Related Tips & Info

Deploying and Using Remote Management Join Proxy Services in Dual Stack Environments With ZENworks

dsumit
0 Likes

Authors:

Sumit Deo ( Sumit.deo@microfocus.com)
Neeraja Chilkuri ( Neeraja.chilkuri@microfocus.com)



Abstract:

 

The main objective of this article is to give a step by step procedure for using remote management in a dual stack network environment using Join Proxy services provided by ZENworks. With the introduction of IPv6 support in the ZENworks 2017 Update 1 release, various functionalities including remote management can be used in dual stack. This article gives a quick overview of how a structured approach can be taken to configure and use it.



Table of Contents




    1. Overview

 

    1. Prerequisite

 

    1. Typical Setup overview

 

    1. Deployment of ZENworks environment
      4.1 Deploying ZENworks first primary server and database in corporate network
      4.2 Deploying ZENworks second primary server in Demilitarized zone
      4.3 Deploying ZENworks satellite server in Demilitarized zone




    1. ZENworks Configurations for Locations and Join Proxy
      5.1 Creating Location and network environment
      5.2 Configuring closest server role and Join Proxy sever settings




    1. Remote Management Use Cases

 

    1. Glossary of Terms




 

1. Overview

 



ZENworks Configuration Management (ZCM) provides administrators with the capability to remotely manage all end points from the management console. It also provides added capabilities like running executables remotely, remote transfer of files, wake up powered off machines, etc. With the introduction of IPv6 support, we can deploy a combination of IPv4 and IPv6 enabled devices and use them in conjunction with Join Proxy services in a protected private environment or demilitarized zone. The intent of this article is to talk about how it can be enabled in different use cases and used. There is also an emphasis on how various issues can be debugged in dual stack environment.

 

2. Prerequisites

 



The following prerequisites are needed to be taken care for making use of Remote management Join Proxy services in Dual stack environment:




    • ZENworks primary server and Database in Corporate network.

 

    • ZENworks primary server in Demilitarized zone.

 

    • ZENworks satellite server in Demilitarized zone.




 

3. Typical Setup Overview

 



A typical Join Proxy environment with three different subnets depicting real environments will have the following:




    • Corporate network with ZENworks first primary server and database

 

    • DMZ will have the second ZENworks primary server and ZENworks satellite server

 

    • ISP provide private network will have both IPv4 and IPv6 managed device






Figure: Join Proxy deployment diagram



 

4. Deployment of ZENworks environment

 



The following are the three steps involved in the deployment of ZENworks server to make use of Remote management Join Proxy services in dual stack network environment:




    • Deploying primary server and database in corporate network.

 

    • Deploying secondary primary server in Demilitarized zone.

 

    • Deploying ZENworks satellite server in Demilitarized zone.




4.1 Deploying ZENworks first primary server and database in corporate network

 

To Deploy Primary server and Database in Corporate network




    1. Install ZENworks server on supported platform shown as “ZCM PS1” server in diagram

 

    1. Install supported Database on supported platform shown as “ZCM DB” in diagram

 

    1. Connect ZCM DB to Corporate network

 

    1. Connect ZCM PS1 to Corporate network

 

    1. Install ZENworks 2017 on ZCM PS1 server




4.2 Deploying second primary server in Demilitarized zone



To deploy secondary Primary server in Demilitarized zone




    1. Install ZENworks server on supported platform shown as “ZCM PS2” server in diagram

 

    1. Connect NIC1 of “ZCM PS2” to corporate network.

 

    1. Connect NIC2 of “ZCM PS2” to Public network (Internet).

 

    1. Install ZENworks 2017 on “ZCM PS2” and add it to existing ZENworks zone configured on “ZCM PS1”.




4.3 Deploying ZENworks satellite server in Demilitarized zone

 

To deploy ZENworks satellite server in Demilitarized zone




    1. Install supported OS for ZENworks agent on “ZCM SAT1” server.

 

    1. Connect NIC1 of “ZCM SAT1” to corporate network.

 

    1. Connect NIC2 of “ZCM SAT1” to Public network (Internet).

 

    1. Install ZENworks 2017 agent on “ZCM SAT1” server and promote it as Join Proxy satellite server :

        • Login To ZCC by entering “https://10.0.0.102” from a web browser on the management console present at corporate network

        • Go to Devices -> select a device which you want to promote as Join Proxy satellite server. In this case we will promote ZCM-SAT1 agent as satellite server -> select “ZCM-SAT1” and click on Action -> Configure satellite server

        • Browse and select “ZCM-PS2” under Parent primary server

        • Select JoinProxy under satellite server Roles as shown in picture below.

          Figure: Choosing Joinproxy role for ZCM-PS2 sever




      • Click on configure - > Click ok to accept the Join Proxy role settings as shown below in picture. After that Click OK to complete the configuration of satellite server.



        Figure: Join Proxy settings with default values set




 

5. ZENworks Configurations for Locations and Join Proxy

 

 

ZENworks agents determine its Configuration location based on its network environment and gets the Join Proxy server details from the closest server rule configured for the Location. Below are the following stages of configuration.



 

5.1 Creating Location and network environments

 





Figure: Creating a new Location

 

Follow the steps below to create Location and network environment:




    • Login to ZCC

 

    • Go to Configurations page and click on Locations and choose New option as shown above

 

    • Enter Location name , for example “Home network” and click next

 

    • Click next on Step 2: Location HTTP Proxy Details page

 

    • “Create and assign Network Environment to the Location” radio button is selected by default ; Assign Network Environments page , click next

 

    • Enter Network Environment Name , for example : “Home network environment” on Step 4: Define Details page

 

    • Click next on Step 5: Network Environment HTTP Proxy Details page

 

    • Provide network services details based on which network environment will be determined on Step 6: Network Environment Details page

 

    • Click on Client DNS Setting and click on Add option. On add client DNS setting page choose operator “<>” and enter DNS suffix of your corporate network , for example “corp.rm-test.com”

 

    • Click OK

 

    • Click on Next and Finish




5.2 Configuring Closest Server role and Join Proxy server settings



Please follow the steps below:


    • Go to Configuration page and click on Locations tab

 

    • Click on the Location “Home network” as shown below.



      Figure: Locations page view from ZCC

 

    • Click on Servers tab



      Figure: Choosing Join Proxy server



 

    • Click on Add option under Join Proxy servers



      Figure: Adding Join Proxy server details

 

    • Browse for the Primary server / satellite server which is present under DMZ and add it. Click OK and Apply.



      Figure: Choosing Join Proxy server




6. Remote Management Use cases



6.1 Performing remote control from a management console present at corporate network to an agent device present in home network / Public network over IPv4



When agent device is connected to home network / public network, based on the location configuration it will get details of Join Proxy servers via closest server role and will try to connect to the Join Proxy server which is exposed to public network. After it has established connection with Join Proxy server, Join Proxy server details for this agent will be updated in database and the same will be shown at ZCC page while remote controlling this agent. Configuration Locations and Join Proxy details can be seen under ZENworks agent properties by opening ZENworks technician application. Below is the screenshot from an agent device connected to Home network showing list of Join Proxy server at the ZENworks technician app under servers tab and Join Proxy details under agent properties.





Figure: Join Proxy server details shown on server tab





Figure: Join Proxy server details shown under agent properties



To perform remote control operation:



    • Login to ZCC from a management console present at corporate network -> Go to Devices - > Workstation -> select a device which you want to remote control -> Click on Action - > Click on Remote Control

 

    • Click on Remote control opens a remote management popup as shown below:



      Figure: Remote management connection window





      Figure: Remote management connection window with IP address chosen



    • From Device drop down select the device IP address and from Join Proxy drop down select the IP address of Join Proxy server which is reachable from corporate network.

 

    • Click OK

 

    • ZENworks remote management connection starts and a popup is shown to accept the certificate.



    • Click ok to “accept the certificate temporarily for this session” and proceed with remote control



      Figure: Remotely connected machine view


      Note: The other remote management operations like Remote View, Remote execute, Remote diagnostics and File transfer can be performed.



6.2 Performing remote control from a management console present at corporate network to an agent device Connected to internet over IPv6.

 

The picture below shows the screenshot of a ZENworks agent connected to Join Proxy server over IPv6 network.



Figure: Join Proxy server details shown under agent properties

 

To remote control a ZENworks agent over IPv6:




    • Login to ZCC from a management console present at corporate network and then go to Devices - > Workstation . Select a device which you want to remote control say for example we will select Client2 which is connected to internet over IPv6.

 

    • Click on Action and then Click on Remote Control

 

    • Click on Remote control opens a remote management popup window as shown below:



      Figure: Remote management connection window





      Figure: Remote management connection window with IP address chosen








    • From the Device drop down, select the device IP address and from the Join Proxy drop down, select the IP address of Join Proxy server which is reachable from corporate network.

 

    • Click OK

 

    • ZENworks remote management connection starts and a popup is shown to accept the SSL certificate.

 

    • Click OK to accept the certificate and proceed with remote control

 

    • The picture below shows the remote control window after the certificate is accepted and rights based authentication is done.

      connection window with IP address chosen.



      Figure: Remotely connected machine view







7. Glossary of Terms



    • ZCC- ZENworks Control Center

 

    • IP- Internet Protocol

 

    • DNS- Domain Name System

 

    • SSL- Secure Socket Layer

 

    • DMZ- Demilitarized zone




 

Labels:

How To-Best Practice
Support Tip
Comment List
Anonymous
Related Discussions
Recommended

Resources

Support
Documentation
Training
CyberRes Academy
Partner Portal
Contact us
Compliance
Help
Company
Privacy Policy
Terms of Use
Accessibility
Anti-Slavery Statement
Support
How To Buy
Careers
Investor Relations
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.