ZENworks for Desktops or IntelliMirror: Which Solution Should You Choose?
Articles and Tips: article
01 Jan 2001
With the release of Windows 2000, you have no doubt heard of IntelliMirror, the workstation management solution that ships with Windows 2000. IntelliMirror is a directory-enabled desktop management solution similar in concept to Novell's ZENworks for Desktops. As you plan your company's deployment of Windows 2000, you may be asking yourself, "Should I use ZENworks for Desktops or IntelliMirror to manage workstations?"
The answer to this question is yes! That is, by evaluating both products, you can identify strengths and weaknesses in each. The optimal solution is a combination of the two products--which is exactly what ZENworks for Desktops 3 makes possible. ZENworks for Desktops 3 not only provides its own unique features but is also integrated with IntelliMirror, thereby delivering the best of both worlds.
WHAT EXACTLY IS INTELLIMIRROR?
Microsoft describes IntelliMirror as a set of powerful features native to Windows 2000 for desktop change and configuration management. IntelliMirror leverages Active Directory to create and store policies that manage the configuration of a Windows 2000 Professional workstation. IntelliMirror is a component of the Zero-Administration for Windows (ZAW) initiative that Microsoft announced in 1998 and began shipping in 2000.
Microsoft divides IntelliMirror's features into the following four categories:
User Data Management. IntelliMirror supports the mirroring of user data to the network and local copies of selected network data.
Software Installation and Maintenance. IntelliMirror allows you to centrally manage software installation, repairs, updates, and removal.
User Settings Management. IntelliMirror allows you to centrally define computing environment settings for both users and workstations.
Remote Installation Services. IntelliMirror allows you to image workstations with the Windows 2000 Professional operating system.
User Data Management
The user data management feature is usually referred to asoffline files,which enables users to mirror data between their workstation's hard drive and the network. By mirroring data between the network and their hard drive, users can continue to work with network files even if they are not connected to the network.
If users lose their connection to the network or undock their laptop, their view of shared network items that have been made available offline remains just as it was when they were connected to the network. While users are disconnected from the network, they can continue to work with the data just as they normally would. They even have the same access permissions. When the status of the users' network connection changes, an Offline Files icon appears in the status area, and an informational balloon is displayed over the status area to notify users of the change.
When a user's network connection is restored or when a user docks his or her laptop, any changes the user made while working offline are automatically updated to the network. If a user finds that someone else has made changes to the same file, the user has the option of saving his or her version of the file to the network, maintaining the other version, or saving both files to the network.
To enable offline files, users double-click on My Computer/ Tools/Folder Options/Offline Files and then click the Enable Offline Files box. Users can then select the files and/or folders they want to mirror to their hard drive: They simply select a file or folder and then click Tools/Make Available Offline. By default, the files users select are synchronized with the network during login and logout. Users can also schedule the synchronization to occur at specific intervals or while their workstation is idle.
Software Installation and Maintenance
The software installation and maintenance feature is also referred to as theWindows Installeror theMicrosoft Installation Services.The Windows Installer manages the installation and removal of applications by applying a set of centrally defined setup rules, or policies, during the installation process. These policies are used to install, modify, repair, or remove an existing application. The Windows Installer consists of the Windows Installer service for the Windows operating system and the package (.msi) file. (Package files are also calledMSI files or MSI scripts.)
Each package file contains a relational database that stores all of the instructions and data required to install (and uninstall) an application. The package file can contain different instructions for different circumstances. For example, a package file could contain two sets of instructions--one set for installing an application if a prior version of the application is already installed and one set for a new installation.
The Windows Installer includes two deployment options:assignedandpublished.If you assign an application to a user or a workstation, that application is automatically installed the next time a user authenticates on a workstation. If you publish an application, the application is added as an option in the Add/ Remove Programs Control Panel. (The application is not installed automatically.)
User Settings Management
The user settings management feature is usually referred to as theGroup Policy,which is an administrative tool you can leverage to "lock down" workstations. The Group Policy allows you to centrally create a policy that defines various components of a user's working environment such as the programs and services that appear on the desktop or on the Start menu.
You can define different Group Policies at different levels in Active Directory. These Group Policies are then applied, or layered, starting from the root down. The Group Policy also has an extensible interface, enabling third-party developers to add policies for their software and services.
Remote Installation Services
Remote Installation Services (RIS) provides imaging capabilities for Windows 2000 Professional. Using RIS, you can configure a workstation and then run the RISPREP utility to take a sector-by-sector image of the workstation. You can use this image to build a workstation from scratch or to recreate a workstation if necessary.
WHAT IS ZENWORKS FOR DESKTOPS?
Like IntelliMirror, ZENworks for Desktops is a directory-enabled desktop management solution. Short for Zero Effort Networks, ZENworks was designed to make managing and using workstations simpler for both network administrators and users. By leveraging the cross-platform NDS eDirectory, ZENworks for Desktops allows you to define and apply policies to users and workstations. Novell has been shipping components of ZENworks for Desktops since early 1996. The latest version is ZENworks for Desktops 3.
Novell divides ZENworks for Desktops 3's features into four categories:
Application Management. ZENworks for Desktops 3 offers customized software distribution and metering. ZENworks for Desktops 3 also repairs ("self-heals") applications.
Workstation Management.ZENworks for Desktops 3 includes desktop imaging capabilities, printer management, and hardware and software inventories.
Mobile PC Management. ZENworks for Desktops 3 extends the application and workstation management features to disconnected workstations.
Remote Management. ZENworks for Desktops 3 provides secure remote control of workstations and diagnostic tools for workstations.
Application Management
The application management features in ZENworks for Desktops 3 are based on the Novell Application Launcher (NAL) which began shipping in 1996 as a standalone product. Using ZENworks for Desktops 3, you can create policies in NDS eDirectory from an application object template (.aot) file that contains all of the instructions to install applications. You can then associate these policies with users, workstations, groups, or Organizational Units (OUs) in NDS eDirectory.
ZENworks for Desktops 3 can install, remove, and self-heal applications. Shortcuts to these applications can be presented on the Start menu, on the desktop, in the system tray, or in a ZENworks-specific window.
The application management features in ZENworks for Desktops 3 are similar to the software installation and maintenance features in IntelliMirror. In fact, Novell has integrated ZENworks for Desktops 3 with the software installation and maintenance features in IntelliMirror. (This integration is explained later in this article.)
Workstation Management
The workstation management features are often collectively referred to asWorkstation Manager,which began shipping as a standalone product in 1997. These features enable you to manage everything about workstations, except for software distribution.
For example, you can define and centrally execute policies for both hardware and software inventories. You can also centrally configure users' printer configurations so that these configurations follow users around the network.
In addition, you can define policies for local workstation accounts on both Windows NT 4 Workstation and Windows 2000 Professional. These policies automatically create local accounts on workstations for authorized users asthey roam.
ZENworks for Desktops 3 also includes imaging capabilities: Using ZENworks for Desktops 3, you can image a workstation with any operating system that runs on an Intel-compatible processor.
Novell has integrated the workstation management features of ZENworks for Desktops 3 with the user settings management features of IntelliMirror.
Mobile PC Management
ZENworks for Desktops 3 was specifically built to solve the needs of the expanding laptop population. Because companies are using more and more laptops, network administrators like you face new challenges. For example, how do you install or repair applications on laptops when they are disconnected from the network?
With ZENworks for Desktops 3, you can define policies that cache the application object templates defined in NDS eDirectory on the laptops' hard drive or on a CD. This cache can then be used to perform disconnected operations.
On the surface, this feature may seem similar to the user data management feature of IntelliMirror. However, this is not the case. The IntelliMirror solution handles user data, rather than applications. That is, IntelliMirror gives users offline access to network data, but it does not provide offline access to applications.
ZENworks for Desktops 3, on the other hand, provides offline access to applications but does not solve the problem of offline access to data. The best solution is a combination of the two features--offline data and offline applications. The best solution, as I will explain later in this article, is a combination of the two features--offline data and offline applications.
Remote Management
ZENworks for Desktops 3 includes a directory-enabled remote-control solution. You can create policies in NDS eDirectory to define who can remotely control workstations. These policies are based on a combination of workstation properties and the user who is currently using the workstation. As a result, only administrators who have been granted the appropriate rights in NDS eDirectory will be able to remotely manage the workstation. ZENworks for Desktops 3's remote-control solution also includes functionality such as chat, file transfer, and workstation diagnostic tools.
In addition, ZENworks for Desktops 3 includes a help-request application that enables users to report problems to helpdesk technicians. This application also gathers the information these technicians need to identify and correct problems.
GETTING ALONG
Novell evaluated IntelliMirror and performed a significant amount of testing on this product. Recognizing that IntelliMirror has a number of valuable components, Novell identified areas where ZENworks for Desktops 3 could not only be integrated with IntelliMirror but could also enhance IntelliMirror. ZENworks for Desktops 3 includes this integration and enhancement, which provide users with the best of both worlds.
Integrating MSI Files
In the past, when you wanted to deploy an application through ZENworks for Desktops, you had to use the ZENworks Snapshot utility to create the application object template. The Snapshot utility takes a complete picture of a workstation before an application is installed (including the registry, all files, .ini files, and so on). The Snapshot utility then prompts you to install the application, takes another picture of the workstation, and compares the preinstallation picture and the post-installation picture to create the application object template. This template is then imported into NDS eDirectory.
Although this process is accurate and not difficult, it does have a few drawbacks. The biggest drawback is that you lose all of the logic the application developer built into the installation, such as conditional tests for upgrades or conflicts.
With IntelliMirror, Microsoft released a software developer's kit (SDK) that enables software developers to create their own package, or MSI, files (including logic). IntelliMirror can then use these MSI files to deploy applications. Novell has also incorporated the MSI functionality in ZENworks for Desktop 3, allowing you to create application policies based on vendor-provided MSI files. (SeeFigure 1.) (For more information about using MSI files with ZENworks for Desktops 3, see "Deploying and Managing Windows 2000 With ZENworks for Desktops 3,"Novell Connection,Dec. 2000, pp. 34-42.)
If you are already using ZENworks for Desktops, this is a welcome enhancement. However, you will still need to use the Snapshot utility because only a limited number of applications (namely, Office 2000 and WinZIP 8) ship with prebuilt MSI files). You can use the Snapshot utility for all legacy applications and new applications that do not ship with MSI files.
ZENworks for Desktops 3 also leverages the Windows Installer to install applications that are created with MSI files. The Windows Installer is installed by default on Windows 2000 Professional, and Microsoft has released updates for Windows NT, 98, and 95. The Office 2000 installation program also installs MSI support so any workstation that has Office 2000 includes MSI support.
Integrating Group Policy
ZENworks for Desktops has always enabled you to centrally manage Windows NT, 98, and 95 system policies. With ZENworks for Desktops 3, this support has been updated to include the Windows 2000 Group Policy. The Windows 2000 Group Policy is a new policy in the ZENworks for Desktops User or Workstation Policy Package. (SeeFigure 2.) (For more information about creating and configuring the Windows 2000 Group Policy, see "Deploying and Managing Windows 2000 With ZENworks for Desktops 3.")
Integrating Offline Files
A common misconception about offline files is that they require Active Directory. In reality, offline files are not integrated with Active Directory and, therefore, do not require Active Directory. If you want to use offline files, the workstation or server that stores the original files or folders must support the Microsoft Server Message Block (SMB) protocol. (Any workstation or server that is running a Microsoft networking client or any Microsoft server supports SMB.) However, only Windows 2000 Professional workstations can cache data for use offline.
In addition to supporting Microsoft's offline files, Novell is working on its own offline data solution. When released, this solution will allow you to define policies and apply them to users and/or workstations without having to physically visit each workstation. You will also be able to enable or prevent users from selecting certain folders or files for offline use. Novell's solution will support Windows NT and 98 as well as Windows 2000.
WHAT'S THE DIFFERENCE?
ZENworks for Desktops 3 and IntelliMirror are targeted at solving similar problems, but their approach and their features differ. While evaluating IntelliMirror, Novell also identified a number of deployment and functional problems in this product. ZENworks for Desktops 3 resolves many of these problems, as outlined in the following sections. For an overview of the functions of IntelliMirror and ZENworks for Desktops 3, see "Comparing IntelliMirror and ZENworks for Desktops."
Cross-Platform Solution
Unfortunately, you can run IntelliMirror only on a Windows 2000 server, and IntelliMirror fully supports only Windows 2000 Professional.
ZENworks for Desktops 3, on the other hand, is a cross-platform solution for both the server and workstation. You can install ZENworks for Desktops 3 on any of the platforms on which NDS eDirectory runs including NetWare, Windows 2000, Windows NT, Linux, and Solaris. In addition, ZENworks for Desktops 3 supports the following workstation platforms: Windows 2000, NT, 98, and 95.
Leveraging the Directory Hierarchy
In Active Directory, the Group Policy is an attribute of the OU. After you define the Group Policy, you must associate it with the appropriate groups, users, or workstations. Although the Group Policy is an attribute of the OU, the Group Policy cannot be applied to an OU. Due to a limitation of Active Directory, OUs cannot be security containers. OUs can be used only for organizing objects and delegating authority.
ZENworks for Desktops 3 extends the capability of the Group Policy by enabling you to associate these policies with groups, users, workstations, and OUs. By associating the policies with OUs, you can leverage the hierarchy of the directory. For example, if a policy is associated with an OU, you can simply create a user in the appropriate OU. The policies associated with that OU are then automatically applied to the user.
In Active Directory, you must create a user object and then remember which groups to add the user object to. This process not only requires more time but is also more prone to mistakes.
Lights-Out Distribution
You may prefer to install and upgrade applications when users are not using their workstation. IntelliMirror does not provide the capability to deploy software without human intervention. IntelliMirror can install software only when the user authenticates to the network (in this case, the application is "assigned") or when the user clicks on the application in the Add/Remove Software Control Panel (in this case, the application is "published").
By comparison, ZENworks for Desktops 3 allows you to schedule updates to workstations. You can schedule these updates to occur at any time of the day or night, and the user does not have to be physically present nor authenticated on the workstation. No matter whether you are using MSI files or AOT files, you can use this lights-out distribution when you use the ZENworks for Desktops 3 and IntelliMirror integration to deploy applications through the Windows Installer.
Licensing and Metering
Probably one of the toughest challenges you face is tracking the number of licenses in use for the myriad applications you manage. If this information is not accurately tracked, your company could unknowingly commit software piracy. IntelliMirror does not provide a solution for tracking the licenses of software that it installs. You must manually track this data or purchase another product to track it.
ZENworks for Desktops 3 includes a licensing and metering solution that enables you to define policies to control and limit the number of times an application can be installed. This solution includes the ability to look at trends, such as the number of times an application has been deployed and the maximum number of users who opened it simultaneously. Because ZENworks for Desktops 3 is integrated with IntelliMirror, you can use this licensing and metering solution with applications deployed through the Windows Installer.
Laptop Explosion
If your company is like most, its population of laptops is quickly growing. Laptops present new management challenges. The most difficult challenge is how to manage application access when laptops are disconnected from the network. Although IntelliMirror does not offer a disconnected solution for laptop users, ZENworks for Desktops 3 was built to solve this problem.
ZENworks for Desktops 3 allows you or users to define policies that are cached on a laptop's hard drive for disconnected use. With the policies cached, users can install, uninstall, and heal applications without being connected to the network.
IntelliMirror also falls short of providing laptop support in its imaging component. IntelliMirror's RIS depend upon PXE. If a workstation's network interface card does not support PXE, you will probably not be able to use IntelliMirror's RIS.
The PXE support requirement is especially painful if your company uses laptops because virtually no laptops support PXE. Microsoft has built a PXE emulator for 24 PCI network interface cards (NICs), but this emulator cannot be used in a laptop. By comparison, the imaging solution in ZENworks for Desktops 3 does not require that the NIC support PXE and can be used to image any workstation.
The fact that IntelliMirror supports PXE is also an advantage. The imaging component of ZENworks for Desktops does not support PXE. (Novell plans to add PXE support in the next release of ZENworks for Desktops.)
Imaging
Rather than integrating ZENworks for Desktops 3 with IntelliMirror's imaging solution, Novell built its own imaging solution. Although both solutions offer similar benefits, they differ in their ease of management and breadth of support.
For example, IntelliMirror only supports imaging of Windows 2000 Professional. ZENworks for Desktops 3 supports imaging of any operating system that runs on an Intel-compatible processor.
Another limitation of the IntelliMirror imaging component is that after an image is created, you cannot make any changes to that image. If you need to make a change, you must recreate the image. By comparison, ZENworks for Desktops 3 allows you to add and delete from the image as needed.
The IntelliMirror imaging solution supports only a single hard drive (which must be the C drive) with a single partition. All devices in the workstation must support plug-and-play for the imaging process to run 100-percent unattended. ZENworks for Desktops 3 does not have these limitations.
ZENworks for Desktops 3 also enables you to define imaging polices based on the workstation's IP address or hardware configuration--such as the amount of RAM, video board, chipset, NIC, sound card, and hard-drive size. When a workstation is powered on, ZENworks for Desktops 3 checks the workstation's configuration, compares it to the policies defined in NDS eDirectory, and automatically applies the appropriate image--all without the need of human intervention. (SeeFigure 3.)
IntelliMirror does not offer such a policy engine. When a workstation boots, a user must be physically present to enter a username and password (which are passed across the wire in clear text) to authenticate to Active Directory. The user must then select the appropriate image to be applied to the workstation's hard drive.
FUNCTIONALITY UNIQUE TO ZENWORKS FOR DESKTOPS 3
In addition to offering significant improvements to IntelliMirror, ZENworks for Desktops 3 offers solutions that IntelliMirror does not offer. These solutions make troubleshooting workstation problems easier and more efficient.
Remote Control
As you know, remotely troubleshooting problems is less expensive than physically traveling to a workstation. ZENworks for Desktops 3 offers one of the most secure remote-control solutions on the market because the remote-control capability is integrated with NDS eDirectory. As a result, the ability to remotely control a workstation is managed through NDS rights. If you have not been granted the necessary rights in NDS eDirectory to remotely control a workstation or group of workstations, you cannot gain remote access. IntelliMirror, on the other hand, does not contain a remote-control solution.
Company-Wide Hardware and Software Inventories
One of the most difficult and expensive aspects of managing a network is tracking the hardware and software that have been deployed. For example, suppose you were asked to deploy a new application that requires a specific hardware configuration, such as a specific amount of RAM. How quickly could you generate an accurate report that detailed the hardware and/or software in production?
ZENworks for Desktops 3 includes a complete hardware and software inventory solution. Reports can be generated through any of the standard protocols, such as Open Database Connectivity (ODBC), Lightweight Directory Access Protocol (LDAP), and Java Database Connectivity (JDBC). IntelliMirror does not contain a hardware/software inventory solution.
Help-Desk Utility
When a user experiences a workstation problem, does that user know who to contact? The help-desk utility in ZENworks for Desktops 3 reads policies in NDS eDirectory and directs users where to get help--either through e-mail or by calling the help desk. The help-desk utility then provides information such as the user's full NDS name and the workstation's full NDS name. (This information is also included in any e-mail message sent to the help desk through this utility.) With this information, the help-desk technician can more efficiently troubleshoot problems. IntelliMirror does not provide a help-desk solution.
Printers and Printer Drivers
ZENworks for Desktops 3 provides a printer management solution that enables users to have their printer configuration follow them as they roam from workstation to workstation. You simply define a policy in NDS eDirectory that associates users and/or workstations with printers.
In the policy, the corresponding print driver is also associated with the NDS printer. When the user authenticates to NDS eDirectory, the user's printing environment is automatically configured on that workstation, including downloading and installing the printer driver.
All these tasks are completed without human intervention and without having to grant the user administrative rights on the workstation. Central management of the users' print environment solves one of the most costly and time-consuming aspects of desktop management. By comparison, IntelliMirror does not offer a similar solution.
Fat or Thin Clients
Novell has tested and integrated ZENworks for Desktops 3 with thin-client servers (Windows Terminal Server and Citrix MetaFrame). What does this mean for you? You can define one set of ZENworks policies to manage standard desktops, laptops, and thin-client servers. Users will then have the same working environment no matter how they access resources. (For more information, see "Thin Is In With NDS eDirectory and ZENworks for Desktops 2,"Novell Connection,July 2000, pp. 32-34.)
THE BEST OF BOTH WORLDS
Both IntelliMirror and ZENworks for Desktops 3 offer time- and money-saving solutions. Companies cannot survive in today's fast-paced business without deploying solutions such as these. The difficult question may be which solution to deploy. ZENworks for Desktops 3 delivers the best of both worlds because it is integrated with IntelliMirror, provides significant enhancements to IntelliMirror, and includes its own unique (and valuable) features.
Brad Anderson is the ZENworks business unit manager for Novell. As such, he manages the ZENworks engineering, product management, and product marketing teams. Anderson was the first product manager of ZENworks for Desktops and has worked for Novell for nine years.
Comparing IntelliMirror and ZENworks for Desktops
Feature
|
ZENworks for Desktops
|
IntelliMirror
|
Cross platform on the server |
Yes |
No* |
Remote-control support |
Yes |
No |
Help-desk utility |
Yes |
No |
Customizes application to users during install |
Yes |
No |
Lights-out software distribution |
Yes |
No |
Software licensing and metering |
Yes |
No |
Disconnected application distribution |
Yes |
No |
Disconnected application healing |
Yes |
No |
Load balancing across servers during application installation |
Yes |
No |
Modify application policies after creation |
Yes |
No |
Maintains history of images applied to workstations |
Yes |
No |
Image laptops |
Yes |
No |
Image workstations with multiple drives and/ or partitions |
Yes |
No |
Policy engine to associate workstations with images |
Yes |
No |
Printer driver management |
Yes |
No |
Hardware inventory |
Yes |
No |
Software inventory |
Yes |
No |
Supports Windows 2000/NT/98/95 |
Yes |
No |
PXE support |
Yes |
No |
Offline files and folders |
Yes |
No |
* The answer is Yes if IntelliMirror is used in conjunction with ZENworks for Desktops 3. ZENworks for Desktops 3 has been integrated with IntelliMirror and, therefore, provides this functionality.
Novell Connection, January 2001, p. 38
* Originally published in Novell Connection Magazine
Disclaimer
The origin of this information may be internal or external to Novell. While Novell makes all reasonable efforts to verify this information, Novell does not make explicit or implied claims to its validity.