ZENworks for Servers 3: Weathering Your Server Storms
Articles and Tips: article
01 Mar 2002
Assuming you are a network administrator for a large company, you feel the constraints of the limited hours that comprise your work days. As you know only too well, the time constraints you experience have little to do with poorly managing your time. The fact is managing ten or more servers in two or more locations takes a lot of time.
Unfortunately, you probably spend the bulk of your time on reactive management tasks, such as installing support packs and virus definitions. Of course, these daily responsibilities don't add value to your company's network; they just keep it current and running. The time you spend tediously completing these chores detracts from the time you would otherwise spend on more interesting projects (such as implementing a portal strategy). Ironically, these neglected, interesting projects--unlike your other dull duties--would make your network a more valuable resource to users.
Frustrating, but that's just the way it is, right?
With ZENworks for Servers 3, Novell says "wrong." Debuting this month at Novell BrainShare Salt Lake City and available shortly thereafter, ZENworks for Servers 3 "takes the time-consuming and tedious out of server management," says Novell product manager Rick Cox. Because you spend less time managing servers, you have time to take on more interesting projects. (For a list of ZENworks for Servers 3 enhancements, see "What's New?")
WHAT'S IT ALL ABOUT?
ZENworks for Servers 3 is a directory-enabled server management solution that automates and simplifies the tasks involved in managing multiple servers running on any of the following platforms:
Windows NT 4.0
Linux (Red Hat 7)
With ZENworks for Servers 3, you can control and monitor all of your company's servers without ever having to leave your office. You can manage all of the servers running ZENworks for Servers 3 from any client running ConsoleOne and the ZENworks snap-in modules. You can also use Novell iManager to manage these servers, assuming you have installed and set up ZENworks for Servers' web-based management component.
Novell iManager enables you to use a standard web browser to complete some of the management tasks that you would typically complete using ConsoleOne. In addition, this web-based management component enables you to monitor various ZENworks for Servers 3 processes (such as its distribution process), which you cannot monitor using ConsoleOne.
ZENworks for Servers 3 includes all of the functionality you now find in ManageWise. Like ManageWise, ZENworks for Servers 3 includes alarms for server and network management and also features Server Inventory and Remote Management functions for NetWare and Windows NT platforms.
Server Inventory enables you to gather hardware and software inventory information from all of the servers that are running ZENworks for Servers 3 (called managed servers). Server Inventory scans and stores this inventory information in a central database. From ConsoleOne, you can view and query this database and thus gain instant access to information regarding the managed servers' hardware and software components.
Remote Management (as you can guess) gives you the ability to remotely manage servers. More specifically, Remote Management enables you to use ConsoleOne to remotely view and control Windows 2000 and Windows NT 4.0 servers across LANs and WANs. For NetWare servers, Remote Management features a Java-based remote console utility called RConsoleJ. Among other things, you can use RConsoleJ to remotely use console commands and NetWare Loadable Modules (NLMs) just as you would do at the server console.
More importantly in the context of this article, ZENworks for Servers 3 enables you to automatically distribute electronic data across multiplatform servers. These servers can be in the same or different Novell eDirectory trees--or not in a tree at all.
Using Tiered Electronic Distribution (TED), ZENworks for Servers 3 distributes data such as applications, support packs, virus definitions, software patches, and server policies. (For more information about the types of policies you can distribute across networked servers, see "Policy Packages." Also see "ZENworks for Servers: Managing Servers Through Policies." )
HOW TO GET AHEAD WITH TED
TED makes it easy to distribute electronic data by compressing that data into packages called distributions. Basically, a distribution is a compilation of data--such as applications, collections of files, or software patches--that you want TED to compress and distribute. Servers called distributors build, store, and send distributions based on the properties you define in the Distribution objects you create (using ConsoleOne or Novell iManager). Servers that receive distributions are called subscribers. (See Figure 1.)
As its name suggests, TED uses a hierarchical (or tiered) distribution model that enables you to disseminate distributions from one or more distributors to hundreds of subscribers. (Novell has tested ZENworks for Servers 3 distributors servicing as many as 260 subscribers. The real limit, says Cox, is dictated only by bandwidth.) You can distribute data from distributors directly to subscribers, or you can distribute data to strategically located parent subscribers. These parent subscribers can, in turn, distribute the data to local subscribers. (See Figure 2.)
By sending distributions to parent subscribers, several servers can share the workload of sending many distributions. Using this distribution model also maintains TED's peak performance level--regardless of the number of servers receiving distributions.
Subscribers subscribe to channels. A channel is an eDirectory object that contains a list of the distributions you have associated with the channel. Generally speaking, the distributions in a channel are similar in nature.
For example, you may create a Channel object for virus definitions or a Channel object for policies. When subscribers subscribe to a channel (that is, when you associate a subscriber with a Channel object), the subscribers thereafter receive all of the distributions listed in that Channel object's properties. (The actual distributions are stored on distributors' hard drives.)
Put this all together and add some Public Key Infrastructure (PKI) certificates for security, and you get the gist of the TED concept, which is as follows:
Distributors create PKI certificates.
Distribution agents running on distributors build distributions.
You associate distributions with channels.
You select the subscribers that you want to subscribe to various channels.
TED copies the PKI certificates to subscribers. Subscribers use the PKI certificates to ensure that the distributions they receive are from trusted sources.
TED sends the channel's distributions from distributors to subscribers.
Subscribers extract the data from the distributions.
CASE IN POINT
None of this is terribly interesting unless you consider how such a distribution model works in a real-life setting. For example, suppose you manage a network that spans Albuquerque and Santa Fe, New Mexico. Further suppose that this network has a total of ten servers--seven in the Albuquerque home office and three in the Santa Fe branch office.
Like most networks, this fictional network includes a mix of server platforms. In this case, assume that you have six NetWare 5.1 servers (four in Albuquerque and two in Santa Fe), two Windows NT 4.0 servers (in Albuquerque), and two Windows 2000 servers (one in Albuquerque and one in Santa Fe).
Today your top priority is to install the latest virus definitions for Norton Anti-Virus Corporate Edition, which is running on all ten servers. You have also been asked to install Adobe Acrobat Reader 5.0 on all 500 network clients.
Assume for a moment that you have to complete these two tasks without ZENworks for Servers 3. What does your day look like? You probably begin by downloading the latest virus definition from the Symantec web site (http://www.symantec.com/). Then you copy this file to each of your ten servers. The task isn't particularly time-consuming and certainly isn't difficult. After three or four interruptions, however, you find it difficult to remember on which servers you have already copied the virus definitions and which servers you must still update.
Nevertheless, you finally complete the task (or at least, you think so), and look to your next task: installing Acrobat Reader 5.0 on 500 network clients. Fortunately, you have ZENworks for Desktops 3.
You must first attach to each of the ZENworks for Desktops 3 servers that will be distributing Acrobat Reader 5.0 and then copy the program's files to these servers' volumes. Next, you manually create an Application object and associate it with the appropriate eDirectory container, User, or Group objects. (For more information about ZENworks for Desktops 3, visit www.novell.com/products/zenworks.)
In this case, you have only two locations and require only two ZENworks for Desktops servers. The task isn't inordinately time-consuming, but with ZENworks for Servers 3 (which integrates with ZENworks for Desktops 3), the task is even easier.
What If . . .
With ZENworks for Servers 3, you could install virus definitions on all of your company's servers and distribute the Acrobat Reader 5.0 application without ever leaving your office. Assume that you have installed and configured ZENworks for Servers 3 as shown in Figure 3. Because you manage only ten servers, you made only one server a distributor, Distributor A, in the Albuquerque home office. To make this server a distributor, you installed ZENworks for Servers 3, which automatically created a Distributor object in your eDirectory tree. You then associated Distributor A with this object.
You selected as your distributor a NetWare 5.1 server that has an above-average physical configuration (as Novell recommends for distributors), with plenty of CPU, plenty of RAM, and plenty of free hard disk space. In this case, suppose the server has a 200 MHz Pentium processor, 128 MB of RAM, and 135 MB of free disk space.
You have also configured the routing property for your Distributor object such that Distributor A sends distributions to Subscribers 1 and 7, both of which are parent subscribers. Parent Subscriber 1 is located in Albuquerque, and Parent Subscriber 7 is located in Santa Fe. (See Figure 3.) Parent Subscriber 1 is responsible for sending the distributions it receives (directly from Distributor A) to Subscribers 2 through 6. Parent Subscriber 7 is responsible for sending the distributions it receives (also directly from Distributor A) to Subscribers 8 and 9.
By making one subscriber on each LAN a parent subscriber, you have followed Novell's recommendations. Novell recommends that you assign one subscriber on the distributor's LAN (in this case, the Albuquerque LAN) to be the parent for other subscribers. Novell also recommends that you have at least one parent subscriber per remote LAN.
Parent subscribers help TED operate efficiently. In this example, having one parent subscriber in Santa Fe means that the distributor needs to send a distribution only once across the WAN. The parent subscriber then sends the distribution to the other servers on the Santa Fe WAN. As a result, the distributor needs to send each distribution only once, rather than three times.
Like the distributor, the parent subscribers (as Novell recommends for parent subscribers) also have above-average physical configurations. In this case, assume that the parent subscribers have a configuration identical to that of the distributor.
When you installed ZENworks for Servers 3, you also created several Channel objects. Among other channels, you created a virus definitions channel, where you plan to list all virus definitions distributions, and a desktop applications channel, where you plan to list all desktop application distributions. You defined the Subscription properties for these Channel objects such that all subscribers (Subscribers 1 through 9) are listed.
Furthermore, you set your subscribers' Extract Schedules to Run Immediately, so the subscribers will extract distributions upon receiving them. You also configured the channels' Schedule properties such that distributions are sent five minutes after they are built.
Of course, the installation and configuration of ZENworks for Servers 3 involves more than what is explicitly mentioned here. However, this information is all you need to know to follow this example of using ZENworks for Servers 3 to install virus definitions on all of your servers and to distribute Adobe Acrobat Reader 5.0 to all of your clients.
With ZENworks for Servers 3 thus installed and configured, what does your day look like now?
Install Virus Definitions--Without Feeling Bugged
With ZENworks for Servers 3 thus installed and configured, installing the virus definitions file across all of your servers is no big deal. Basically, you create a distribution and associate this distribution with the appropriate channel.
ZENworks for Servers 3 enables you to create seven distribution types, depending on the type of electronic data you want to distribute. (For a list and explanation of distribution types, see "What Do You Want To Send Today?") To select files or directories from a distributor's hard drive that you want TED to distribute, you create a file type distribution.
To create a file type distribution and associate it with the appropriate channel, you launch ConsoleOne (or Novell iManager) and right-click the container holding your TED objects. You then complete the following steps:
Click New, then Object, and then select TED Distribution.
Enter a distribution name.
Browse to find the Distributor object (in this case, Distributor A) that will own this distribution, and select it.
Click the Define Additional Properties box, and click OK to create the object.
Click the General tab, and complete the Settings fields, which include the following: Active. A distribution must be active in order for it to be made available to subscribers. Use Digests. Distributors and subscribers use digests to verify that distributions have not been tampered with while in transit. The digest provides a checksum for the subscriber to compare. Encrypt. You can encrypt the distribution (by selecting either Strong encryption or Weak encryption) if you will be sending the distribution outside your firewall. Encryption provides security for the distribution during transit between the distributor and subscriber. Priority. You can give the distribution a priority that determines how it will be sent in relation to other distributions. A High priority means it will be sent before Medium or Low priority distributions.
Click the General tab again, and this time click Restrictions. You can complete these fields to select specific platforms on which you want to restrict this distribution. Although the distribution is sent to all subscribers, it is executed only on subscribers with platforms that you have not explicitly restricted. No Restrictions are enabled by default.
Click the Type tab. From the drop-down list, click File, and complete the fields that appear for the file type distribution. (See Figure 4.)
Click the Schedule tab. (See Figure 5.) The schedule determines how often the distributor will attempt to build a new version of the distribution. Choices include Never, Daily, Monthly, Yearly, Interval (in which case you specify numbers of minutes), and Run Immediately. In this case, select Run Immediately, which causes the distributor to build the distribution as soon as it reads eDirectory for the distribution information.
Click the Channels tab.
Click Add. Browse for and select the appropriate channel. Then click OK.
Click Apply to create the distribution.
Click Yes to resolve the certificates. The security certificates are copied from the distributor to all subscribers that have subscribed to the specified channel.
To send the distribution, you would then simply right-click the Distributor A object and click Refresh Distributor. This action causes Distributor A to re-read eDirectory. (Alternately, you can automate the process whereby Distributor A re-reads eDirectory.)
Distributor A then begins building the virus definitions distribution immediately and sends this distribution according to the channel's schedule. In this case, you configured the virus definitions channel's schedule to send distributions five minutes after they are built. Accordingly, five minutes after building the virus definitions distribution, Distributor A sends it.
As soon as the parent subscribers receive the distribution, they forward it to the remaining subscribers. All subscribers immediately extract the distribution when they receive it because you configured them to do so.
And that's it. You're done. You've sat in your office, launched ConsoleOne, and with a few mouse clicks and data key entries, you've just updated the virus definitions on all of your servers. It's taken you no more than 15 minutes.
Desktop Application Distribution
Having checked one task off your list during the first 15 minutes of your day, you are ready to face the next task: making Adobe Acrobat Reader 5.0 available to all network clients. Fortunately, you have ZENworks for Desktops, which will unquestionably save you time. With the help of ZENworks for Servers, however, you can save even more time.
If ZENworks for Desktops 3 and ZENworks for Servers 3 are installed in the same eDirectory tree, ZENworks for Servers can use TED to distribute Application objects and their associated files to subscribers. These subscribers must be running ZENworks for Desktops 3 and can be in the same or different tree as the ZENworks for Servers distributor. Although you still have to create the Application object, ZENworks for Servers 3 automates the task of copying the Application object to appropriate locations in your eDirectory tree. ZENworks for Servers 3 also makes the appropriate associations with container, Group, or User objects.
For example, assume that you need to distribute applications only to Parent Subscribers 1 and 7, both of which are ZENworks for Desktops servers. To distribute the Application object (Acrobat_5) to Parent Subscriber 1 and Parent Subscriber 7, you create an Application object in ZENworks for Desktops. You then create a desktop application distribution in ZENworks for Servers. To do so, you complete the first six of the 12 steps in the "Install Virus Definitions--Without Feeling Bugged" section. (See p. 14.) When you reach step 7 and click the Type tab, you select Desktop Application followed by Setup. The Desktop Application Distribution Wizard launches.
The Desktop Application Distribution Wizard guides you through the process of preparing the desktop application distribution. You are prompted to complete several fields, including the following:
Maintain Source Tree Structure. If you select this option, TED duplicates the distributor's tree structure on the subscriber to place ZENworks for Desktops application objects.
Maintain Associations. If you select this option, TED maintains the associations established in the distributor's tree between the distributed applications and the trusted user/workstation groups and containers. To maintain these associations, TED replicates the associated groups or containers on the subscriber if they do not already exist. As you would expect, users or workstations already contained in the groups or containers in the subscriber's tree location are not replicated.
In this case, assume you select the Maintain Associations option. When Parent Subscriber 7 in Santa Fe receives this Distribution, TED will set up (if necessary) the Santa Fe Organizational Unit (OU) in the same way the Albuquerque OU is set up.
Suppose that the Application object you created for Adobe Acrobat Reader 5.0 (Acrobat_5) is associated with the Alb_OU. As a result, all users in user and workstation groups in that container have access to this application. When Parent Subscriber 7 receives this distribution, TED ensures that the Acrobat_5 object is similarly associated with the SantaFe_OU. As a result, all users in user and workstation groups in that container have access to the application.
The Desktop Application Distribution Wizard continues to guide you through the process of creating this type of distribution: You are prompted to browse for and select Application objects you want to include in this distribution and to enter the destination volume or folder. When you have finished the Wizard's steps, you click Finish and continue to create the Distribution object by completing steps 8 through 12 in the "Install Virus Definitions--Without Feeling Bugged" section.
Distributor A then builds and sends the desktop application distribution, and the subscribers extract it. After subscribers have received and extracted the desktop application distribution, users in the Alb_OU and SantaFe_OU can access Adobe Acrobat Reader 5.0 through ZENworks for Desktops.
TIME IS ON YOUR SIDE
At this point, perhaps you launch immediately into a new project, or perhaps you decide to create another distribution to install the latest support pack for NetWare 5.1. Before ZENworks for Servers 3, you probably would have had to stay after work to complete this task--waiting until most of your company's employees were singing or cursing in their cars in their mad rush home. With ZENworks for Servers 3, you can set up the distribution now--first thing in the morning--and schedule the distribution to run after work hours.
From home, you can use your web browser to monitor the progress of the support pack distribution and installation using the Tiered Distribution View provided by Novell iManager. This view shows a color-coded map that reveals which subscribers have received the distribution and which ones have installed it.
At any rate, after installing the virus definitions and Adobe Acrobat Reader 5.0, you have used up possibly only 30 to 45 minutes of the first hour of your day. You have time to grab a cup of coffee before launching into . . . you decide. What's next?
Linda Kennard works for Niche Associates (www.niche-associates.com), an agency that specializes in writing and editing technical documents. Niche Associates is located in Sandy, Utah.
ZENworks for Servers 3 includes a plethora of new enhancements, including the following:
Support for the Following Platforms: NetWare 6 and NetWare 5.1 Windows 2000 and Windows NT 4.0 | Linux (Red Hat 7) Solaris 8
Combined Tiered Electronic Distribution (TED) Subscriber and Distributor Startup Files. At the TED startup command, the combined startup file will function as a distributor, subscriber, or both, depending on whether you installed the server software as a distributor, subscriber, or both.
New Distribution Types. In addition to the File, FTP, HTTP, and software package distribution types, ZENworks for Servers 3 includes these new distribution types:
Policy Package. You now distribute policy packages directly to the individual servers where the policies are to be enforced. You can now use ZENworks for Servers 3 to manage all of your servers, including those that are not running Novell eDirectory. In contrast, with ZENworks for Servers 2, you associate a Policy Package object with eDirectory Server objects and/or container objects so that the policy can be enforced only on servers running eDirectory.
Red Hat Package Manager (RPM). You can create RPM packages and use TED to distribute these packages to Linux and Solaris servers.
Desktop Application. TED can distribute Application objects to other locations in the same eDirectory tree or different trees. ZENworks for Desktops 3 can then distribute the applications to desktops. This distribution process includes copying the original program files to the appropriate server locations, where they can be used to service users in the container, Group or User objects associated with the Application object.
Distribution Prioritization. You can now prioritize the order in which distributions are sent by labeling them High, Medium, or Low. You can also configure different I/O rate settings for a distribution based on its priority.
Public Key Infrastructure (PKI) Certificates. You can now use PKI certificates for mutual authentication so that subscribers can confirm that received distributions are from a trusted source.
Enhancements to the File Distribution Type:
NetWare Trustee rights maintained. New Synchronize Directories option ensures that the files that have been removed from a distribution will be removed from the subscriber's file system the next time the distribution is sent and extracted. This option also ensures that files that have been added on the subscriber to the distributed directory structure will be removed the next time the distribution is sent and extracted.
New Verification option allows you to specify that when an already-sent version of a distribution is about to be resent, the distributor sends a request to the subscriber to re-extract the current version to ensure that the files are installed (rather than resending the same distribution).
The number of files that can be handled in a single distribution is no longer limited by the amount of a subscriber's available memory.
File ownership is maintained across all platforms.
Server Software Package Enhancements:
New option to start and stop Windows NT services.
New option to start and stop processes on Linux and Solaris systems.
Web-Based Management With Novell iManager.
One of the more exciting enhancements in ZENworks for Servers 3 has to do with server policies, which you now distribute through Tiered Electronic Distribution (TED). Prior to version 3, ZENworks for Servers servers had to read Novell eDirectory for policy information. As a result, you could enforce server policies only on servers running eDirectory.
With ZENworks for Servers 3, in contrast, you create, configure, schedule, and enable policies by creating policy package type distributions (using ConsoleOne or Novell iManager). TED distributes these policy packages to all subscribers, which extract and thereafter adhere to the policies defined in the policy package. TED can distribute policy package distributions, as with any type of distribution, to any server you have configured as a subscriber--whether or not the subscriber runs eDirectory.
ZENworks for Servers 3 enables you to create both configuration and behavioral management policies. Configuration policies specify configuration parameters for one or more servers. For example, you may create a configuration policy to enforce selected SET Parameters on all or selected servers.
Behavioral policies specify a set of rules to be followed under certain situations. For example, you can create a server-down policy that dictates the sequence of events that must occur before a server goes down. As part of this policy, you can indicate at what point you want users notified of a server going down and who should be notified when the policy is being enforced.
What Do You Want To Send Today?
ZENworks for Servers 3 has seven types of distributions (which are listed below). Each of these distributions is specific to the type of electronic data you will be sending or the platform to which you will be sending it.
File, which enables you to select files and directories from the distributor server's file system for distribution.
FTP, which enables you to select files from one or more FTP source for distribution.
HTTP, which enables you to select HTTP sources for distribution.
Red Hat Package Manager (RPM), which enables you to select data for distribution to Linux and Solaris servers.
Policy package, which enables you to select Policy Package objects (which you create in eDirectory) for distribution.
Software package, which enables you to select (and zip, if you choose) .CPK files for distribution.
Desktop application, which enables you to select application files for distribution. More specifically, the desktop application distribution type automatically copies application files to servers and creates and associates (as necessary) the required Novell eDirectory objects that enable ZENworks for Desktops to distribute applications to users' desktops.
* Originally published in Novell Connection Magazine
The origin of this information may be internal or external to Novell. While Novell makes all reasonable efforts to verify this information, Novell does not make explicit or implied claims to its validity.