage and support handheld devices with automated software and content distribution, hardware and software inventory, and policy management for security, applications, backup, and configuration options.
ZfH supports the following handheld devices:
Palm OS 3.0 or newer
Windows CE 2.11 or newer (including Pocket PCs)
ZfH helps you provide support for the platforms being deployed in your organization today.
Using Policy-Based Management
Policy-based management is new to ZfH 5. The following is a list of available policies in ZfH 5, along with a brief description of each one.
The Handheld Import Policy lets you enable handheld import and configure settings, such as how handheld device objects are named, where they are stored in eDirectory, and which Handheld Group objects you want certain handheld device objects associated with.
The Search Policy lets you specify how far up the tree ZfH will search for effective policies.
The ZfH Application Search Policy lets you specify how far up the tree ZfH will search for Handheld Application objects.
The Palm Configuration Policy lets you configure the following:
General Preferences lets you set preferences for associated Palm OS devices; for example, how long before an idle device turns itself off, whether or not a device stays on when cradled, and more.
Buttons lets you associate different software programs with the buttons on associated Palm OS devices. Also lets you assign a feature users can access when they drag the pen from the writing area to the top of the screen on the Palm OS device. For example, you can select "Turn Off & Lock" to make it easier for users to turn off and lock their Palm OS devices.
Programs lets you specify which software programs are allowed or not allowed on associated Palm OS devices. Programs that are not allowed can be automatically removed from the devices.
The Palm File Retrieval Policy lets you specify files to retrieve from the Palm OS device to copy to a specified location on your network.The File Retrieval policy is a plural policy, meaning it can be added many times to a policy package. You can set up as many File Retrieval policies as required to adequately retrieve important files from the handheld devices in your organization.
The Palm Security Policy lets you ensure that a password is set on the Palm OS device and also lets you configure Auto Lock Configuration. For example, you can specify that the device will lock automatically when the device is powered off.
The WinCE Configuration Policy lets you configure the following:
Buttons lets you associate different software programs with the buttons on the Windows CE device. Also lets you assign another function to a button. For example, you can assign Start Menu to a button on the Windows CE device, making it easier for users to access the Start menu.
Programs lets you specify which programs you want to include on the Start Menu (on a Pocket PC) or on the desktop (on a Handheld PC). Programs that are not allowed can be automatically removed from the Start menu/desktop of the device.
Power lets you specify power settings for associated Windows CE devices. You can specify power settings that will apply to Window CE devices running on internal batteries or on external power.
The WinCE File Retrieval Policy lets you specify source files you want to retrieve from a Windows CE device and copy to a specified destination location on your network.The WinCE File Retrieval policy is a plural policy, meaning it can be added many times to a policy package. You can set up as many File Retrieval policies as required to adequately retrieve important files from the handheld devices in your organization.
The WinCE Security Policy lets you ensure that a password is set on the associated Windows CE device and also lets you configure enhanced security options for Pocket PCs, such as the number of days to allow before a password expires, the number of grace logons permitted before the user must change the password, the minimum number of characters to allow for the password, and whether the password must contain a mix of letters and numbers.
Using Queries and Groups
After handheld devices have registered with ZfH, you can create custom groups to make managing handheld devices easier and use queries to quickly find handheld devices that match criteria specified in the query.
Queries let you quickly find handheld devices that match criteria specified in the query. Using queries, administrators can save time by automatically creating handheld groups populated with handheld devices that have the same attributes, such as a specific processor type, a specific version of an application installed, or a certain amount of RAM on the device.
Placing devices in groups can save you time when scheduling distributions, defining filters, and checking system status. With groups, you can use a single entity to manage multiple devices. ZfH provides two types of user-created groups:
Static Groups. Handheld devices are assigned to the group manually by the administrator or according to the settings specified in the Handheld Import policy.
Query-Based Groups. Handheld devices are automatically placed in a group by ZfH because they meet criteria specified in the query (for example, operating system version, manufacturer, and so forth).
Distributing Software to Handheld Devices
ZfH software distribution allows you to distribute Handheld Application objects to handheld devices as part of software distributions. Handheld Application objects contain collections of files that you want copied to your handheld devices. Handheld Application objects usually consist of applications to install on handheld devices, for example, .PRC files (for Palm OS devices) or CAB files (for Windows CE devices).
For recurring software distributions (distributions that are scheduled to run more than once, for example, weekly), ZfH automatically scans the application's source directories at the scheduled time and includes new or changed files with the software distribution. This allows an administrator to copy new or updated files to the source directory for distribution to handheld devices without needing to create a new Handheld Application object.
For example, you distribute sales data weekly to your sales staff. Each Monday, before sending out the distributions, ZfH scans the application's source directory. If there are any new or changed files added during the previous week, they will be included in that Monday's application distribution. The handheld device will receive only the files that have changed.
To ensure that the handheld device gets the most recent versions or additions to the sales data files, the administrator only needs to copy the new or changed files into the application's source directory; a new application object does not need to be created within ZfH. If the source directory has no changes during the week, the application is not sent (unless new handheld devices have been added to the list of recipients).
Using Inventory and Reports
Managing software and hardware assets is a critical function for most companies. ZfH inventory capabilities capture asset information to support analysis, troubleshooting, and planning.
ZfH lets you collect and view software and hardware inventory information for Palm OS devices and Windows CE devices (including Pocket PCs). Using ZfH, you can do the following:
View software inventory information across all your handheld devices or on a per-device basis to ensure software licensing compliance.
Plan for software and hardware upgrades with a complete view of application versions and hardware configurations .
Troubleshoot problems with a thorough knowledge of each handheld device's hardware and software.
ZENworks for Handhelds Architecture
One of the biggest challenges of supporting a handheld device is the lack of opportunity to manage it. A well-used handheld device generally spends extended time in a briefcase or pocket and little time connected to the network. ZfH was designed to capitalize on the opportunity for management any time a device connects to the network (via synchronization or IP) while managing the unique characteristics of mobile computing, including low-bandwidth communication and unreliable, infrequent connectivity. This mobile architecture makes ZfH ideal for managing handheld devices.
ZENworks for Handhelds Components
Figure 1 depicts the key comonents of ZfH.
Figure 1: ZENworks for Handhelds components.
ZfH Server. The ZfH server runs as a service under Windows NT/2000/XP. The server is the central point of the ZfH installation. It is responsible for managing communication with all handheld clients through the proxy services and maintaining data on all management operations and their results.
The ZfH server maintains information about all managed devices and operations in two locations. Data on the installation, clients, and distributions is stored in Novell eDirectory. Additional information is stored in a Microsoft SQL Server or Microsoft Access database to reduce the amount of storage consumed in eDirectory.
eDirectory. eDirectory is a highly scalable, high performing, secure directory service. It can store and manage millions of objects, such as users, applications, network devices, and data. eDirectory natively supports the directory standard Lightweight Directory Access Protocol (LDAP) version 3 over Secure Socket Layer (SSL). ZfH uses eDirectory 8.5 or newer.
ZfH objects stored in eDirectory include the following:
Handheld device objects
Handheld device group objects
Handheld application objects
Handheld policy package objects
ConsoleOne. ZfH shares an administrative console with the rest of the ZENworks product family. ConsoleOne is a flexible, Java-based administration tool that provides a single point of administration for all your network resources managed by Novell products. ZfH supports ConsoleOne version 1.33 or later.
From ConsoleOne, administrators can perform handheld management functions including software distribution, inventory analysis, policy management, and more. ConsoleOne can be installed on any number of machines so that administrators and help desk staff can access data from multiple locations on your network.
The Inventory Viewer, a ConsoleOne utility, allows you to view hardware and software inventory in greater detail, build queries, and view reports. The Inventory Viewer allows you to examine specific devices as well as to see a global view of your installation.
Proxy Service. The ZfH proxy service is the interface between handheld devices and the ZfH server. The proxy service caches distributions for handheld devices, manages distributions and status reporting, and forwards inventory and distribution results to the ZfH server. This store-and-forward architecture is key to managing the infrequently connected user.
Because handheld devices can synchronize with more than one computer, the proxy service must be installed on any computer where a handheld device synchronizes.
Handheld Client. The ZfH handheld client is installed on Palm OS and Windows CE devices. The handheld client installs applications, collects software and hardware inventory, and enforces policies.
The ZfH architecture was designed to address the unique characteristics of mobile computing, including low-bandwidth communication and unreliable, infrequent connectivity.
Transports. ZfH communicates over the mobile infrastructure commonly found in corporate environments. Users are not required to initiate any additional connections in order for management information to be transferred. Using the existing infrastructure makes the transfer of management information transparent to the handheld user.
Messages from the ZfH server to a handheld client are transferred first to a proxy service, which relays the information to the handheld client. Messages from the handheld client to the ZfH server come back through the proxy service as well. Communication between the ZfH server and the proxy service can use any IP connection (LAN, WAN, RAS, VPN, Internet, intranet, and so forth). The proxy service communicates with handheld clients using either synchronization or IP.
When communicating via synchronization, ZfH supports the following synchronization products:
Palm HotSync Manager, version 3.0 or newer
Microsoft ActiveSync, version 3.1 or newer
Pumatech Intellisync, version 3.0 or newer
For example, when communicating via synchronization, a handheld client will transfer inventory and distribution results to the proxy service during synchronization with that desktop. The proxy service then relays the inventory and distribution results to the ZfH server via IP.
Note: ZfH 5 does not currently support synchronization for communicating with non-Pocket PC Windows CE devices (sometimes referred to as Handheld PCs).
ZfH can also use IP to communicate between a handheld client and the proxy service. This connectivity may be in the form of wireless, dial-up, or LAN connections. ZfH currently supports IP on Windows CE/Pocket PC devices only.
Figure 2 illustrates how ZfH handles communication between a ZfH server and handheld clients using both synchronization and IP as message transports.
Figure 2: ZfH communicates using both synchronization and IP as message transports.
Automation and Transparency. ZfH is a centralized systems management tool. Control is placed in the hands of administrators without requiring user intervention.
The ZfH queuing store-and-forward technology between the ZfH server, proxy service, and handheld client ensures that distributions run as scheduled and are transparent to the mobile user. Handheld device users do not need to schedule management activities, initiate operations, or create extra connections.
Mobile Optimization. Wireless communication for handheld devices is typically low-bandwidth, infrequent, and unreliable. The ZfH IP transport employs the following techniques to optimize communication for the mobile environment.
All messages are compressed to limit the size of data transferred.
If a message transfer is interrupted midstream (for example, a user loses a wireless connection), ZfH will restart the transmission where it left off when the user re-connects.
Only changes and updates are sent when distributing files to the handheld client. Files that have already been distributed are not sent again.
Configurable Bandwidth Usage
If you have limited bandwidth (for example, a wireless network with multiple applications sharing an IP connection), you can configure how much network bandwidth ZfH should use when transferring messages to handheld clients.
Downloading and Evaluating ZfH 5
A fully functional 90-day evaluation download of ZfH 5 is available at the Novell Product Downloads page at http://download.novell.com. The easiest way to find it is to perform a search using the "Choose a Product" drop-down list to specify ZENworks for Handhelds.
You can also download the full Novell ZENworks for Handhelds 5 Evaluation guide at http://www.novell.com/documentation/lg/zfh5/index.html. The Evaluation guide will help you better understand ZfH 5, install the product in a test environment, import handheld device objects into eDirectory, and provide step-by-step instructions to perform the following tasks:
Distribute software to handheld devices
Configure security settings for Windows CE devices
Retrieve files from a handheld device and copy them to the network
View software inventory
View hardware inventory
Standardize configuration across all handheld devices in your organization
ZfH helps you secure handheld devices and protect valuable corporate data, dramatically reduce your cost of ownership, and increase user productivity. When combined with the rest of the ZENworks family, you have a management solution that automates management processes and increases users' productivity regardless of where and when they connect.
Now that you have a basic understanding of ZfH 5, go get the evaluation software and start managing your handheld devices, saving money, making your life easier, and protecting the sensitive information stored on your enterprise handheld devices.
ZENworks for Handhelds is part of the Novell ZENworks product line, which also includes ZENworks for Desktops and ZENworks for Servers. For more information on the ZENworks product line, see the Novell ZENworks product Web site at http://www.novell.com/products/zenworks.
* Originally published in Novell AppNotes
The origin of this information may be internal or external to Novell. While Novell makes all reasonable efforts to verify this information, Novell does not make explicit or implied claims to its validity.