Desktop Management Enlightenment

With ZENworks for Desktops' application distribution, you can install applications on your workstations automatically rather than manually. And you can assign applications both to users and to specific workstations. The applications are self-healing, so if a workstation fails to run one, ZENworks re-installs it automatically.

You can also take inventory of your desktop hardware and software resources and run inventory-related reports. The product's imaging feature, meanwhile, lets you capture an image of a workstation and deploy that profile to other workstations.

We run ZENworks for Desktops at the University of WisconsinMadison's Computer-Aided Engineering Center to help manage more than 300 Windows 2000 workstations scattered around various computer labs. ZENworks for Desktops handles the university's Windows policies, applications and workstation user accounts. We're running version 3.2 of the product and plan to upgrade to version 4 this summer--after months of tests. Novell also now sells a single suite--ZENworks 6--that rolls ZENworks for Desktops 4 and all other ZENworks products into one.

Meditation and Installation

So how do you deploy ZENworks for Desktops? First, map out a plan. That means deciding whether to use the product's inventory tool, and if so, which databases you'll deploy, and whether to use Novell's server-management product, ZENworks for Servers. You also must decide whether to support client machines that don't run NetWare Client32. If so, you'll need ZENworks for Desktops' middle-tier server component.If your workstations don't support the Preboot Execution Environment, you'll need a small Linux-based boot partition on each workstation so you can use ZENworks for Desktops' workstation imaging feature. PXE lets a workstation boot off the network before the OS initializes.

One big advantage of version 4 is that you can use it for managing Windows workstations even if you don't have NetWare. You will, however, need Novell's eDirectory, which comes with version 4, as well as DirXML to keep eDirectory in sync with your Active Directory installation. ZENworks for Desktops 4 comes with the same number of eDirectory licenses as its own licenses.

The inventory component is one of the product's more complex pieces because it offers several options for inventory storage. In large or distributed environments, you can capture inventory data on a local copy of the inventory database and then replicate it on a central database. A smaller site instead could configure ZENworks for Desktops' inventory tool for a single database server. You can store your inventory data on the Sybase database that comes with all versions of ZENworks for Desktops--on NetWare or Windows NT/2000 platforms--or on Oracle 8i server on NetWare, NT, Linux or Solaris servers. ZENworks for Desktops also supports SQL 2000.

The product's middle-tier component lets desktops without a NetWare client get access to eDirectory information, such as the application objects and ZENworks for Desktops policies. If you don't need NetWare Client32, remove it and use the ZENworks management agent.

The middle-tier server can run on NetWare 5.1, NetWare 6 and Windows 2000 with Microsoft Internet Information Server. Beware, however, that running the middle-tier server on NetWare might entail additional configuration because NetWare 5.1 and above require an Apache Web server. If you don't have Apache running, you'll need to install it. If you run both Apache and Netscape's Web server, Netscape by default will use Port 80 and you can put Apache on any other port.This dual-Web server mode can cause end users trouble if they're installing their own workstation-management agents: The management agent uses Port 80 as a default. Check which port Apache is using by looking at the SYS:Apacheconfadminserv.conf file. You'll see Port 80, Port 51080 or the port you specified when installing NetWare. Port 51080 is the default value when both Netscape and Apache are installed. If you're not using the Netscape server, move the Apache server configuration to Port 80 for the middle-tier server. That will simplify installing the client component because Port 80 is its default, too. If you leave the Apache server running on Port 51080, meanwhile, specify that same port for the management agent.

With or without the much-reviled NetWare client on your workstations, you still will need ZENworks' management agent for the client machines. You can place it on a Web page so users can install it themselves, or if you have ActiveDirectory, you can "push" it out to desktops from the directory.

The management agent lets a workstation authenticate to the middle-tier server to get all ZENworks for Desktops' features. If you use the NetWare client on your workstations, make sure you install the NetWare client first, then the ZENworks for Desktops management agent. We still have NetWare-based applications at the university, so we don't plan to remove NetWare Client32 from our workstations.One of the biggest benefits of ZENworks for Desktops is that it simplifies the typically labor-intensive job of installing applications. Students use more than 400 diverse applications in our labs, so automating the installation process was essential. Students can run any of the applications on any of our workstations (with a few exceptions), so they can log on from any ZENworks-based workstation on campus to get the applications.

The application or its software license agreement typically dictates how ZENworks for Desktops can help you deploy it. Here are some considerations:

• Will the application be installed on each workstation, or will it be installed at a central location?• Should ZENworks do the install or just launch the vendor's setup program?

• Will the application be used on workstations that don't have the NetWare client installed?

Deciding where to install the application depends on how you want to set up the environment. If all your workstations will be connected to the network, installing the application to a central server is more efficient. A user would have to wait for only a few files to get copied to his workstation in this scenario. ZENworks for Desktops often installs an application faster than the vendor's setup program.

Always use a "clean" workstation with just the base OS for the ZENworks for Desktops snapshot process. If you're running the NetWare client it can be on the workstation, too. The snapshot process captures the application installation, and you can store installation information as a text file, which is then transformed into an application object in eDirectory. That way, you can use the same process on other workstations. Be sure to remove any extra registry settings the snapshot process may have picked up, such as detected registry changes under the HKEY_CURRENT_USERSoftwareMicrosoftWindows CurrentVersionExplorer key, which stores things like the Explorer window sizes.

Everything ZENWith ZENworks, the client workstation runs the Novell Application Launcher (NAL) program or NAL Explorer. NAL searches the eDirectory tree for applications the user is authorized to use, and NAL Explorer places application icons on a user's Windows Explorer start menu.

Depending on your eDirectory tree design and where you put your application objects, your ZENworks for Desktops clients might be talking to more servers than necessary when searching for application icons, including eDirectory servers over the WAN. That extra chatter means slower performance.

The process works like this. NAL finds the user policies in eDirectory. So if the user object is Drews.Staff.ENGR, NAL reads its policy. Then it goes up the organizational tree and checks the Staff.ENGR organizational-unit object and, finally, the ENGR organization object.

All this tree-climbing is inefficient, so make sure NAL reads the data only off the Staff.ENGR organizational unit object. Configure the organizational unit objects' setting on ZENworks for Desktops' Application Launcher tab to "top of configuration tree." That way, the application launcher won't search the tree at higher levels for configuration information, which improves its performance.

You can further optimize performance by selecting the "set application inheritance level" setting. This determines how far up the directory tree to search for application associations. The downside is that the NAL client can miss some application privileges if it is set too low.ZENworks for Desktops' diagnostic tool, meanwhile, helps you see details such as where each application object originated--a user association or a workstation association, for instance--and the last time it was run. This can help you determine why some applications aren't showing up in a user's NAL, for example. It also lets you view the application launcher configuration and turn on some debugging information. To bring up this slick tool, go to the properties page by right-clicking on the NAL Icon on the system tray, or on About->Help from the application window. Then hold down the F2 key and press the More button.

The bottom line with ZENworks for Desktops is that it off-loads much of the work in the painstaking process of managing workstations. Here at the University of Wisconsin-Madison, being able to distribute 400 applications to any workstation has made the product a worthwhile investment. We've been able to deploy more applications, faster.

James E. Drews is a network administrator for the CAE Center of the University of Wisconsin-Madison. Send your comments on this article to him at [email protected].

Post a comment or question on this story.

Setting Up ZEnWorks for DEsktops V.4

1. Get eDirectory running. If you run NetWare 5.x or 6.x, eDirectory is already there. If you're a pure Windows operation, install eDirectory on your Windows 2000 server. You'll need Novell's DirXML to synchronize your Active Directory information with eDirectory.2. Decide which ZENworks components to use and whether they should reside on one or more servers.

3. Install the ZENworks components. This can be done simultaneously on multiple servers.

4. Install the middle-tier server. If you want to run it on NetWare 5.1, install an Apache Web server on that box, too. Then run the ZENworks installer to get the middle-tier server loaded.

5. Add a DNS entry for "zenwsimport" to point to the import server. Workstations can't be managed unless they're imported into eDirectory. ZENworks' autoworkstation import feature automates this with a DNS entry or a local host-file entry for zenwsimport. The ZENworks client then contacts the appropriate server to register its workstation with eDirectory.

6. Install the management agent on clients. The ZENworks management agent can be distributed via the ActiveDirectory domain or by placing it on a Web page for users to install.7. Set up the ZENworks policies in the eDirectory tree. Configure the application launcher, user policies and workstation policies. Create application objects in eDirectory using Novell's Snapshot.

8. Match applications with user objects, organizational contexts and groups. After you create the application objects, match users with their application objects or the applications they are authorized to run. You can do this from the user object or from the application object. Online documentation (including upgrade guides)

Additional tools and utilities

ZENworks for Desktops 4 support site

ZENworks for Desktops 4 home page:ZENworks for Desktops 4 white papers (including reviewers' guide)